Commit Graph

1753 Commits

Author SHA1 Message Date
Jakob Unterwurzacher
bf66da6880 Update changelog 2020-05-17 19:40:30 +02:00
Jakob Unterwurzacher
416080203b main: accept multiple -passfile options
Each file will be read and then concatenated
for the effictive password. This can be used as a
kind of multi-factor authenticiton.

Fixes https://github.com/rfjakob/gocryptfs/issues/288
2020-05-17 19:31:04 +02:00
Jakob Unterwurzacher
ded4bbe645 go mod tidy
The go-fuse v1 dependency is spurious. Will be fixed by
https://github.com/hanwen/go-fuse/pull/360
2020-05-17 14:25:30 +02:00
Jakob Unterwurzacher
ec74d1d2f4 Update go-fuse import path to github.com/hanwen/go-fuse/v2
We need
fd7328faf9
to fix a crash reported in https://github.com/rfjakob/gocryptfs/issues/430 :

  2019/10/30 17:14:16 Unknown opcode 2016
  panic: runtime error: invalid memory address or nil pointer dereference
  [signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x508d38]

This patch is only in the v2.x.x branch. Upgrade to v2, as the
old API is also supported there.

Running

  git grep hanwen/go-fuse | grep -v hanwen/go-fuse/v2

to check for forgotten references comes back clean.
2020-05-17 14:23:47 +02:00
Jakob Unterwurzacher
ead7008a08 Fix spelling mistakes found by misspell
https://github.com/client9/misspell
2020-05-10 00:25:49 +02:00
Jakob Unterwurzacher
1d145be5a1 contrib: delete ctlsock-encrypt.bash
Closes https://github.com/rfjakob/gocryptfs/issues/416
2020-05-10 00:15:06 +02:00
Jakob Unterwurzacher
5af7d3c699 gocryptfs-xray: document -encrypt-paths / -decrypt-paths 2020-05-10 00:14:03 +02:00
Jakob Unterwurzacher
a9895b3487 gocryptfs-xray: add -0 flag, add tests
The -0 flags works like xargs -0.
2020-05-10 00:04:14 +02:00
Jakob Unterwurzacher
f2e8b776f8 main: add "go doc" package comment
Should show up on https://pkg.go.dev/github.com/rfjakob/gocryptfs?tab=doc
which currently reads "No documentation available for this package!"
2020-05-09 19:18:53 +02:00
Jakob Unterwurzacher
24554b11f7 gocryptfs-xray: integrate ctlsock path encryption/decryption
Implementation seems to work ok, but is missing tests and
documentation for now.
I will only delete ctlsock-encrypt.bash when both are
done.

https://github.com/rfjakob/gocryptfs/issues/416
2020-05-09 19:11:06 +02:00
Jakob Unterwurzacher
171b1eac91 test_helpers: use new ctlsock.CtlSock API 2020-05-09 19:09:33 +02:00
Jakob Unterwurzacher
7e51073400 ctlsock: add CtlSock API 2020-05-09 19:09:09 +02:00
Jakob Unterwurzacher
f0184804f4 test_helper: kill lsof after 1 second
lsof may get stuck when gocryptfs itself is stuck.
2020-05-09 19:03:16 +02:00
Jakob Unterwurzacher
16221facb9 ctlsock: create exported ctlsock client library
The former interal ctlsock server package is renamed
to ctlsocksrv.
2020-05-09 17:36:41 +02:00
Jakob Unterwurzacher
3ef563493a tests: add TestPasswdMasterkeyStdin
Tests that `gocryptfs -passwd -masterkey=stdin` works.
This was fixed by ff04b1d83a.

Fixes https://github.com/rfjakob/gocryptfs/issues/461
2020-05-09 16:53:25 +02:00
Jakob Unterwurzacher
ff04b1d83a main: untangle -masterkey handling and config loading
This was handled both in getMasterKey(). Split it apart.
2020-05-09 16:53:12 +02:00
Jakob Unterwurzacher
7622c9f538 main: rename parseMasterKey() -> unhexMasterKey()
Make it clear that function does NOT parse the "-masterkey"
command line argument, it just unhexes the payload.
2020-05-09 16:10:22 +02:00
Jakob Unterwurzacher
c19baa10f8 tests: use t.Name()
We did not use t.Name() as it was not available
before Go 1.8. Now the oldest Go version we support is
Go 1.11, so we can use it.
2020-05-09 15:42:57 +02:00
Jakob Unterwurzacher
5dbf376860 tests: cli: rename TestBypass -> TestBadname
The command line option is now called `-badname`,
so adjust the test name to match.
2020-05-09 15:29:21 +02:00
Jakob Unterwurzacher
a6f515008f Update README for v1.8.0 release 2020-05-09 14:20:21 +02:00
Jakob Unterwurzacher
d612ee5d91 Documentation: update performance.txt
Bisecting shows that the performance drop is caused by
this commit:

commit ca9e912a28 (refs/bisect/bad)
Author: Jakob Unterwurzacher <jakobunt@gmail.com>
Date:   Sat Feb 29 19:58:08 2020 +0100

    fusefrontend: drop xattr user namespace restriction
2020-05-03 21:20:30 +02:00
Jakob Unterwurzacher
b23f77c8ea go mod: update dependencies
Updated using

    go get -t -u ./...
2020-05-03 20:49:18 +02:00
Jakob Unterwurzacher
3e4545bbac build-without-openssl.bash: suppress "not a dynamic executable" message
We redirected the wrong ldd fd to /dev/null. Fix it.
2020-05-03 20:47:39 +02:00
Jakob Unterwurzacher
feaeee90e2 inomap: fix TestSpill bit check
Wrong bit operator was used.
2020-05-03 20:28:26 +02:00
Jakob Unterwurzacher
8c9c68fb72 inomap: fix spillBit not set on 2nd hit
Also add a test for this.

Thanks @slackner for the comment.
2020-05-03 20:21:11 +02:00
Jakob Unterwurzacher
91f5c242a8 inomap: remove leftover debug output
This was committed by accident.
2020-05-03 20:01:12 +02:00
Jakob Unterwurzacher
518771e4e2 fusefrontend_reverse: use inomap for inode number translation
Gets rid of static inode number value limitations.

Fixes https://github.com/rfjakob/gocryptfs/issues/457
2020-05-03 15:22:10 +02:00
Jakob Unterwurzacher
db93a6c54c tests: reverse: add inode mapping test (TestVirtualFileIno)
Verify that virtual files get assigned inode numbers
we expect.
2020-05-03 14:49:32 +02:00
Jakob Unterwurzacher
483054efaa inomap: comment constants 2020-04-19 22:09:21 +02:00
Jakob Unterwurzacher
9f9d59ded9 inomap: rework logic to efficiently support flags
Adding flags allows to use inomap in reverse mode,
replacing the clunky inoBaseDirIV/inoBaseNameFile
logic that causes problems with high underlying
inode numbers ( https://github.com/rfjakob/gocryptfs/issues/457 )

Microbenchmarks (values below) show that the "SingleDev"
case is now much slower due to an extra map lookup,
but this has no visible effects in ./test.bash results,
so there was no time spent optimizing the case further.

$ go test -bench=.
goos: linux
goarch: amd64
pkg: github.com/rfjakob/gocryptfs/internal/inomap
BenchmarkTranslateSingleDev-4   	18757510	        61.5 ns/op
BenchmarkTranslateManyDevs-4    	18061515	        64.5 ns/op
PASS
ok  	github.com/rfjakob/gocryptfs/internal/inomap	2.467s
2020-04-19 22:00:56 +02:00
Jakob Unterwurzacher
fcdeb52390 inomap: add benchmark
$ go test -bench=.
goos: linux
goarch: amd64
pkg: github.com/rfjakob/gocryptfs/internal/inomap
BenchmarkTranslateSingleDev-4   	202479382	         5.88 ns/op
BenchmarkTranslateManyDevs-4    	16095795	        71.9 ns/op
PASS
ok  	github.com/rfjakob/gocryptfs/internal/inomap	3.039s
2020-04-19 21:35:06 +02:00
Jakob Unterwurzacher
1c169ac55e build.bash: handle missing git tags
The case of a git repo without any tags used to fail
with:

  fatal: No names found, cannot describe anything.

Now we continue, using "[no_tags_found]" as the
version string.
2020-04-18 17:44:51 +02:00
Jakob Unterwurzacher
5da5e9fdf2 build.bash: don't enable -buildmode=pie for static builds
Causes warnings:

  $ ./build-without-openssl.bash
  # github.com/rfjakob/gocryptfs
  loadinternal: cannot find runtime/cgo
  # github.com/rfjakob/gocryptfs/gocryptfs-xray
  loadinternal: cannot find runtime/cgo
  # github.com/rfjakob/gocryptfs/contrib/statfs
  loadinternal: cannot find runtime/cgo
  gocryptfs v1.7.1-48-gf6b1c68 without_openssl; go-fuse v1.0.1-0.20190319092520-161a16484456; 2020-04-18 go1.13.6 linux/amd64

https://github.com/golang/go/issues/30986
2020-04-18 17:09:25 +02:00
Jakob Unterwurzacher
f6b1c680b3 nametransform: update comment & simplify tests
The comment still mentioned CBC, which has been removed
a long time ago.

The test definition can be rewritten using slice literals,
saving sume stuttering.
2020-04-18 16:14:48 +02:00
Jakob Unterwurzacher
8f5c2a613d Prefer Go stdlib aes-gcm on arm64 with aes instructions
We used to prefer openssl in this situation, which
used to make sense, but now Go gained an optimized
assembly implementation for aes-gcm on arm64 with
aes instructions:

  root@q1:~/go/src/github.com/rfjakob/gocryptfs# ./gocryptfs -speed
  gocryptfs v1.7.1-46-g73436d9; go-fuse v1.0.1-0.20190319092520-161a16484456; 2020-04-13 go1.14.2 linux/arm64
  AES-GCM-256-OpenSSL      212.30 MB/s    (selected in auto mode)
  AES-GCM-256-Go           452.30 MB/s
  AES-SIV-512-Go           100.25 MB/s
  XChaCha20-Poly1305-Go    137.35 MB/s

https://github.com/rfjakob/gocryptfs/issues/452
2020-04-13 22:34:07 +02:00
Jakob Unterwurzacher
73436d9419 travis: fix Go Modules build problems 2020-04-13 18:06:50 +02:00
Jakob Unterwurzacher
a7d562d114 build.bash: use GOFLAGS -trimpath and enable PIE
GOFLAGS exists since Go 1.11: https://golang.org/doc/go1.11

https://github.com/rfjakob/gocryptfs/pull/460
2020-04-13 16:03:51 +02:00
Jakob Unterwurzacher
e509b27a5c Convert build and packaging scripts to Go Modules 2020-04-13 14:54:04 +02:00
Jakob Unterwurzacher
cad711993d dep: migrate to Go Modules
Following https://blog.golang.org/migrating-to-go-modules
2020-04-13 14:54:04 +02:00
Jakob Unterwurzacher
9a7ceef09e shellcheck: make top-level bash scripts warning-free
And run shellcheck in test.bash.
2020-04-13 14:54:04 +02:00
Jakob Unterwurzacher
a2ad14b9ac build.bash: append branch name != master 2020-04-13 14:54:04 +02:00
Jakob Unterwurzacher
210db84e20 speed: show gocryptfs version
Output now looks like this

  $ gocryptfs -speed
  gocryptfs v1.7.1-38-gbe3b9df-dirty; go-fuse v2.0.2-57-gd1cfa17; 2020-04-13 go1.13.6 linux/amd64
  AES-GCM-256-OpenSSL 	 607.90 MB/s
  AES-GCM-256-Go      	 920.75 MB/s	(selected in auto mode)
  AES-SIV-512-Go      	 169.85 MB/s
  XChaCha20-Poly1305-Go	 794.30 MB/s

and has go version and arch information, which is important
when comparing results.
2020-04-13 14:54:04 +02:00
Jakob Unterwurzacher
488111ce39 inomap: split into separate package
inomap will also be used by fusefrontend_reverse
in the future. Split if off openfiletable to make
it independent.
2020-04-13 14:54:04 +02:00
Jakob Unterwurzacher
194030f18a speed: add XChaCha20-Poly1305-Go
https://github.com/rfjakob/gocryptfs/issues/452
2020-04-13 14:54:04 +02:00
Oscar
75f16771ff Update manpage examples 2020-04-07 22:04:40 +02:00
Jakob Unterwurzacher
2568518992 crossbuild.bash: set GOARM=7
From https://github.com/golang/go/wiki/GoArm :

  In cross compilation situations, it is recommended
  that you always set an appropriate GOARM value
  along with GOARCH.

The value seems to default to GOARM=5 if not set
during cross-compilation.
2020-02-29 21:52:59 +01:00
Jakob Unterwurzacher
f82b9caa9c speed: add code comments 2020-02-29 21:26:28 +01:00
Jakob Unterwurzacher
fdfaa849f8 tests: test xattr acls
Fixes https://github.com/rfjakob/gocryptfs/issues/453
2020-02-29 20:38:48 +01:00
Jakob Unterwurzacher
ca9e912a28 fusefrontend: drop xattr user namespace restriction
We used to restrict setting xattrs to the "user."
namespace. I don't see a real reason for this
anymore, and it causes trouble for users who are using
acls.

Tests will be added in the next commit.

https://github.com/rfjakob/gocryptfs/issues/453
2020-02-29 20:12:43 +01:00
orcas
9ec042f2f6 Show undecryptable filenames if they match supplied glob
Resolves https://github.com/rfjakob/gocryptfs/issues/393
2020-02-28 22:17:59 +01:00