Commit Graph

1652 Commits

Author SHA1 Message Date
Jakob Unterwurzacher
0f4d350136 configfile: warn about missing feature flags
The plan is to drop support for the oldest filesystem versions
in gocryptfs v1.0. For now, we only warn the user.
2016-06-06 23:13:10 +02:00
Jakob Unterwurzacher
cc5d5a3fcd tests: error out properly on mount failure
In TestMain we call os.Exit as before, but inside actual tests
we now call t.Fatal().
2016-06-06 22:30:39 +02:00
Jakob Unterwurzacher
0c80cca674 toggledlog: convert remaing naked fmt.Print*
Several fatal errors were just printed to stdout, which
meant they were invisible when running the test suite.

Fix this by introducing toggledlog.Fatal and convert as
follows:

Fatal errors     -> toggledlog.Fatal
Warnings         -> toggledlog.Warn
Password prompts -> fmt.Fprintf
2016-06-05 14:32:07 +02:00
Jakob Unterwurzacher
ca54b665e3 main: print actual error from LoadConfFile()
It may not have been a "Wrong password" after all.

Also, push down disabling the warning so LoadConfFile() can
warn about things that matter.
2016-06-05 13:44:22 +02:00
Jakob Unterwurzacher
f2d208c464 configfile: use map[flagIota] for feature flags
This should make things saner and more extensible. It prepares
the infrastructure for "required feature flags" that will be used
to deprecate old gocryptfs version.
2016-06-05 12:54:45 +02:00
Jakob Unterwurzacher
b97268c948 configfile: bake the "Creator" gocryptfs version into the file
This field is added for the convenience of users and
may help them to identify which gocryptfs version
they need to mount a filesystem.

The same information is essentially contained in FeatureFlags,
but this is more difficult to decode for humans.

It is completely ignored programmatically (also by older gocryptfs
versions).
2016-06-05 11:40:13 +02:00
Jakob Unterwurzacher
a602e798b1 fusefrontend: report an error if all files in a directory were invalid
Just presenting an empty directory means that the user does not know
that things went wrong unless he checks the syslog or tries to delete
the directory.

It would be nice to report the error even if only some files were
invalid. However, go-fuse does not allow returning the valid
directory entries AND an error.
2016-06-04 16:39:27 +02:00
Jakob Unterwurzacher
4ee612b36e tests: recreate v0.7 example filesystem with -scryptn=10
Speeds TestExampleFSv07 from 0.46 seconds to 0.07 seconds.
2016-06-04 15:24:42 +02:00
Jakob Unterwurzacher
281bb8daf0 main: don't tell the user to choose a password when -extpass is used
Instead, print this:

  Using password provided via -extpass.
2016-06-04 15:24:42 +02:00
Jakob Unterwurzacher
72f8915843 tests: add v0.9 example filesystem with a 255-byte filename
gocryptfs v0.9 introduced long file names, so lets add an
example filesystem that has that feature flag set.

Operations on long file names are tested in the regular integration
tests as well.
2016-06-04 15:23:43 +02:00
Jakob Unterwurzacher
2e2ee0a038 main: print relative path in the init success message
... but only if the relative path does not start with "..".

Makes the message easier to grasp. Example:

  $ gocryptfs -init -scryptn=10 v0.9
  [...]
  The filesystem has been created successfully.

Before:
  You can now mount it using: gocryptfs /home/jakob/src/github.com/rfjakob/gocryptfs/integration_tests/example_filesystems/v0.9 MOUNTPOINT

After:
  You can now mount it using: gocryptfs v0.9 MOUNTPOINT
2016-06-04 15:04:57 +02:00
Jakob Unterwurzacher
80b027f830 nametransform, main: better error messages 2016-06-01 20:07:43 +02:00
Jakob Unterwurzacher
4c5365d161 README: list today as v0.10 release date
Also improve the order of the bullet points.
2016-05-30 21:04:33 +02:00
Jakob Unterwurzacher
a4e1d94ee5 README: remove v0.10 release date (not yet released)
The release has been delayed due to the fsstress issues that
were hopefully fixed in the last commit.
2016-05-30 09:40:16 +02:00
Jakob Unterwurzacher
5dd9576a11 fusefrontend: replace unreliable "fd < 0" check
... with the "released" boolean.

For some reason, the "f.fd.Fd() < 0" check did not work reliably,
leading to nil pointer panics on the following wlock.lock().

The problem was discovered during fsstress testing and is unlikely
to happen in normal operations.

With this change, we passed 1700+ fsstress iterations.
2016-05-30 09:36:06 +02:00
Jakob Unterwurzacher
5e9953ec27 toggledlog: wpanic: use Logger.Panic instead of naked panic
This makes sure the panic message also ends up in syslog
(if enabled).
2016-05-30 09:26:59 +02:00
Jakob Unterwurzacher
1648c54adb fusefrontend: use sync.Once for one-time warnings
Using a simple boolean was racy (which was harmless
in this case) and non-idomatic.
2016-05-29 22:50:03 +02:00
Jakob Unterwurzacher
fd53dfd2ad fusefronted: check Fstat return value on file create
The Fstat call should never fail, but still, if it does return an error
it should be handled properly.
2016-05-29 22:43:48 +02:00
Jakob Unterwurzacher
77813bdc13 fusefrontend: simplify wlockMap
mapMutex can be anonymous and using an RWMutex is overkill
because the lock protects very short sections.
2016-05-29 22:40:05 +02:00
Jakob Unterwurzacher
9aeb639a15 fsstress-loopback: properly stop on Ctrl-C
Send fsstress (which ignores Ctrl-C) into the background
so the shell gets the signal. Manually kill fsstress in the
cleanup handler.

Also, use the build.bash script for gocryptfs.
2016-05-29 13:57:22 +02:00
Jakob Unterwurzacher
4c0cb37c50 fusefrontend: remove unused "forgotten" variable
The functionality has long been replaced by the fd < 0
check.
2016-05-29 13:46:47 +02:00
Jakob Unterwurzacher
b5ae3dcc4e Update README for v0.10
Also add dates for all releases.
2016-05-25 00:28:22 +02:00
Jakob Unterwurzacher
30f0ae3720 fsstress-loopback: use random directory names
This allows to run more than one instance of
the script in parallel.

Also, properly clean up on exit.
2016-05-25 00:18:51 +02:00
Jakob Unterwurzacher
432c94da01 extractloop: use $SECONDS special variable
Gets rid of the call to "date" and simplifies the code.
2016-05-24 21:22:02 +02:00
Jakob Unterwurzacher
b467e7509e stress_tests: add header comments
Also, convert extractloop.bash to using md5sum instead of diff -ur
so the user does not have to keep an extracted kernel tree around.
And print the iteration time.
2016-05-24 21:09:26 +02:00
Jakob Unterwurzacher
888e147cd8 stupidgcm: add benchmark.bash wrapper
Add a simple bash wrapper to make it easier to run the GCM
benchmarks.
2016-05-22 15:49:09 +02:00
Jakob Unterwurzacher
e7f78135b3 Add "-allow_other" command-line option
As requested in https://github.com/rfjakob/gocryptfs/issues/26 ,
this adds the option to allow other users to access the filesystem.
2016-05-18 19:30:05 +02:00
Jakob Unterwurzacher
5d1d564512 Update README vor v0.10-rc3 2016-05-13 22:18:17 +02:00
David Gnedt
a93bcabe9c Encrypt path in statfs() calls
Paths in statfs() calls were not encrypted resulting in
an Function not implemented error, when the unencrypted
path didn't exist in the underlying (encrypted)
filesystem.

$ df plain/existingdir
df: ‘plain/existingdir’: Function not implemented
2016-05-12 23:24:39 +02:00
Jakob Unterwurzacher
4ad9d4e444 prefer_openssl: add amd64 constraint
Optimized assembly versions for Go GCM are only available
on amd64.
2016-05-12 09:50:36 +02:00
Jakob Unterwurzacher
49b597f07c prefer_openssl: autodetect whether to use OpenSSL or Go GCM
Go GCM is faster than OpenSSL if the CPU has AES instructions
and you are running Go 1.6+.

The "-openssl" option now defaults to "auto".

"gocryptfs -debug -version" displays the result of the autodetection.

See https://github.com/rfjakob/gocryptfs/issues/23 for details and
benchmarks.
2016-05-12 00:42:42 +02:00
Jakob Unterwurzacher
384342fa5b README: Note fallocate changes for v0.10 (issue #22) 2016-05-11 10:18:43 +02:00
Jakob Unterwurzacher
ba7c798418 fusefrontend: fix panic due to concurrently unregistered wlock
Commit 730291feab properly freed wlock when the file descriptor is
closed. However, concurrently running Write and Truncates may
still want to lock it. Check if the fd has been closed first.
2016-05-08 23:21:20 +02:00
Jakob Unterwurzacher
4b6cf43521 stress_tests: improve output 2016-05-08 22:23:59 +02:00
Jakob Unterwurzacher
d56f1ee179 stress_tests: extractloop: run two loops in parallel
This increases the load but also the disk space requirements
(to about 2GB).
2016-05-05 14:17:05 +02:00
Jakob Unterwurzacher
730291feab fusefrontend: fix wlock memory leak
The write lock was not freed on release, causing a slow memory leak.

This was noticed by running extractloop.bash for 10 hours.
2016-05-05 13:38:39 +02:00
Jakob Unterwurzacher
e97962bd3f stress_tests: add stress test scripts
These were hosted at https://github.com/rfjakob/fsstress . To
make them easier to use for gocryptfs users and developers, add
them to the main repo.
2016-05-05 12:58:44 +02:00
Jakob Unterwurzacher
cf29ce3762 stupidgcm: set dummy locking callback.
In general, OpenSSL is only threadsafe if you provide a locking function
through CRYPTO_set_locking_callback. However, the GCM operations that
stupidgcm uses never call that function.

To guard against that ever changing, set a dummy locking callback
that crashes the app.
2016-05-05 00:09:08 +02:00
Jakob Unterwurzacher
906172938a stupidgcm: skip tests on Go 1.4 and older
Quoting from the patch:

	We compare against Go's built-in GCM implementation. Since stupidgcm only
	supports 128-bit IVs and Go only supports that from 1.5 onward, we cannot
	run these tests on older Go versions.
2016-05-05 00:09:08 +02:00
Jakob Unterwurzacher
b4d45554f2 Revert "stupidgcm: print openssl error stack before panicing"
This did not help in debugging the openssl <= 1.0.1c issue at all
and makes the code more complex. Keep it simple.
2016-05-05 00:09:08 +02:00
Jakob Unterwurzacher
66156181ee cryptocore: support Go 1.4 in tests 2016-05-05 00:09:08 +02:00
Jakob Unterwurzacher
508a949d9d stupidgcm: reorder calls to support openssl <= 1.0.1c
This fixes the test failures on Travis CI.

Quoting from 07a4ff79d2

	/* Set expected tag value. A restriction in OpenSSL 1.0.1c and earlier
	 * required the tag before any AAD or ciphertext */
2016-05-05 00:08:25 +02:00
Jakob Unterwurzacher
d0945b73d2 stupidgcm: print openssl error stack before panicing 2016-05-04 20:50:13 +02:00
Jakob Unterwurzacher
6c010c3080 stupidgcm: fix copy-paste error in panic message
Also, print the openssl version in Travis CI
2016-05-04 20:15:11 +02:00
Jakob Unterwurzacher
86eb37e41a Fix typos in README 2016-05-04 20:04:10 +02:00
Jakob Unterwurzacher
907bb58800 Update README for v0.10-rc1 2016-05-04 19:56:19 +02:00
Jakob Unterwurzacher
39f3a24484 stupidgcm: completely replace spacemonkeygo/openssl 2016-05-04 19:56:07 +02:00
Jakob Unterwurzacher
c92190bf07 stupidgcm: add our own thin wrapper around openssl gcm
...complete with tests and benchmark.

This will allow us to get rid of the dependency to spacemonkeygo/openssl
that causes problems on Arch Linux
( https://github.com/rfjakob/gocryptfs/issues/21 )
2016-05-04 19:56:07 +02:00
Jakob Unterwurzacher
1bb907b38e cryptocore: add API tests 2016-05-04 19:56:07 +02:00
Jakob Unterwurzacher
bb16f2d565 build.bash: replace "git -C"
"-C" is not supported on older git versions. Instead, just cd into
the directory.

See issue #20.
2016-04-28 08:41:39 +02:00