hardcoresushi/libgocryptfs
1
0
Fork 0
Code Issues Pull Requests Releases Activity
1,139 Commits 2 Branches 0 Tags 6 MiB
9a15dfa494
Commit Graph

1139 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jakob Unterwurzacher
1a3d04ab87 Switch from private copy to pkg/xattr 
Now that https://github.com/pkg/xattr/pull/24
has been merged there is no reason to keep
our private copy.

Switch to the upstream version.
 2018-03-28 19:19:58 +02:00
Jakob Unterwurzacher
c3e12b5e68 dep: add xattr dependency 
Also, clear out Gopkg.toml. Everything is unconstrained
anyway, so make it an empty file. Seems to work fine.
 2018-03-26 21:56:43 +02:00
Jakob Unterwurzacher
b1f362d28a tests: replace xattr.Supported 
This function has been deprecated by the pkg/xattr
upstream, so write our own.
 2018-03-26 21:54:17 +02:00
Jakob Unterwurzacher
db778aae7d fusefrontend: handle empty xattrs efficiently 
We handle empty files by storing an actual empty file
on disk. Handle xattrs similarily and encrypt the
empty value to the empty value.
 2018-03-25 21:06:10 +02:00
Jakob Unterwurzacher
1ed3d51df1 fusefrontend: add xattr support 
At the moment, only for reverse mode.

https://github.com/rfjakob/gocryptfs/issues/217
 2018-03-25 21:06:10 +02:00
Jakob Unterwurzacher
f20974c4da test_helpers: add SwitchTestParentDir 
SwitchTestParentDir changes testParentDir. This is used when you want
to perform tests on a special filesystem. For example, the xattr tests
cannot run on tmpfs and use /var/tmp instead of /tmp.
 2018-03-24 21:40:11 +01:00
Jakob Unterwurzacher
3d54fc3a3a fusefrontend: create helpers for symlink encryption 
These will be reused by the upcoming xattr support.
 2018-03-24 21:40:11 +01:00
Jakob Unterwurzacher
9bc039a4ba Add -masterkey=stdin functionality 
https://github.com/rfjakob/gocryptfs/issues/218
 2018-03-22 00:02:10 +01:00
Jakob Unterwurzacher
9c86daf499 Update deps 
We need the bugfix in go-fuse
 2018-03-18 23:28:01 +01:00
Jakob Unterwurzacher
cdd91eaf72 Update Changelog for v1.4.4 2018-03-18 23:23:09 +01:00
Jakob Unterwurzacher
4b75b578a2 tests: extractloop.sh: better cleanup logic, handle missing /proc 
macos does not have /proc, so don't try to read it.
 2018-03-13 22:41:26 +01:00
Jakob Unterwurzacher
e46f6b940f tests: extractloop.sh: don't abort if md5sum is missing 
MacOS does not have it installed by default.
 2018-03-13 22:16:15 +01:00
Jakob Unterwurzacher
8373410678 macos: extractloop.sh: exclude symlink & mute ln error message 
Extracting the symlink fails with

	linux-3.0/arch/microblaze/boot/dts/system.dts: Can't set permissions to 0755

so just exclude it.

The ln error Looks scary but is harmless, so get rid of it.
The symlink is only created to make it more convenient to view the
csv log.
 2018-03-07 21:36:52 +01:00
Jakob Unterwurzacher
51de6cd940 macos: tests: make extractloop.bash work on macos 
macos' bash and ln lack a few features we used.
 2018-03-07 20:37:10 +01:00
Jakob Unterwurzacher
02693912e5 tests: convert remaining wget calls to dl-linux-tarball.bash helper 
Makes the scripts work when wget is not available (macos)
 2018-03-07 09:45:20 +01:00
Jakob Unterwurzacher
d09a51b80a macos: tests: use curl of wget is not available 2018-03-07 09:40:48 +01:00
Jakob Unterwurzacher
c458d99aa9 tests: exit with error if we have leftover filesystems 2018-03-06 21:45:49 +01:00
Jakob Unterwurzacher
50bf282d2a tests: macos: try to unmount before rm -Rf 
macos does not have "rm --one-file-system", so try to unmount
all remaining test filesystems to protect the backing
stores.

https://github.com/rfjakob/gocryptfs/issues/213
 2018-03-06 21:35:10 +01:00
Jakob Unterwurzacher
98f735ff6e tests: drop "-z" from fusermount to catch forgotten fds 
macos does not have lazy unmount, so let's not use it
on linux either.
If the unmount fails, run "lsof" to find the open file.

Also fix the first bug we found this way.
 2018-03-06 21:28:09 +01:00
Jakob Unterwurzacher
4732e33a9a macos: tests: fix deleting of scratch dir 
macos rm does not understand --one-file-system,
and it cannot handle unreadable directories.
 2018-03-05 23:40:08 +01:00
Jakob Unterwurzacher
18d4159d18 macos: fix fd leak in reverse tests 
Causes "Resource busy" unmount failures on macos
 2018-03-05 23:21:08 +01:00
Jakob Unterwurzacher
1789a5ea5b tests: matrix_test: skip cases when without_openssl is set 
Fixes test-without-openssl.bash.
 2018-03-05 23:11:27 +01:00
Jakob Unterwurzacher
35192abb57 test_helpers: add missing newline 2018-03-05 23:06:27 +01:00
Jakob Unterwurzacher
86e60f1be2 test.bash: Don't build with openssl if we were passed "-tags without_openssl" 
test-without-openssl.bash now fails, as it should:

	gocryptfs has been compiled without openssl support but you are still trying to use openssl
	mount failed: exit status 18
	FAIL	github.com/rfjakob/gocryptfs/tests/matrix	1.943s
 2018-03-05 23:01:29 +01:00
Jakob Unterwurzacher
870779ab1d macos: doTestUtimesNano: skip UTIME_OMIT and nanoseconds testcases 
Not supported on macos.

Beef up the first test case a little by using different second
values.
 2018-03-05 22:52:05 +01:00
Jakob Unterwurzacher
426b9536df tests: TestUtimesNano: replace ugly compareUtimes wrapper 2018-03-05 22:22:35 +01:00
Jakob Unterwurzacher
3064d72b97 tests: fix a few fd leaks 
We relied on the finalizer to close a few fds.
For some reason, this did not cause problems on Linux,
but on MacOS, it causes unmount failures:

umount(/private/tmp/gocryptfs-test-parent/194654785/default-plain): Resource busy -- try 'diskutil unmount'
 2018-03-05 22:00:59 +01:00
Jakob Unterwurzacher
6c172dcb02 test-without-openssl: accept extra args 
Accept extra args, like test.bash does.
 2018-03-05 21:46:33 +01:00
Jakob Unterwurzacher
aa65091bb9 macos: skip TestUtimesNanoSymlink early 
Gets rid of the touch error message upon running the tests.
 2018-03-05 21:36:16 +01:00
Jakob Unterwurzacher
b820fa691d macos: adjust TestTooLongSymlink length for darwin 
Limit is much lower than on linux
 2018-03-05 21:23:57 +01:00
Jakob Unterwurzacher
7db5395c53 macos: fix second TestEmulateSymlinkat test failure 2018-03-05 21:20:07 +01:00
Jakob Unterwurzacher
3860a82c21 test.bash: skip flock if not available 
MacOS does not have it installed by default.
 2018-03-05 21:11:46 +01:00
Jakob Unterwurzacher
29496baa70 MacOS: skip TestUtimesNanoSymlink and TestUtimesNanoFd 
These cannot work on MacOS.
 2018-02-28 20:48:33 +01:00
Jakob Unterwurzacher
c5243fc79e MacOS: don't test symlinks longer than 1000 bytes 
The limit is much lower than on Linux.

https://github.com/rfjakob/gocryptfs/issues/213
 2018-02-28 20:40:08 +01:00
Jakob Unterwurzacher
90f2fea7fb MacOS: fix TestEmulateSymlinkat test failure 
On MacOS, symlinks don't have their own permissions,
so don't check for them.
 2018-02-28 20:19:31 +01:00
Jakob Unterwurzacher
48d5f10c79 test_helpers: use an intermediate pipe for subprocess stdout 
To Go test logic waits for stderr and stdout to close, so
when we share it with a subprocess, it will wait for it to
exit as well.

We don't want the tests to hang when the unmount fails.

Seen on MacOS as reported at
https://github.com/rfjakob/gocryptfs/issues/213
 2018-02-28 20:03:54 +01:00
Jakob Unterwurzacher
b96e3ee271 tlog: stop embedding log.Logger to prevent mistakes 
A few places have called tlog.Warn.Print, which directly
calls into log.Logger due to embedding, losing all features
of tlog.

Stop embedding log.Logger to make sure the internal functions
cannot be called accidentially and fix (several!) instances
that did.
 2018-02-28 09:02:18 +01:00
Jakob Unterwurzacher
ac8f8bf432 travis ci: switch to "1.10.x" notation 
"1.10" does not work as expected because it
is parsed as a floating point number:
https://github.com/travis-ci/travis-ci/issues/9247

Added benefit is that we always get the latest point
release.
 2018-02-27 18:01:24 +01:00
Jakob Unterwurzacher
7f6e4ba47a travis ci: run on Go 1.10 2018-02-27 09:59:09 +01:00
Jakob Unterwurzacher
db45f27671 ctlsock: don't Warn() on closed socket 
This Warn() is causing panics in the test suite
on MacOS: https://github.com/rfjakob/gocryptfs/issues/213
 2018-02-27 09:58:14 +01:00
Jakob Unterwurzacher
5fcfd30ddc test.bash: disable result caching 
Go 1.10 has introduced test result caching and
enabled it by default.

This does not work properly for our integration
tests because they test the compiled binary and
do not have a source level dependency on the
gocryptfs code.

Disable caching.
 2018-02-26 23:26:57 +01:00
bailey27
1ec5ccddd4 update description of link to cppcryptfs project 2018-02-22 15:50:36 +01:00
Jakob Unterwurzacher
5ad9bda206 cryptocore: make AEADTypeEnum values explicit 
We now print the number in a debug message, so define
the numeric values explicitely instead of using iota.

This way you don't have to understand how iota works
to find out what the number means. Lack of understanding
of how iota works is also the reason why the numbers
start at 3 (to keep the current behavoir).
 2018-02-18 16:20:38 +01:00
Jakob Unterwurzacher
6c6947126d cryptocore: zero derived keys 
Zero the HKDF-derived keys when we don't need them
anymore, and let the variable run of of scope.

https://github.com/rfjakob/gocryptfs/issues/211
 2018-02-18 16:07:09 +01:00
Jakob Unterwurzacher
344d7e0a6f siv_aead: create private key copy and implement wiping 
Having a private copy relieves the caller from worrying about
whether he can zero his copy. The copy can be cleared by
calling Wipe().
 2018-02-18 16:01:46 +01:00
Jakob Unterwurzacher
adf7d75d31 main: changePassword: zero masterkey 
Overwrite the masterkey with zeros once we
have encrypted it, and let it run out of scope.

Also get rid of the password duplicate in
readpassword.Twice.
 2018-02-18 15:36:14 +01:00
Jakob Unterwurzacher
2cf050d69e main: zero password once we are done with it 
Overwrite the password we have got from the user
with zeros once we don't need it anymore, and make
sure the variable runs out of scope.
 2018-02-18 15:22:22 +01:00
Jakob Unterwurzacher
3b8f5cbb17 readpassword: convert from string to []byte 
This will allows us to overwrite the password
with zeros once we are done with it.

https://github.com/rfjakob/gocryptfs/issues/211
 2018-02-18 14:26:54 +01:00
Jakob Unterwurzacher
14c063428d main: doMount: use a deferred function for wipeKeys 
Also drop the unused int return.
 2018-02-18 12:55:20 +01:00
Jakob Unterwurzacher
5b5c7a0a5d main: overwrite keys and let them run out of scope 
As soon as we don't need them anymore, overwrite
keys with zeros. Make sure they run out of scope
so we don't create a risk of inadvertedly using
all-zero keys for encryption.

https://github.com/rfjakob/gocryptfs/issues/211
 2018-02-18 12:42:22 +01:00