Commit Graph

716 Commits

Author SHA1 Message Date
Jakob Unterwurzacher
e021b9d00c main: yellow text for masterkey and zerokey warnings
Also, mention that the shell may save the command line into the
history and reduce "ps -auxwww" to "ps ax" (that's all you need).
2016-07-03 15:37:47 +02:00
Jakob Unterwurzacher
e574a6cc1f nametransform: hide detailed padding error behind the debug flag
unPad16 returns detailed errors including the position of the
incorrect bytes. Kill a possible padding oracle by lumping
everything into a generic error.

The detailed error is only logged if debug is active.
2016-07-03 15:35:58 +02:00
Jakob Unterwurzacher
d5b7eb33da tests: call umount instead of fusermount on OSX
Reported at https://github.com/rfjakob/gocryptfs/issues/15
2016-07-02 20:06:20 +02:00
Jakob Unterwurzacher
54470baa23 fusefrontend: add fallocate support
Mode=0 (default) and mode=1 (keep size) are supported.
The patch includes test cases and the whole thing passed xfstests.

Fixes https://github.com/rfjakob/gocryptfs/issues/1 .
2016-07-02 19:52:09 +02:00
Jakob Unterwurzacher
04ad063515 fusefronted: move Truncate() and Allocate() to their own file
These are large complicated implementations that will share some
code.
2016-07-02 15:35:06 +02:00
Jakob Unterwurzacher
7b22b426b9 contentenc: rename PlaintextRange and CiphertextRange
The name could be misunderstood and actually caused a bug:
doWrite used to always preallocate 4128 instead of the actual
data length.
2016-07-02 00:12:36 +02:00
Jakob Unterwurzacher
f2b4d57068 fusefrontend: coalesce grows in Truncate()
We were growing the file block-by-block which was pretty
inefficient. We now coalesce all the grows into a single
Ftruncate. Also simplifies the code!

Simplistic benchmark: Before:

  $ time truncate -s 1000M foo
  real	0m0.568s

After:

  $ time truncate -s 1000M foo
  real	0m0.205s
2016-07-01 23:32:27 +02:00
Jakob Unterwurzacher
ae77d18527 fusefrontend: better comments for Truncate 2016-07-01 09:23:04 +02:00
Jakob Unterwurzacher
e994ffa27d fusefrontend: handle dir-overwrites-dir on XFS
XFS returns a different error code if you try to overwrite
a non-empty directory with a directory:

XFS:  mv: cannot move ‘foo’ to ‘bar/foo’: File exists
ext4: mv: cannot move 'foo' to 'bar/foo': Directory not empty

So have EEXIST trigger the Rmdir logic as well.

Fixes issue #20
Link: https://github.com/rfjakob/gocryptfs/issues/20
2016-06-30 23:17:54 +02:00
Jakob Unterwurzacher
02b6d3067d test: split up integration_tests
...into "matrix" and "normal".

Also:
* Make running multiple packages in parallel safe, see
  http://stackoverflow.com/questions/23715302/go-how-to-run-tests-for-multiple-packages
* Don't depent on test_helper.TmpDir and friends to have a terminating slash
2016-06-30 00:57:14 +02:00
Jakob Unterwurzacher
ffc000943b build.bash: support colon-separated GOPATH variable
Fixes issue #31
https://github.com/rfjakob/gocryptfs/issues/31
2016-06-29 22:27:32 +02:00
Jakob Unterwurzacher
f873d5f0a1 tests: run example_filesystems with "-openssl=false" AND "=true"
Run the tests twice, once with openssl and once with Go crypto.
2016-06-27 23:43:43 +02:00
Jakob Unterwurzacher
2720cd7b0d tests: give "-plaintextnames" its own test package
...and add tests for checking that gocryptfs.diriv
does not get created.

The main "integration_tests" package has become quite
big and convoluted over time.

This small separate package should make writing tests
for "-plaintextnames" easier.

As seen in "fusefrontend: fix PlaintextNames versions of Mkdir, Rmdir",
we need more of them.
2016-06-27 21:40:39 +02:00
Jakob Unterwurzacher
c400aca5cf tlog: clean up messages from the go-fuse library
Drop the date and add the "go-fuse: " prefix so you can see
where the message is coming from.

Before:
  Jun 27 09:03:15 brikett gocryptfs[4150]: 2016/06/27 09:03:15 Unimplemented opcode INTERRUPT
After:
  Jun 27 09:10:58 brikett gocryptfs[4961]: go-fuse: Unimplemented opcode INTERRUPT
2016-06-27 09:12:03 +02:00
Jakob Unterwurzacher
3288d98703 fusefrontend: fix PlaintextNames versions of Mkdir, Rmdir
The "!fs.args.DirIV" special case was removed by b17f0465c7
but that, by accident, also removed the handling for
PlaintextNames.

Re-add it as an explicit PlaintextNames special case.

Also adds support for removing directories that miss their
gocryptfs.diriv file for some reason.
2016-06-27 00:27:36 +02:00
Jakob Unterwurzacher
547ddf4264 tlog: switch default logger to syslog
...unless "-nosyslog" is passed.

All gocryptfs messages already go to syslog, but the messages
that the go-fuse lib emits were still printed to stdout.

Fixes issue #13 ( https://github.com/rfjakob/gocryptfs/issues/13 )
2016-06-26 23:30:22 +02:00
Jakob Unterwurzacher
a8a0d2d92c MANPAGE: note that "-plaintextnames" disables symlink encryption
This is no change in behavoir, just a clarification in the man page.
2016-06-26 23:08:25 +02:00
Jakob Unterwurzacher
15b88756ad main: add "-o" option to enable "suid" and "dev"
Device files and suid binaries are often not needed when running
gocryptfs as root. As they are potentially dangerous, let the
user enable them explicitely via the new "-o" option instead of
always enabling them when running as root.
2016-06-26 23:03:18 +02:00
Jakob Unterwurzacher
0115588680 main, fusefrontend: enable suid functionality
FUSE filesystems are mounted with "nosuid" by default. If we run as root,
we can use device files by passing the opposite mount option, "suid".

Also we have to use syscall.Chmod instead of os.Chmod because the
portability translation layer "syscallMode" messes up the sgid
and suid bits.

Fixes 70% of the failures in xfstests generic/193. The remaining are
related to truncate, but we err on the safe side:

    $ diff -u tests/generic/193.out /home/jakob/src/fuse-xfstests/results//generic/193.out.bad
    [...]
     check that suid/sgid bits are cleared after successful truncate...
     with no exec perm
     before: -rwSr-Sr--
    -after:  -rw-r-Sr--
    +after:  -rw-r--r--
2016-06-26 20:13:21 +02:00
Jakob Unterwurzacher
fb5e7023ee main: enable device files when running as root
FUSE filesystems are mounted with "nodev" by default. If we run as root,
we can use device files by passing the opposite mount option, "dev".

Fixes xfstests generic/184.
2016-06-26 19:23:33 +02:00
Jakob Unterwurzacher
23cc0657f4 fusefronted: preserve owner if running as root
If allow_other is set and we run as root, try to give newly created files to
the right user.
2016-06-26 19:18:13 +02:00
Jakob Unterwurzacher
38767ab527 fuserfrontend: support truncate(2) by wrapping ftruncate(2)
Support truncate(2) by opening the file and calling ftruncate(2)
While the glibc "truncate" wrapper seems to always use ftruncate, fsstress from
xfstests uses this a lot by calling "truncate64" directly.
2016-06-26 18:41:04 +02:00
Jakob Unterwurzacher
1de5ceed58 tests: add missing file "example_test_helpers.go"
This file was forgotten in commit
"tests: make tests for unsupported FSs more compact".
2016-06-26 18:34:30 +02:00
Jakob Unterwurzacher
885ed24ac6 README: fix copy-paste error 2016-06-23 22:17:59 +02:00
Jakob Unterwurzacher
35c0c285cb README: Note that v0.6 filesystems can no longer be mounted 2016-06-23 22:16:23 +02:00
Jakob Unterwurzacher
b558901e66 Drop deprecated "-gcmiv128" option
The GCMIV128 feature flag is already mandatory, dropping the command
line option is the final step.

Completes https://github.com/rfjakob/gocryptfs/issues/29 .
2016-06-23 22:10:19 +02:00
Jakob Unterwurzacher
80fc3532f6 tests: make tests for unsupported FSs more compact
There is no need to test that deprecated command-line options
produce an error. I trust the flags package.

Also split the example_filesystem helper functions into a
separate file.
2016-06-23 22:03:45 +02:00
Jakob Unterwurzacher
3d59a72ba9 Drop deprecated "-emenames" option
The EMENames feature flag is already mandatory, dropping the command
line option is the final step.
2016-06-23 21:56:50 +02:00
Jakob Unterwurzacher
e970b1fdb5 nametransform: drop unused noiv functions
As DirIV is now mandatory there is no user for the noiv functions.
2016-06-23 21:39:04 +02:00
Jakob Unterwurzacher
b17f0465c7 Drop deprecated "-diriv" option
The DirIV feature flag is already mandatory, dropping the command
line option is the final step.
2016-06-23 21:38:59 +02:00
Jakob Unterwurzacher
8a2e1a543a tests: add v0.7-plaintextnames example filesystem
The v0.6-plaintextnames example FS lacks the GCMIV128 feature
flag, is no longer mountable and can no longer be used for testing.

Add a new "-plaintextnames" filesystem created by gocryptfs v0.7.
There have been no format changes to "-plaintextnames" since then.
2016-06-23 20:53:14 +02:00
Jakob Unterwurzacher
af07866e08 build.bash: check if the go-fuse tree is dirty
If it is, append "-dirty" to the hash.
2016-06-19 20:35:28 +02:00
Jakob Unterwurzacher
930e597f5a tests: expect mount failure for v0.6 and older example filesystems 2016-06-19 20:04:09 +02:00
Jakob Unterwurzacher
f0b4d2354d Refuse mounting of v0.6 and older filesystems 2016-06-19 20:01:04 +02:00
Jakob Unterwurzacher
1dcafb99ff main: drop "on-disk format" from -version output, add Go version
As v0.4 introduced ext4-style feature flags, the on-disk format version
is unlinkely to change. Drop it from the version output to reduce
clutter. Use "gocryptfs -version -debug" to see it.

Add the Go version string because only Go 1.6 and newer have an optimized
AES-GCM implementation. This will help users to understand the performance
of their build.
2016-06-19 19:33:15 +02:00
Jakob Unterwurzacher
dba221d408 README: abbreviate ticket #29 link 2016-06-19 19:12:32 +02:00
Jakob Unterwurzacher
6922b88532 README: release v0.12 2016-06-19 19:03:17 +02:00
Jakob Unterwurzacher
531c35c0e2 travis: skip tests on go1.3.3
Go 1.3.3 does not support testing.M, so skip the tests there.
2016-06-19 18:50:14 +02:00
Jakob Unterwurzacher
989c307bab README: mention stdin passwords 2016-06-16 23:41:51 +02:00
Jakob Unterwurzacher
0869188032 README: list changes for v0.12 but don't add release date
The release of v0.12 is delayed to give people more time to
upgrade using "mv" or "rsync --remove-source-files".
2016-06-16 23:40:34 +02:00
Jakob Unterwurzacher
4d067e2de1 tests: adapt for read-only operation
The v0.6 and older example filesystem are mounted read-only
because they are deprecated, so skip the read-write tests.
2016-06-16 23:24:32 +02:00
Jakob Unterwurzacher
cc2a75b050 Mount v0.6 and older filesystems as read-only
This is part of the phase-out of very old filesystems.

See https://github.com/rfjakob/gocryptfs/wiki/Compatibility for
more info.
2016-06-16 23:23:09 +02:00
Jakob Unterwurzacher
3234b9b5ce tests: update config_test example files
Recreate the files so they carry all feature flags.

Also, create them with "-scryptn 10" to speed up the tests.
2016-06-16 23:19:05 +02:00
Jakob Unterwurzacher
96750a7d3c tests: exit with correct error code from TestMain
extpass_test and example_filesystems_test did it wrong,
always returning 0.
2016-06-16 21:56:23 +02:00
Jakob Unterwurzacher
82d87ff8ed Add "-ro" (read-only) flag
From the man page:

  **-ro**
  :      Mount the filesystem read-only

Also add a test.
2016-06-16 21:29:22 +02:00
Jakob Unterwurzacher
305e9c1045 tests: add InitFS helper 2016-06-16 21:27:01 +02:00
Jakob Unterwurzacher
c76c952c19 readpassword: clean up leftover debug commit 2016-06-16 20:59:51 +02:00
Jakob Unterwurzacher
7e92ebe16a Rename nametransform, contentenc source files
Let's have shorter names, and merge *_api.go into the "main"
file.

No code changes.
2016-06-16 19:02:47 +02:00
Jakob Unterwurzacher
6c3f97399a Rename internal "toggledlog" package to "tlog"
tlog is used heavily everywhere and deserves a shorter name.

Renamed using sed magic, without any manual rework:

   find * -type f -exec sed -i 's/toggledlog/tlog/g' {} +
2016-06-15 23:30:44 +02:00
Jakob Unterwurzacher
09e88f31d1 toggledlog: assume command of color handling
We want to use colored error messages also outside of main,
so let's handle it in the logging package.

The fatal logger now automatically prints red.
2016-06-15 23:17:51 +02:00