Our git version is v2+ for some time now, but go.mod
still declared v1. Hopefully making both match makes
https://pkg.go.dev/github.com/rfjakob/gocryptfs/v2 work.
All the import paths have been fixed like this:
find . -name \*.go | xargs sed -i s%github.com/rfjakob/gocryptfs/%github.com/rfjakob/gocryptfs/v2/%
Issues were:
# github.com/rfjakob/gocryptfs/contrib/findholes/holes
contrib/findholes/holes/holes.go:136:2: unreachable code
# github.com/rfjakob/gocryptfs/tests/root_test_test
tests/root_test/root_test.go:139:2: unreachable code
Also make sure we actually run "go vet" against the whole
codebase.
Everything except the
if err2.Err == syscall.EOPNOTSUPP
case. Gets too confusing when collapsed into a single line.
Issues were:
$ golangci-lint run --disable-all --enable gosimple
mount.go:473:2: S1008: should use 'return strings.HasPrefix(v, "fusermount version")' instead of 'if strings.HasPrefix(v, "fusermount version") { return true }; return false' (gosimple)
if strings.HasPrefix(v, "fusermount version") {
^
cli_args.go:258:5: S1002: should omit comparison to bool constant, can be simplified to `args.forcedecode` (gosimple)
if args.forcedecode == true {
^
cli_args.go:263:6: S1002: should omit comparison to bool constant, can be simplified to `args.aessiv` (gosimple)
if args.aessiv == true {
^
cli_args.go:267:6: S1002: should omit comparison to bool constant, can be simplified to `args.reverse` (gosimple)
if args.reverse == true {
^
internal/stupidgcm/stupidgcm.go:227:6: S1002: should omit comparison to bool constant, can be simplified to `g.forceDecode` (gosimple)
if g.forceDecode == true {
^
gocryptfs-xray/xray_tests/xray_test.go:23:5: S1004: should use !bytes.Equal(out, expected) instead (gosimple)
if bytes.Compare(out, expected) != 0 {
^
gocryptfs-xray/xray_tests/xray_test.go:40:5: S1004: should use !bytes.Equal(out, expected) instead (gosimple)
if bytes.Compare(out, expected) != 0 {
^
gocryptfs-xray/paths_ctlsock.go:34:20: S1002: should omit comparison to bool constant, can be simplified to `!eof` (gosimple)
for eof := false; eof == false; line++ {
^
tests/reverse/xattr_test.go:19:2: S1008: should use 'return err2.Err != syscall.EOPNOTSUPP' instead of 'if err2.Err == syscall.EOPNOTSUPP { return false }; return true' (gosimple)
if err2.Err == syscall.EOPNOTSUPP {
^
internal/fusefrontend/node.go:459:45: S1002: should omit comparison to bool constant, can be simplified to `!nameFileAlreadyThere` (gosimple)
if nametransform.IsLongContent(cName2) && nameFileAlreadyThere == false {
^
tests/xattr/xattr_integration_test.go:221:2: S1008: should use 'return err2.Err != syscall.EOPNOTSUPP' instead of 'if err2.Err == syscall.EOPNOTSUPP { return false }; return true' (gosimple)
if err2.Err == syscall.EOPNOTSUPP {
^
tests/test_helpers/helpers.go:338:19: S1002: should omit comparison to bool constant, can be simplified to `open` (gosimple)
if err != nil && open == true {
^
tests/matrix/concurrency_test.go:121:7: S1004: should use !bytes.Equal(buf, content) instead (gosimple)
if bytes.Compare(buf, content) != 0 {
^
I just got this message (not reproducible) with unescaped
binary garbage.
UnmountErr: "/var/tmp/gocryptfs-test-parent-1026/114471933/TestMountBackground.899727687.mnt" was not found in MountInfo, cannot check for FD leaks
UnmountErr: "/var/tmp/gocryptfs-test-parent-1026/114471933/TestConfigPipe.212912444.mnt" was not found in MountInfo, cannot check for FD leaks
DecryptName "mzaZRF9_0IU-_5vv2wPC_i": unPad16 error: Padding too long, padLen=49 > 16
OpenDir ".": invalid entry "KqQ346cuOAFHv_qSta5PhAwrongPattern": bad message
DecryptName "mzaZRF9_0IU-_5vv2wP_in": unPad16 error: Padding byte at i=10 is invalid
--- FAIL: TestBadname (0.11s)
cli_test.go:885: Case 5 failed: 'KqQ346cuOAFHv_qSta5P_invalid_file GOCRYPTFS_BAD_NAME' in [file_invalid_file GOCRYPTFS_BAD_NAME,file,mzaZRF9_0IU-_5vv2wPC_invalid_file GOCRYPTFS_BAD_NAME,file GOCRYPTFS_BAD_NAME,�*A���y���Gfnvalid_file GOCRYPTFS_BAD_NAME,mzaZRF9_0IU-_5vv2wP_invalid_file GOCRYPTFS_BAD_NAME]
Invalid cipherdir: directory /var/tmp/gocryptfs-test-parent-1026/114471933/TestInitNotEmpty not empty
FAIL
FAIL github.com/rfjakob/gocryptfs/tests/cli 4.817s
This proposal is the counterpart of the modifications from the `-badname`
parameter. It modifies the plain -> cipher mapping for filenames when using
`-badname` parameter. The new function `EncryptAndHashBadName` tries to find a
cipher filename for the given plain name with the following steps:
1. If `badname` is disabled or direct mapping is successful: Map directly
(default and current behaviour)
2. If a file with badname flag has a valid cipher file, this is returned
(=File just ends with the badname flag)
3. If a file with a badname flag exists where only the badname flag was added,
this is returned (=File cipher name could not be decrypted by function
`DecryptName` and just the badname flag was added)
4. Search for all files which cipher file name extists when cropping more and
more characters from the end. If only 1 file is found, return this
5. Return an error otherwise
This allows file access in the file browsers but most important it allows that
you rename files with undecryptable cipher names in the plain directories.
Renaming those files will then generate a proper cipher filename One
backdraft: When mounting the cipher dir with -badname parameter, you can never
create (or rename to) files whose file name ends with the badname file flag
(at the moment this is " GOCRYPTFS_BAD_NAME"). This will cause an error.
I modified the CLI test function to cover additional test cases. Test [Case
7](https://github.com/DerDonut/gocryptfs/blob/badnamecontent/tests/cli/cli_test.go#L712)
cannot be performed since the cli tests are executed in panic mode. The
testing is stopped on error. Since the function`DecryptName` produces internal
errors when hitting non-decryptable file names, this test was omitted.
This implementation is a proposal where I tried to change the minimum amount
of existing code. Another possibility would be instead of creating the new
function `EncryptAndHashBadName` to modify the signature of the existing
function `EncryptAndHashName(name string, iv []byte)` to
`EncryptAndHashName(name string, iv []byte, dirfd int)` and integrate the
functionality into this function directly. You may allow calling with dirfd=-1
or other invalid values an then performing the current functionality.
gocryptfs 2.0 introduced the regression that the size
reported at symlink creation was the ciphertext size,
which is wrong.
Report the plaintext size.
Fixes https://github.com/rfjakob/gocryptfs/issues/574
xfstests generic/523 discovered that we allowed to set
xattrs with "/" in the name, but did not allow to read
them later.
With this change we do not allow to set them in the first
place.