Jakob Unterwurzacher
6af725ff09
ctlsock: exit early if socket cannot be created; delete on exit
...
Both are achieved by opening the socket from main and passing
it to the ctlsock package instead of passing the path.
2016-12-10 14:54:06 +01:00
Jakob Unterwurzacher
e1833fa26a
test.bash: call vet early
2016-12-10 14:53:04 +01:00
Jakob Unterwurzacher
967e7bd125
stupidgcm: Fix without_openssl build failure
...
Also, always call build-without-openssl.bash from test.bash.
Failure was:
internal/stupidgcm/without_openssl.go:29: missing return at end of function
2016-12-10 13:15:19 +01:00
Jakob Unterwurzacher
2758c75cae
ctlsock: sanitize paths before passing them to the backend
...
You used to be able to crash gocryptfs by passing "/foo"
of "foo/" to the ctlsock.
Fixes https://github.com/rfjakob/gocryptfs/issues/66
2016-12-10 12:59:54 +01:00
Jakob Unterwurzacher
21904cd5f0
ctlsock: exit if socket cannot be created
2016-12-10 12:49:43 +01:00
Jakob Unterwurzacher
3e59041147
test.bash: check for naked "panic()" calls
2016-12-10 11:54:54 +01:00
Jakob Unterwurzacher
c9f4400e6d
Replace all calls to naked panic() with log.Panic()
...
We want all panics to show up in the syslog.
2016-12-10 11:54:36 +01:00
Jakob Unterwurzacher
6c86afb5cd
build-without-openssl: compile statically
...
$ ldd gocryptfs
not a dynamic executable
$ file gocryptfs
gocryptfs: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, not stripped
2016-12-06 22:47:18 +01:00
Jakob Unterwurzacher
9b57384574
README: v1.2 includes the rendered man page in the tarball
2016-12-04 20:38:48 +01:00
Jakob Unterwurzacher
ec89eb1d76
Update README for v1.2 release
2016-12-04 19:32:23 +01:00
Jakob Unterwurzacher
55df8acac3
fusefrontend: preserve owner for symlinks
...
https://github.com/rfjakob/gocryptfs/issues/64
2016-11-28 23:15:24 +01:00
Jakob Unterwurzacher
e3c5e3f1c8
fusefronted: preserve owner for device nodes and sockets
...
https://github.com/rfjakob/gocryptfs/issues/64
2016-11-28 23:09:47 +01:00
Jakob Unterwurzacher
a66440c668
fusefrontend: use Lchown when preserving owner
...
This prevents (unlikely) symlink race attacks
2016-11-28 22:46:04 +01:00
Jakob Unterwurzacher
7fc93ec093
main: fix USR1 race condition, fixes test flakiness
...
We could have gotten the signal before the handler was ready,
which caused the process to wait indefinitely. This was the reason
test.bash sometimes hung.
2016-11-26 18:18:14 +01:00
Jakob Unterwurzacher
3f5c48e058
tests: don't call t.Fatal in checkExampleFS
...
Calling t.Fatal means that the parent test has no chance
to clean up.
2016-11-26 15:20:54 +01:00
Jakob Unterwurzacher
a6006c0d2b
test.bash: lock against multiple parallel incovations
...
Running multiple test.bash in parallel causes all kinds of
mayham.
2016-11-26 13:43:50 +01:00
Jakob Unterwurzacher
55ea345620
Add write coalescing and -noprealloc to changelog
2016-11-26 13:09:05 +01:00
Jakob Unterwurzacher
cb5426e8ee
performance.txt: add numbers for current gocryptfs master and encfs v1.9.1
2016-11-26 12:46:58 +01:00
Jakob Unterwurzacher
10884603d8
benchmark.bash: double write length
...
Writing 1000 128KB blocks takes only 1 second and yielded
inconsistent results. With 2000, things look saner.
2016-11-26 12:36:55 +01:00
Jakob Unterwurzacher
0f8d3318a3
main, fusefrontend: add "-noprealloc" option
...
Preallocation is very slow on hdds that run btrfs. Give the
user the option to disable it. This greatly speeds up small file
operations but reduces the robustness against out-of-space errors.
Also add the option to the man page.
More info: https://github.com/rfjakob/gocryptfs/issues/63
2016-11-25 09:19:14 +01:00
Jakob Unterwurzacher
024511d9c7
fusefrontend: coalesce 4kB writes
...
This improves performance on hdds running ext4, and improves
streaming write performance on hdds running btrfs. Tar extract
slows down on btrfs for some reason.
See https://github.com/rfjakob/gocryptfs/issues/63
Benchmarks:
encfs v1.9.1
============
$ ./benchmark.bash -encfs /mnt/hdd-ext4
Testing EncFS at /mnt/hdd-ext4/benchmark.bash.u0g
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 1,48354 s, 88,4 MB/s
UNTAR: 20.79
LS: 3.04
RM: 6.62
$ ./benchmark.bash -encfs /mnt/hdd-btrfs
Testing EncFS at /mnt/hdd-btrfs/benchmark.bash.h40
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 1,52552 s, 85,9 MB/s
UNTAR: 24.51
LS: 2.73
RM: 5.32
gocryptfs v1.1.1-26-g4a7f8ef
============================
$ ./benchmark.bash /mnt/hdd-ext4
Testing gocryptfs at /mnt/hdd-ext4/benchmark.bash.1KG
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 1,55782 s, 84,1 MB/s
UNTAR: 22.23
LS: 1.47
RM: 4.17
$ ./benchmark.bash /mnt/hdd-btrfs
Testing gocryptfs at /mnt/hdd-btrfs/benchmark.bash.2t8
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 6,87206 s, 19,1 MB/s
UNTAR: 69.87
LS: 1.52
RM: 5.33
gocryptfs v1.1.1-32
===================
$ ./benchmark.bash /mnt/hdd-ext4
Testing gocryptfs at /mnt/hdd-ext4/benchmark.bash.Qt3
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 1,22577 s, 107 MB/s
UNTAR: 23.46
LS: 1.46
RM: 4.67
$ ./benchmark.bash /mnt/hdd-btrfs/
Testing gocryptfs at /mnt/hdd-btrfs//benchmark.bash.XVk
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 3,68735 s, 35,5 MB/s
UNTAR: 116.87
LS: 1.84
RM: 6.34
2016-11-25 09:03:32 +01:00
Jakob Unterwurzacher
80c50b9dbc
main: give deferred functions a chance to run (fixes -cpuprofile)
2016-11-23 23:49:34 +01:00
Jakob Unterwurzacher
910fee244f
benchmark.bash: allow to specify directory
2016-11-23 21:54:55 +01:00
Jakob Unterwurzacher
25d06fc809
Drop "benchmark-synthetic.bash"
...
This scipt was broken for a long time and not very useful.
2016-11-23 21:54:13 +01:00
Jakob Unterwurzacher
6f475da116
Fix golint warnings, add helper script
2016-11-17 23:40:03 +01:00
Jakob Unterwurzacher
36b4e325ca
README: start list for v1.2
2016-11-17 23:34:16 +01:00
Jakob Unterwurzacher
41af353dcb
tests: rename fsstress-loopback.bash to fsstress-gocryptfs.bash
...
The primary use is testing gocryptfs, after all.
2016-11-17 22:51:25 +01:00
Jakob Unterwurzacher
1bae06a16a
tests: add OpenTruncateRead test
...
This is a regression test for the issue that was fixed by the
last commit.
2016-11-17 22:48:50 +01:00
Jakob Unterwurzacher
0489d08ae2
fusefrontend: get the file ID from the open files table
...
This fixes the problem that a truncate can reset the file
ID without the other open FDs noticing it.
2016-11-17 22:29:45 +01:00
Jakob Unterwurzacher
e04dc05012
fusefrontend: upgrade wlockMap to use device AND inode number
...
If there are multiple filesystems backing the gocryptfs filesystems
inode numbers are not guaranteed to be unique.
2016-11-17 20:32:19 +01:00
Jakob Unterwurzacher
081015aa74
MANPAGE: document ctlsock
2016-11-11 00:01:29 +01:00
Jakob Unterwurzacher
d8fb28a1c3
ctlsock: prevent panic on invalid decrypt request
2016-11-10 23:51:47 +01:00
Jakob Unterwurzacher
c2629bd9b5
tests: allow overriding hardcoded arguments in Mount helper
2016-11-10 23:47:04 +01:00
Jakob Unterwurzacher
c03fc46a51
ctlsock: implement EncryptPath for reverse mode, add tests
2016-11-10 23:32:51 +01:00
Jakob Unterwurzacher
d3764b7753
reverse: fix longname decoding bug
...
This could have caused spurious ENOENT errors.
That it did not cause these errors all the time is interesting
and probably because an earlier readdir would place the entry
in the cache. This masks the bug.
2016-11-10 23:30:30 +01:00
Jakob Unterwurzacher
e7f57695a6
Fix golint warnings
...
$ golint ./... | grep -v underscore | grep -v ALL_CAPS
internal/fusefrontend_reverse/rfs.go:52:36: exported func NewFS returns unexported type *fusefrontend_reverse.reverseFS, which can be annoying to use
internal/nametransform/raw64_go1.5.go:10:2: exported const HaveRaw64 should have comment (or a comment on this block) or be unexported
2016-11-10 00:38:01 +01:00
Jakob Unterwurzacher
75ebb28a62
ctlsock: add initial limited implementation
...
At the moment, in forward mode you can only encrypt paths
and in reverse mode you can only decrypt paths.
2016-11-10 00:27:08 +01:00
Jakob Unterwurzacher
df28fc5a11
nametransform: get rid of leading "./"
...
Paths in the root directory were encrypted to this:
foobar -> ./N9vPc0gXUY4PDSt0-muYXQ==
2016-11-09 23:41:47 +01:00
Jakob Unterwurzacher
df1e3a10c4
nametransform: nicer error message on empty gocryptfs.diriv
...
Old:
Nov 06 13:34:38 brikett gocryptfs[16228]: ReadDirIVAt: Read failed: EOF
Nov 06 13:34:38 brikett gocryptfs[16228]: go-fuse: can't convert error type: EOF
New:
Nov 06 14:08:43 brikett gocryptfs[17361]: ReadDirIVAt: wanted 16 bytes, got 0. Returning EINVAL.
2016-11-06 14:09:34 +01:00
Jakob Unterwurzacher
d15122d3d6
Add Go 1.4 compatibility layer for raw64
...
Using raw64 will not work, but at least it will compile.
2016-11-01 19:25:59 +01:00
Jakob Unterwurzacher
f4c367381e
main: fix comments that reference "-f"
2016-11-01 19:04:49 +01:00
Jakob Unterwurzacher
b527e205e2
main: rename "-f" to "-fg"
...
"-f" looks too much like "--force". The old variant is still
accepted for compatability.
2016-11-01 19:00:45 +01:00
Jakob Unterwurzacher
d6678f73b4
MANPAGE: document -raw64
2016-11-01 18:53:42 +01:00
Jakob Unterwurzacher
2b991c9743
Add support for unpadded base64 filenames, "-raw64"
...
Through base64.RawURLEncoding.
New command-line parameter "-raw64".
2016-11-01 18:43:22 +01:00
Jakob Unterwurzacher
964e0e6b36
tests: add raw64 tests
...
Also, use "%#v" instead of JSON for debug output.
This means we can unexport all fields.
2016-11-01 18:42:10 +01:00
Jakob Unterwurzacher
d41492bcbc
MANPAGE: update version field description
2016-11-01 18:30:32 +01:00
Jakob Unterwurzacher
8ce735e987
main: print "args" slightly prettier
2016-11-01 18:30:00 +01:00
Jakob Unterwurzacher
75b776cb3d
MANPAGE: add reverse example, move "-o" into alphabetical list
...
People will search for "-o" alphabetically, so put it into the
alphabetical option list, even if it is not a real option.
2016-11-01 15:55:05 +01:00
Jakob Unterwurzacher
e993fd5fbc
packakge.bash: include rendered man page in tarball
2016-11-01 15:43:33 +01:00
Jakob Unterwurzacher
944eaf2fb5
fusefronted: expire dir IV cache after one second
...
The Back In Time backup tool (https://github.com/bit-team/backintime )
wants to write directly into the ciphertext dir.
This may cause the cached directory IV to become out-of-date.
Having an expiry time limits the inconstency to one second, like
attr_timeout does for the kernel getattr cache.
2016-11-01 10:57:39 +01:00