mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-12-22 13:00:19 +00:00
rebase: bump github.com/google/fscrypt from 0.3.3 to 0.3.4
Bumps [github.com/google/fscrypt](https://github.com/google/fscrypt) from 0.3.3 to 0.3.4. - [Release notes](https://github.com/google/fscrypt/releases) - [Changelog](https://github.com/google/fscrypt/blob/master/NEWS.md) - [Commits](https://github.com/google/fscrypt/compare/v0.3.3...v0.3.4) --- updated-dependencies: - dependency-name: github.com/google/fscrypt dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
This commit is contained in:
parent
991c21f7fd
commit
f84d43c6d1
2
go.mod
2
go.mod
@ -14,7 +14,7 @@ require (
|
||||
github.com/csi-addons/spec v0.1.2-0.20221101132540-98eff76b0ff8
|
||||
github.com/gemalto/kmip-go v0.0.8
|
||||
github.com/golang/protobuf v1.5.2
|
||||
github.com/google/fscrypt v0.3.3
|
||||
github.com/google/fscrypt v0.3.4
|
||||
github.com/google/uuid v1.3.0
|
||||
github.com/grpc-ecosystem/go-grpc-middleware v1.3.0
|
||||
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0
|
||||
|
13
go.sum
13
go.sum
@ -67,6 +67,7 @@ github.com/Azure/go-autorest/autorest/validation v0.2.0/go.mod h1:3EEqHnBxQGHXRY
|
||||
github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc=
|
||||
github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk=
|
||||
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
|
||||
github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
|
||||
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
|
||||
github.com/DataDog/datadog-go v2.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
|
||||
github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
|
||||
@ -220,6 +221,7 @@ github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7
|
||||
github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
|
||||
github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
|
||||
github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
|
||||
github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
|
||||
@ -422,8 +424,8 @@ github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Z
|
||||
github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
|
||||
github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
|
||||
github.com/google/cel-go v0.12.6/go.mod h1:Jk7ljRzLBhkmiAwBoUxB1sZSCVBAzkqPF25olK/iRDw=
|
||||
github.com/google/fscrypt v0.3.3 h1:qwx9OCR/xZE68VGr/r0/yugFhlGpIOGsH9JHrttP7vc=
|
||||
github.com/google/fscrypt v0.3.3/go.mod h1:H1JHtH8BVe0dYNhzx1Ztkn3azQ0OBdoOmM828vEWAXc=
|
||||
github.com/google/fscrypt v0.3.4 h1:XGSVMIsQFooj82aRRfYn3JpgU/4fOTnzXPnjhxC8uH8=
|
||||
github.com/google/fscrypt v0.3.4/go.mod h1:BRpw7vaeDitXGRvXa281i/ivQszAdBIiUYDWHjVTkcs=
|
||||
github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ=
|
||||
github.com/google/gnostic v0.6.9 h1:ZK/5VhkoX835RikCHpSUJV9a+S3e1zLh59YnyWeBW+0=
|
||||
github.com/google/gnostic v0.6.9/go.mod h1:Nm8234We1lq6iB9OmlgNv3nH91XLLVZHCDayfA3xq+E=
|
||||
@ -1010,6 +1012,7 @@ github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1
|
||||
github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
|
||||
github.com/ulikunitz/xz v0.5.6/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8=
|
||||
github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
|
||||
github.com/urfave/cli v1.22.5/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
|
||||
github.com/wadey/gocovmerge v0.0.0-20160331181800-b5bfa59ec0ad/go.mod h1:Hy8o65+MXnS6EwGElrSRjUzQDLXreJlzYLlWiHtt8hM=
|
||||
github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c/go.mod h1:lB8K/P019DLNhemzwFU4jHLhdvlE6uDZjXFejJXr49I=
|
||||
github.com/xdg/stringprep v1.0.0/go.mod h1:Jhud4/sHMO4oL310DaZAKk9ZaJ08SJfe+sJh0HrGL1Y=
|
||||
@ -1114,6 +1117,7 @@ golang.org/x/crypto v0.0.0-20200117160349-530e935923ad/go.mod h1:LzIPMQfyMNhhGPh
|
||||
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||
golang.org/x/crypto v0.0.0-20201208171446-5f87f3452ae9/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
|
||||
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
|
||||
golang.org/x/crypto v0.0.0-20220408190544-5352b0902921/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
||||
golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
||||
golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
|
||||
golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc=
|
||||
@ -1128,6 +1132,7 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
|
||||
golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
|
||||
golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
|
||||
golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
|
||||
golang.org/x/exp/typeparams v0.0.0-20220218215828-6cf2b201936e/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk=
|
||||
golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
|
||||
golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
|
||||
golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
|
||||
@ -1343,7 +1348,6 @@ golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
|
||||
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
golang.org/x/term v0.0.0-20210422114643-f5beecf764ed/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
|
||||
golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
|
||||
golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
|
||||
@ -1395,7 +1399,6 @@ golang.org/x/tools v0.0.0-20190718200317-82a3ea8a504c/go.mod h1:jcCCGcm9btYwXyDq
|
||||
golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
|
||||
golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
|
||||
golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
|
||||
golang.org/x/tools v0.0.0-20191025023517-2077df36852e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
|
||||
golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
|
||||
golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
|
||||
golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
|
||||
@ -1440,6 +1443,7 @@ golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
|
||||
golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
|
||||
golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
|
||||
golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E=
|
||||
golang.org/x/tools v0.1.11-0.20220316014157-77aa08bb151a/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E=
|
||||
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
|
||||
golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA=
|
||||
golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
@ -1673,6 +1677,7 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
|
||||
honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
|
||||
honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
|
||||
honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
|
||||
honnef.co/go/tools v0.3.0/go.mod h1:vlRD9XErLMGT+mDuofSr0mMMquscM/1nQqtRSsh6m70=
|
||||
k8s.io/api v0.26.1 h1:f+SWYiPd/GsiWwVRz+NbFyCgvv75Pk9NK6dlkZgpCRQ=
|
||||
k8s.io/api v0.26.1/go.mod h1:xd/GBNgR0f707+ATNyPmQ1oyKSgndzXij81FzWGsejg=
|
||||
k8s.io/apiextensions-apiserver v0.26.1 h1:cB8h1SRk6e/+i3NOrQgSFij1B2S0Y0wDoNl66bn8RMI=
|
||||
|
26
vendor/github.com/google/fscrypt/actions/config.go
generated
vendored
26
vendor/github.com/google/fscrypt/actions/config.go
generated
vendored
@ -29,6 +29,7 @@ import (
|
||||
"time"
|
||||
|
||||
"golang.org/x/sys/unix"
|
||||
"google.golang.org/protobuf/proto"
|
||||
|
||||
"github.com/google/fscrypt/crypto"
|
||||
"github.com/google/fscrypt/filesystem"
|
||||
@ -186,11 +187,17 @@ func getHashingCosts(target time.Duration) (*metadata.HashingCosts, error) {
|
||||
log.Printf("Finding hashing costs that take %v\n", target)
|
||||
|
||||
// Start out with the minimal possible costs that use all the CPUs.
|
||||
nCPUs := int64(runtime.NumCPU())
|
||||
parallelism := int64(runtime.NumCPU())
|
||||
// golang.org/x/crypto/argon2 only supports parallelism up to 255.
|
||||
// For compatibility, don't use more than that amount.
|
||||
if parallelism > metadata.MaxParallelism {
|
||||
parallelism = metadata.MaxParallelism
|
||||
}
|
||||
costs := &metadata.HashingCosts{
|
||||
Time: 1,
|
||||
Memory: 8 * nCPUs,
|
||||
Parallelism: nCPUs,
|
||||
Time: 1,
|
||||
Memory: 8 * parallelism,
|
||||
Parallelism: parallelism,
|
||||
TruncationFixed: true,
|
||||
}
|
||||
|
||||
// If even the minimal costs are not fast enough, just return the
|
||||
@ -210,7 +217,7 @@ func getHashingCosts(target time.Duration) (*metadata.HashingCosts, error) {
|
||||
memoryKiBLimit := memoryBytesLimit() / 1024
|
||||
for {
|
||||
// Store a copy of the previous costs
|
||||
costsPrev := *costs
|
||||
costsPrev := proto.Clone(costs).(*metadata.HashingCosts)
|
||||
tPrev := t
|
||||
|
||||
// Double the memory up to the max, then double the time.
|
||||
@ -223,7 +230,7 @@ func getHashingCosts(target time.Duration) (*metadata.HashingCosts, error) {
|
||||
// If our hashing failed, return the last good set of costs.
|
||||
if t, err = timeHashingCosts(costs); err != nil {
|
||||
log.Printf("Hashing with costs={%v} failed: %v\n", costs, err)
|
||||
return &costsPrev, nil
|
||||
return costsPrev, nil
|
||||
}
|
||||
log.Printf("Costs={%v}\t-> %v\n", costs, t)
|
||||
|
||||
@ -232,9 +239,10 @@ func getHashingCosts(target time.Duration) (*metadata.HashingCosts, error) {
|
||||
if t >= target {
|
||||
f := float64(target-tPrev) / float64(t-tPrev)
|
||||
return &metadata.HashingCosts{
|
||||
Time: betweenCosts(costsPrev.Time, costs.Time, f),
|
||||
Memory: betweenCosts(costsPrev.Memory, costs.Memory, f),
|
||||
Parallelism: costs.Parallelism,
|
||||
Time: betweenCosts(costsPrev.Time, costs.Time, f),
|
||||
Memory: betweenCosts(costsPrev.Memory, costs.Memory, f),
|
||||
Parallelism: costs.Parallelism,
|
||||
TruncationFixed: costs.TruncationFixed,
|
||||
}, nil
|
||||
}
|
||||
}
|
||||
|
2
vendor/github.com/google/fscrypt/actions/policy.go
generated
vendored
2
vendor/github.com/google/fscrypt/actions/policy.go
generated
vendored
@ -25,8 +25,8 @@ import (
|
||||
"os"
|
||||
"os/user"
|
||||
|
||||
"github.com/golang/protobuf/proto"
|
||||
"github.com/pkg/errors"
|
||||
"google.golang.org/protobuf/proto"
|
||||
|
||||
"github.com/google/fscrypt/crypto"
|
||||
"github.com/google/fscrypt/filesystem"
|
||||
|
6
vendor/github.com/google/fscrypt/actions/recovery.go
generated
vendored
6
vendor/github.com/google/fscrypt/actions/recovery.go
generated
vendored
@ -23,6 +23,8 @@ import (
|
||||
"os"
|
||||
"strconv"
|
||||
|
||||
"google.golang.org/protobuf/proto"
|
||||
|
||||
"github.com/google/fscrypt/crypto"
|
||||
"github.com/google/fscrypt/metadata"
|
||||
"github.com/google/fscrypt/util"
|
||||
@ -31,10 +33,10 @@ import (
|
||||
// modifiedContextWithSource returns a copy of ctx with the protector source
|
||||
// replaced by source.
|
||||
func modifiedContextWithSource(ctx *Context, source metadata.SourceType) *Context {
|
||||
modifiedConfig := *ctx.Config
|
||||
modifiedConfig := proto.Clone(ctx.Config).(*metadata.Config)
|
||||
modifiedConfig.Source = source
|
||||
modifiedCtx := *ctx
|
||||
modifiedCtx.Config = &modifiedConfig
|
||||
modifiedCtx.Config = modifiedConfig
|
||||
return &modifiedCtx
|
||||
}
|
||||
|
||||
|
11
vendor/github.com/google/fscrypt/filesystem/filesystem.go
generated
vendored
11
vendor/github.com/google/fscrypt/filesystem/filesystem.go
generated
vendored
@ -35,7 +35,6 @@ package filesystem
|
||||
import (
|
||||
"fmt"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"log"
|
||||
"os"
|
||||
"os/user"
|
||||
@ -45,9 +44,9 @@ import (
|
||||
"syscall"
|
||||
"time"
|
||||
|
||||
"github.com/golang/protobuf/proto"
|
||||
"github.com/pkg/errors"
|
||||
"golang.org/x/sys/unix"
|
||||
"google.golang.org/protobuf/proto"
|
||||
|
||||
"github.com/google/fscrypt/metadata"
|
||||
"github.com/google/fscrypt/util"
|
||||
@ -335,7 +334,7 @@ func (m *Mount) PolicyPath(descriptor string) string {
|
||||
// directory and returns a temporary Mount which represents this temporary
|
||||
// directory. The caller is responsible for removing this temporary directory.
|
||||
func (m *Mount) tempMount() (*Mount, error) {
|
||||
tempDir, err := ioutil.TempDir(filepath.Dir(m.BaseDir()), tempPrefix)
|
||||
tempDir, err := os.MkdirTemp(filepath.Dir(m.BaseDir()), tempPrefix)
|
||||
return &Mount{Path: tempDir}, err
|
||||
}
|
||||
|
||||
@ -393,7 +392,7 @@ func (m *Mount) isFscryptSetupAllowed() bool {
|
||||
return true
|
||||
}
|
||||
switch m.FilesystemType {
|
||||
case "ext4", "f2fs", "ubifs", "btrfs", "ceph", "xfs":
|
||||
case "ext4", "f2fs", "ubifs", "btrfs", "ceph", "xfs", "lustre":
|
||||
return true
|
||||
default:
|
||||
return false
|
||||
@ -635,7 +634,7 @@ func (m *Mount) writeData(path string, data []byte, owner *user.User, mode os.Fi
|
||||
// Write the data to a temporary file, sync it, then rename into place
|
||||
// so that the operation will be atomic.
|
||||
dirPath := filepath.Dir(path)
|
||||
tempFile, err := ioutil.TempFile(dirPath, tempPrefix)
|
||||
tempFile, err := os.CreateTemp(dirPath, tempPrefix)
|
||||
if err != nil {
|
||||
log.Print(err)
|
||||
if os.IsPermission(err) {
|
||||
@ -767,7 +766,7 @@ func readMetadataFileSafe(path string, trustedUser *user.User) ([]byte, int64, e
|
||||
}
|
||||
// Read the file contents, allowing at most maxMetadataFileSize bytes.
|
||||
reader := &io.LimitedReader{R: file, N: maxMetadataFileSize + 1}
|
||||
data, err := ioutil.ReadAll(reader)
|
||||
data, err := io.ReadAll(reader)
|
||||
if err != nil {
|
||||
return nil, -1, err
|
||||
}
|
||||
|
9
vendor/github.com/google/fscrypt/filesystem/mountpoint.go
generated
vendored
9
vendor/github.com/google/fscrypt/filesystem/mountpoint.go
generated
vendored
@ -25,7 +25,6 @@ import (
|
||||
"bufio"
|
||||
"fmt"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"log"
|
||||
"os"
|
||||
"path/filepath"
|
||||
@ -537,11 +536,15 @@ func getMountFromLink(link string) (*Mount, error) {
|
||||
}
|
||||
|
||||
func (mnt *Mount) getFilesystemUUID() (string, error) {
|
||||
dirContents, err := ioutil.ReadDir(uuidDirectory)
|
||||
dirEntries, err := os.ReadDir(uuidDirectory)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
for _, fileInfo := range dirContents {
|
||||
for _, dirEntry := range dirEntries {
|
||||
fileInfo, err := dirEntry.Info()
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
if fileInfo.Mode()&os.ModeSymlink == 0 {
|
||||
continue // Only interested in UUID symlinks
|
||||
}
|
||||
|
36
vendor/github.com/google/fscrypt/metadata/checks.go
generated
vendored
36
vendor/github.com/google/fscrypt/metadata/checks.go
generated
vendored
@ -20,8 +20,11 @@
|
||||
package metadata
|
||||
|
||||
import (
|
||||
"github.com/golang/protobuf/proto"
|
||||
"log"
|
||||
"math"
|
||||
|
||||
"github.com/pkg/errors"
|
||||
"google.golang.org/protobuf/proto"
|
||||
|
||||
"github.com/google/fscrypt/util"
|
||||
)
|
||||
@ -57,20 +60,37 @@ func (s SourceType) CheckValidity() error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// MaxParallelism is the maximum allowed value for HashingCosts.Parallelism.
|
||||
const MaxParallelism = math.MaxUint8
|
||||
|
||||
// CheckValidity ensures the hash costs will be accepted by Argon2.
|
||||
func (h *HashingCosts) CheckValidity() error {
|
||||
if h == nil {
|
||||
return errNotInitialized
|
||||
}
|
||||
if h.Time <= 0 {
|
||||
return errors.Errorf("time=%d is not positive", h.Time)
|
||||
|
||||
minP := int64(1)
|
||||
p := uint8(h.Parallelism)
|
||||
if h.Parallelism < minP || h.Parallelism > MaxParallelism {
|
||||
if h.TruncationFixed || p == 0 {
|
||||
return errors.Errorf("parallelism cost %d is not in range [%d, %d]",
|
||||
h.Parallelism, minP, MaxParallelism)
|
||||
}
|
||||
// Previously we unconditionally casted costs.Parallelism to a uint8,
|
||||
// so we replicate this behavior for backwards compatibility.
|
||||
log.Printf("WARNING: Truncating parallelism cost of %d to %d", h.Parallelism, p)
|
||||
}
|
||||
if h.Parallelism <= 0 {
|
||||
return errors.Errorf("parallelism=%d is not positive", h.Parallelism)
|
||||
|
||||
minT := int64(1)
|
||||
maxT := int64(math.MaxUint32)
|
||||
if h.Time < minT || h.Time > maxT {
|
||||
return errors.Errorf("time cost %d is not in range [%d, %d]", h.Time, minT, maxT)
|
||||
}
|
||||
minMemory := 8 * h.Parallelism
|
||||
if h.Memory < minMemory {
|
||||
return errors.Errorf("memory=%d is less than minimum (%d)", h.Memory, minMemory)
|
||||
|
||||
minM := 8 * int64(p)
|
||||
maxM := int64(math.MaxUint32)
|
||||
if h.Memory < minM || h.Memory > maxM {
|
||||
return errors.Errorf("memory cost %d KiB is not in range [%d, %d]", h.Memory, minM, maxM)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
36
vendor/github.com/google/fscrypt/metadata/config.go
generated
vendored
36
vendor/github.com/google/fscrypt/metadata/config.go
generated
vendored
@ -29,31 +29,39 @@ package metadata
|
||||
import (
|
||||
"io"
|
||||
|
||||
"github.com/golang/protobuf/jsonpb"
|
||||
"google.golang.org/protobuf/encoding/protojson"
|
||||
)
|
||||
|
||||
// WriteConfig outputs the Config data as nicely formatted JSON
|
||||
func WriteConfig(config *Config, out io.Writer) error {
|
||||
m := jsonpb.Marshaler{
|
||||
EmitDefaults: true,
|
||||
EnumsAsInts: false,
|
||||
Indent: "\t",
|
||||
OrigName: true,
|
||||
m := protojson.MarshalOptions{
|
||||
Multiline: true,
|
||||
Indent: "\t",
|
||||
UseProtoNames: true,
|
||||
UseEnumNumbers: false,
|
||||
EmitUnpopulated: true,
|
||||
}
|
||||
if err := m.Marshal(out, config); err != nil {
|
||||
bytes, err := m.Marshal(config)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
_, err := out.Write([]byte{'\n'})
|
||||
if _, err = out.Write(bytes); err != nil {
|
||||
return err
|
||||
}
|
||||
_, err = out.Write([]byte{'\n'})
|
||||
return err
|
||||
}
|
||||
|
||||
// ReadConfig writes the JSON data into the config structure
|
||||
func ReadConfig(in io.Reader) (*Config, error) {
|
||||
config := new(Config)
|
||||
// Allow (and ignore) unknown fields for forwards compatibility.
|
||||
u := jsonpb.Unmarshaler{
|
||||
AllowUnknownFields: true,
|
||||
bytes, err := io.ReadAll(in)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return config, u.Unmarshal(in, config)
|
||||
config := new(Config)
|
||||
// Discard unknown fields for forwards compatibility.
|
||||
u := protojson.UnmarshalOptions{
|
||||
DiscardUnknown: true,
|
||||
}
|
||||
return config, u.Unmarshal(bytes, config)
|
||||
}
|
||||
|
1115
vendor/github.com/google/fscrypt/metadata/metadata.pb.go
generated
vendored
1115
vendor/github.com/google/fscrypt/metadata/metadata.pb.go
generated
vendored
File diff suppressed because it is too large
Load Diff
8
vendor/github.com/google/fscrypt/metadata/metadata.proto
generated
vendored
8
vendor/github.com/google/fscrypt/metadata/metadata.proto
generated
vendored
@ -19,15 +19,20 @@
|
||||
* the License.
|
||||
*/
|
||||
|
||||
// If you modify this file, be sure to run "go generate" on this package.
|
||||
// If the *.proto file is modified, be sure to run "make gen" (at the project
|
||||
// root) to recreate the *.pb.go file.
|
||||
syntax = "proto3";
|
||||
package metadata;
|
||||
|
||||
option go_package = "github.com/google/fscrypt/metadata";
|
||||
|
||||
// Cost parameters to be used in our hashing functions.
|
||||
message HashingCosts {
|
||||
int64 time = 2;
|
||||
int64 memory = 3;
|
||||
int64 parallelism = 4;
|
||||
// If true, parallelism should no longer be truncated to 8 bits.
|
||||
bool truncation_fixed = 5;
|
||||
}
|
||||
|
||||
// This structure is used for our authenticated wrapping/unwrapping of keys.
|
||||
@ -73,6 +78,7 @@ message EncryptionOptions {
|
||||
AES_128_CBC = 5;
|
||||
AES_128_CTS = 6;
|
||||
Adiantum = 9;
|
||||
AES_256_HCTR2 = 10;
|
||||
}
|
||||
|
||||
Mode contents = 2;
|
||||
|
25
vendor/github.com/google/fscrypt/metadata/policy.go
generated
vendored
25
vendor/github.com/google/fscrypt/metadata/policy.go
generated
vendored
@ -94,7 +94,7 @@ func (err *ErrNotEncrypted) Error() string {
|
||||
return fmt.Sprintf("file or directory %q is not encrypted", err.Path)
|
||||
}
|
||||
|
||||
func policyIoctl(file *os.File, request uintptr, arg unsafe.Pointer) error {
|
||||
func getPolicyIoctl(file *os.File, request uintptr, arg unsafe.Pointer) error {
|
||||
_, _, errno := unix.Syscall(unix.SYS_IOCTL, file.Fd(), request, uintptr(arg))
|
||||
if errno == 0 {
|
||||
return nil
|
||||
@ -102,6 +102,19 @@ func policyIoctl(file *os.File, request uintptr, arg unsafe.Pointer) error {
|
||||
return errno
|
||||
}
|
||||
|
||||
func setPolicy(file *os.File, arg unsafe.Pointer) error {
|
||||
_, _, errno := unix.Syscall(unix.SYS_IOCTL, file.Fd(), unix.FS_IOC_SET_ENCRYPTION_POLICY, uintptr(arg))
|
||||
if errno != 0 {
|
||||
return errno
|
||||
}
|
||||
|
||||
if err := file.Sync(); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// Maps EncryptionOptions.Padding <-> FSCRYPT_POLICY_FLAGS
|
||||
var (
|
||||
paddingArray = []int64{4, 8, 16, 32}
|
||||
@ -159,10 +172,10 @@ func GetPolicy(path string) (*PolicyData, error) {
|
||||
var arg unix.FscryptGetPolicyExArg
|
||||
arg.Size = uint64(unsafe.Sizeof(arg.Policy))
|
||||
policyPtr := util.Ptr(arg.Policy[:])
|
||||
err = policyIoctl(file, unix.FS_IOC_GET_ENCRYPTION_POLICY_EX, unsafe.Pointer(&arg))
|
||||
err = getPolicyIoctl(file, unix.FS_IOC_GET_ENCRYPTION_POLICY_EX, unsafe.Pointer(&arg))
|
||||
if err == unix.ENOTTY {
|
||||
// Fall back to the old version of the ioctl. This works for v1 policies only.
|
||||
err = policyIoctl(file, unix.FS_IOC_GET_ENCRYPTION_POLICY, policyPtr)
|
||||
err = getPolicyIoctl(file, unix.FS_IOC_GET_ENCRYPTION_POLICY, policyPtr)
|
||||
arg.Size = uint64(unsafe.Sizeof(unix.FscryptPolicyV1{}))
|
||||
}
|
||||
switch err {
|
||||
@ -235,7 +248,7 @@ func setV1Policy(file *os.File, options *EncryptionOptions, descriptorBytes []by
|
||||
}
|
||||
copy(policy.Master_key_descriptor[:], descriptorBytes)
|
||||
|
||||
return policyIoctl(file, unix.FS_IOC_SET_ENCRYPTION_POLICY, unsafe.Pointer(&policy))
|
||||
return setPolicy(file, unsafe.Pointer(&policy))
|
||||
}
|
||||
|
||||
func setV2Policy(file *os.File, options *EncryptionOptions, descriptorBytes []byte) error {
|
||||
@ -252,7 +265,7 @@ func setV2Policy(file *os.File, options *EncryptionOptions, descriptorBytes []by
|
||||
}
|
||||
copy(policy.Master_key_identifier[:], descriptorBytes)
|
||||
|
||||
return policyIoctl(file, unix.FS_IOC_SET_ENCRYPTION_POLICY, unsafe.Pointer(&policy))
|
||||
return setPolicy(file, unsafe.Pointer(&policy))
|
||||
}
|
||||
|
||||
// SetPolicy sets up the specified directory to be encrypted with the specified
|
||||
@ -332,7 +345,7 @@ func CheckSupport(path string) error {
|
||||
Flags: math.MaxUint8,
|
||||
}
|
||||
|
||||
err = policyIoctl(file, unix.FS_IOC_SET_ENCRYPTION_POLICY, unsafe.Pointer(&badPolicy))
|
||||
err = setPolicy(file, unsafe.Pointer(&badPolicy))
|
||||
switch err {
|
||||
case nil:
|
||||
log.Panicf(`FS_IOC_SET_ENCRYPTION_POLICY succeeded when it should have failed.
|
||||
|
4
vendor/modules.txt
vendored
4
vendor/modules.txt
vendored
@ -228,8 +228,8 @@ github.com/golang/protobuf/ptypes/wrappers
|
||||
# github.com/golang/snappy v0.0.4
|
||||
## explicit
|
||||
github.com/golang/snappy
|
||||
# github.com/google/fscrypt v0.3.3
|
||||
## explicit; go 1.11
|
||||
# github.com/google/fscrypt v0.3.4
|
||||
## explicit; go 1.16
|
||||
github.com/google/fscrypt/actions
|
||||
github.com/google/fscrypt/crypto
|
||||
github.com/google/fscrypt/filesystem
|
||||
|
Loading…
Reference in New Issue
Block a user