Applying macos fix to version 2.6.0

rafjaf · rafjaf · commit 1867ecbc02f8 · 2025-07-20T17:18:40.000+02:00
diff --git a/go.mod b/go.mod
@@ -1,6 +1,8 @@
 module github.com/rfjakob/gocryptfs/v2
 
-go 1.19
+go 1.23.0
+
+toolchain go1.24.4
 
 require (
 	github.com/aperturerobotics/jacobsa-crypto v1.1.0
@@ -14,3 +16,5 @@ require (
 	golang.org/x/sys v0.30.0
 	golang.org/x/term v0.29.0
 )
+
+require golang.org/x/text v0.27.0 // indirect
diff --git a/go.sum b/go.sum
@@ -32,6 +32,8 @@ golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
 golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU=
 golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s=
+golang.org/x/text v0.27.0 h1:4fGWRpyh641NLlecmyl4LOe6yDdfaYNrGb2zdfo4JV4=
+golang.org/x/text v0.27.0/go.mod h1:1D28KMCvyooCX9hBiosv5Tz/+YLxj0j7XhWjpSUF7CU=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/internal/fusefrontend/file_dir_ops.go b/internal/fusefrontend/file_dir_ops.go
@@ -138,6 +138,8 @@ func (f *File) Readdirent(ctx context.Context) (entry *fuse.DirEntry, errno sysc
 			continue
 		}
 		if f.rootNode.args.PlaintextNames {
+			// Even in plaintext mode, normalize for macOS display
+			entry.Name = normalizeFilenameForDisplay(cName)
 			return
 		}
 		if !f.rootNode.args.DeterministicNames && cName == nametransform.DirIVFilename {
@@ -171,7 +173,7 @@ func (f *File) Readdirent(ctx context.Context) (entry *fuse.DirEntry, errno sysc
 		}
 		// Override the ciphertext name with the plaintext name but reuse the rest
 		// of the structure
-		entry.Name = name
+		entry.Name = normalizeFilenameForDisplay(name)
 		return
 	}
 }
diff --git a/internal/fusefrontend/node.go b/internal/fusefrontend/node.go
@@ -140,6 +140,7 @@ func (n *Node) Access(ctx context.Context, mode uint32) syscall.Errno {
 //
 // Symlink-safe through use of Unlinkat().
 func (n *Node) Unlink(ctx context.Context, name string) (errno syscall.Errno) {
+	name = normalizeFilename(name) // Always store as NFC
 	dirfd, cName, errno := n.prepareAtSyscall(name)
 	if errno != 0 {
 		return
@@ -274,6 +275,7 @@ func (n *Node) Statfs(ctx context.Context, out *fuse.StatfsOut) syscall.Errno {
 //
 // Symlink-safe through use of Mknodat().
 func (n *Node) Mknod(ctx context.Context, name string, mode, rdev uint32, out *fuse.EntryOut) (inode *fs.Inode, errno syscall.Errno) {
+	name = normalizeFilename(name) // Always store as NFC
 	dirfd, cName, errno := n.prepareAtSyscall(name)
 	if errno != 0 {
 		return
@@ -329,6 +331,7 @@ func (n *Node) Mknod(ctx context.Context, name string, mode, rdev uint32, out *f
 //
 // Symlink-safe through use of Linkat().
 func (n *Node) Link(ctx context.Context, target fs.InodeEmbedder, name string, out *fuse.EntryOut) (inode *fs.Inode, errno syscall.Errno) {
+	name = normalizeFilename(name) // Always store as NFC
 	dirfd, cName, errno := n.prepareAtSyscall(name)
 	if errno != 0 {
 		return
@@ -379,6 +382,7 @@ func (n *Node) Link(ctx context.Context, target fs.InodeEmbedder, name string, o
 //
 // Symlink-safe through use of Symlinkat.
 func (n *Node) Symlink(ctx context.Context, target, name string, out *fuse.EntryOut) (inode *fs.Inode, errno syscall.Errno) {
+	name = normalizeFilename(name) // Always store as NFC
 	dirfd, cName, errno := n.prepareAtSyscall(name)
 	if errno != 0 {
 		return
@@ -451,6 +455,9 @@ func (n *Node) Rename(ctx context.Context, name string, newParent fs.InodeEmbedd
 		return errno
 	}
 
+	name = normalizeFilename(name)       // Always store as NFC  
+	newName = normalizeFilename(newName) // Always store as NFC
+
 	dirfd, cName, errno := n.prepareAtSyscall(name)
 	if errno != 0 {
 		return
diff --git a/internal/fusefrontend/node_dir_ops.go b/internal/fusefrontend/node_dir_ops.go
@@ -6,8 +6,10 @@ import (
 	"io"
 	"runtime"
 	"syscall"
+	"unicode/utf8"
 
 	"golang.org/x/sys/unix"
+	"golang.org/x/text/unicode/norm"
 
 	"github.com/hanwen/go-fuse/v2/fs"
 	"github.com/hanwen/go-fuse/v2/fuse"
@@ -20,6 +22,22 @@ import (
 
 const dsStoreName = ".DS_Store"
 
+// normalizeFilename converts filenames to NFC for consistent internal storage
+func normalizeFilename(name string) string {
+	if runtime.GOOS == "darwin" && utf8.ValidString(name) {
+		return norm.NFC.String(name)
+	}
+	return name
+}
+
+// normalizeFilenameForDisplay converts NFC to NFD for macOS GUI compatibility
+func normalizeFilenameForDisplay(name string) string {
+	if runtime.GOOS == "darwin" && utf8.ValidString(name) {
+		return norm.NFD.String(name)
+	}
+	return name
+}
+
 // haveDsstore return true if one of the entries in "names" is ".DS_Store".
 func haveDsstore(entries []fuse.DirEntry) bool {
 	for _, e := range entries {
@@ -70,6 +88,7 @@ func (n *Node) mkdirWithIv(dirfd int, cName string, mode uint32, context *fuse.C
 //
 // Symlink-safe through use of Mkdirat().
 func (n *Node) Mkdir(ctx context.Context, name string, mode uint32, out *fuse.EntryOut) (*fs.Inode, syscall.Errno) {
+	name = normalizeFilename(name) // Always store as NFC
 	dirfd, cName, errno := n.prepareAtSyscall(name)
 	if errno != 0 {
 		return nil, errno
diff --git a/internal/fusefrontend/node_open_create.go b/internal/fusefrontend/node_open_create.go
@@ -58,6 +58,7 @@ func (n *Node) Open(ctx context.Context, flags uint32) (fh fs.FileHandle, fuseFl
 //
 // Symlink-safe through the use of Openat().
 func (n *Node) Create(ctx context.Context, name string, flags uint32, mode uint32, out *fuse.EntryOut) (inode *fs.Inode, fh fs.FileHandle, fuseFlags uint32, errno syscall.Errno) {
+	name = normalizeFilename(name) // Always store as NFC
 	dirfd, cName, errno := n.prepareAtSyscall(name)
 	if errno != 0 {
 		return
diff --git a/internal/fusefrontend/node_prepare_syscall.go b/internal/fusefrontend/node_prepare_syscall.go
@@ -1,7 +1,11 @@
 package fusefrontend
 
 import (
+	"runtime"
 	"syscall"
+	"unicode/utf8"
+
+	"golang.org/x/text/unicode/norm"
 
 	"github.com/rfjakob/gocryptfs/v2/internal/tlog"
 
@@ -10,12 +14,10 @@ import (
 	"github.com/rfjakob/gocryptfs/v2/internal/syscallcompat"
 )
 
-// prepareAtSyscall returns a (dirfd, cName) pair that can be used
-// with the "___at" family of system calls (openat, fstatat, unlinkat...) to
-// access the backing encrypted child file.
-func (n *Node) prepareAtSyscall(child string) (dirfd int, cName string, errno syscall.Errno) {
+// prepareAtSyscallDirect is the direct version without Unicode normalization fallback
+func (n *Node) prepareAtSyscallDirect(child string) (dirfd int, cName string, errno syscall.Errno) {
 	if child == "" {
-		tlog.Warn.Printf("BUG: prepareAtSyscall: child=%q, should have called prepareAtSyscallMyself", child)
+		tlog.Warn.Printf("BUG: prepareAtSyscallDirect: child=%q, should have called prepareAtSyscallMyself", child)
 		return n.prepareAtSyscallMyself()
 	}
 
@@ -92,6 +94,116 @@ func (n *Node) prepareAtSyscall(child string) (dirfd int, cName string, errno sy
 	return
 }
 
+// migrateFilename migrates a filename from NFD to NFC form
+func (n *Node) migrateFilename(oldName, newName string) syscall.Errno {
+	if oldName == newName {
+		return 0 // Nothing to do
+	}
+
+	rn := n.rootNode()
+	
+	// Get directory file descriptor
+	dirfd, _, errno := n.prepareAtSyscallMyself()
+	if errno != 0 {
+		return errno
+	}
+	defer syscall.Close(dirfd)
+
+	// For plaintext names: simple rename
+	if rn.args.PlaintextNames {
+		err := syscallcompat.Renameat(dirfd, oldName, dirfd, newName)
+		return fs.ToErrno(err)
+	}
+
+	// For encrypted names: encrypt both names and rename
+	iv, err := rn.nameTransform.ReadDirIVAt(dirfd)
+	if err != nil {
+		return fs.ToErrno(err)
+	}
+
+	var encryptName func(int, string, []byte) (string, error)
+	if rn.nameTransform.HaveBadnamePatterns() {
+		encryptName = func(dirfd int, child string, iv []byte) (string, error) {
+			return rn.nameTransform.EncryptAndHashBadName(child, iv, dirfd)
+		}
+	} else {
+		encryptName = func(dirfd int, child string, iv []byte) (string, error) {
+			return rn.nameTransform.EncryptAndHashName(child, iv)
+		}
+	}
+
+	oldCName, err := encryptName(dirfd, oldName, iv)
+	if err != nil {
+		return fs.ToErrno(err)
+	}
+
+	newCName, err := encryptName(dirfd, newName, iv)
+	if err != nil {
+		return fs.ToErrno(err)
+	}
+
+	err = syscallcompat.Renameat(dirfd, oldCName, dirfd, newCName)
+	return fs.ToErrno(err)
+}
+
+// prepareAtSyscall returns a (dirfd, cName) pair that can be used
+// with the "___at" family of system calls (openat, fstatat, unlinkat...) to
+// access the backing encrypted child file.
+func (n *Node) prepareAtSyscall(child string) (dirfd int, cName string, errno syscall.Errno) {
+	if child == "" {
+		tlog.Warn.Printf("BUG: prepareAtSyscall: child=%q, should have called prepareAtSyscallMyself", child)
+		return n.prepareAtSyscallMyself()
+	}
+
+	// On macOS, implement Unicode normalization with fallback and migration
+	if runtime.GOOS == "darwin" && utf8.ValidString(child) {
+		// Step 1: Always try NFC first (canonical storage form)
+		normalizedChild := norm.NFC.String(child)
+		dirfd, cName, errno = n.prepareAtSyscallDirect(normalizedChild)
+		if errno == 0 {
+			return dirfd, cName, 0 // Found NFC version
+		}
+
+		// Step 2: Try alternate form if input was different
+		if normalizedChild != child {
+			// Input was NFD, try original NFD form
+			dirfdNFD, cNameNFD, errnoNFD := n.prepareAtSyscallDirect(child)
+			if errnoNFD == 0 {
+				// Found NFD file - migrate it to NFC
+				if errno := n.migrateFilename(child, normalizedChild); errno == 0 {
+					// Migration successful, use NFC
+					syscall.Close(dirfdNFD) // Close the NFD dirfd
+					return n.prepareAtSyscallDirect(normalizedChild)
+				} else {
+					// Migration failed, use NFD
+					return dirfdNFD, cNameNFD, 0
+				}
+			}
+		}
+
+		// Step 3: If input was NFC, also try NFD as fallback
+		if normalizedChild == child {
+			nfdChild := norm.NFD.String(child)
+			if nfdChild != child {
+				dirfdNFD, cNameNFD, errnoNFD := n.prepareAtSyscallDirect(nfdChild)
+				if errnoNFD == 0 {
+					// Found NFD file - migrate it to NFC
+					if errno := n.migrateFilename(nfdChild, normalizedChild); errno == 0 {
+						// Migration successful, use NFC
+						syscall.Close(dirfdNFD) // Close the NFD dirfd
+						return n.prepareAtSyscallDirect(normalizedChild)
+					} else {
+						// Migration failed, use NFD
+						return dirfdNFD, cNameNFD, 0
+					}
+				}
+			}
+		}
+	}
+
+	return n.prepareAtSyscallDirect(child) // Non-macOS or fallback
+}
+
 func (n *Node) prepareAtSyscallMyself() (dirfd int, cName string, errno syscall.Errno) {
 	dirfd = -1
 
diff --git a/internal/fusefrontend_reverse/node_dir_ops.go b/internal/fusefrontend_reverse/node_dir_ops.go
@@ -3,7 +3,9 @@ package fusefrontend_reverse
 import (
 	"context"
 	"fmt"
+	"runtime"
 	"syscall"
+	"unicode/utf8"
 
 	"golang.org/x/sys/unix"
 
@@ -116,3 +118,14 @@ func (n *Node) readdirPlaintextnames(entries []fuse.DirEntry) (stream fs.DirStre
 	}
 	return fs.NewListDirStream(entries), 0
 }
+
+// normalizeFilenameForDisplay converts stored filenames to the form expected by macOS GUI.
+// In reverse mode, we present the plaintext files as-is, but ensure proper display normalization.
+func normalizeFilenameForDisplay(name string) string {
+	if runtime.GOOS == "darwin" && utf8.ValidString(name) {
+		// For reverse mode, we typically want to preserve the original normalization
+		// of the plaintext files, but ensure they display correctly
+		return name
+	}
+	return name
+}
diff --git a/internal/fusefrontend_reverse/rpath.go b/internal/fusefrontend_reverse/rpath.go
@@ -4,8 +4,12 @@ import (
 	"encoding/base64"
 	"log"
 	"path/filepath"
+	"runtime"
 	"strings"
 	"syscall"
+	"unicode/utf8"
+
+	"golang.org/x/text/unicode/norm"
 
 	"github.com/rfjakob/gocryptfs/v2/internal/nametransform"
 	"github.com/rfjakob/gocryptfs/v2/internal/pathiv"
@@ -35,6 +39,33 @@ func (rfs *RootNode) rDecryptName(cName string, dirIV []byte, pDir string) (pNam
 			}
 			return "", err
 		}
+		
+		// On macOS, handle Unicode normalization fallback for reverse mode
+		if runtime.GOOS == "darwin" && utf8.ValidString(pName) {
+			// Check if the decrypted name actually exists on disk
+			pPath := filepath.Join(rfs.args.Cipherdir, pDir, pName)
+			var st syscall.Stat_t
+			if statErr := syscall.Stat(pPath, &st); statErr != nil {
+				// Try the alternate Unicode form
+				var alternateName string
+				if norm.NFC.String(pName) == pName {
+					// pName is NFC, try NFD
+					alternateName = norm.NFD.String(pName)
+				} else {
+					// pName is NFD (or mixed), try NFC
+					alternateName = norm.NFC.String(pName)
+				}
+				
+				if alternateName != pName {
+					alternatePath := filepath.Join(rfs.args.Cipherdir, pDir, alternateName)
+					var altSt syscall.Stat_t
+					if altStatErr := syscall.Stat(alternatePath, &altSt); altStatErr == nil {
+						// The alternate form exists, use it
+						return alternateName, nil
+					}
+				}
+			}
+		}
 	} else if nameType == nametransform.LongNameContent {
 		dirfd, err := syscallcompat.OpenDirNofollow(rfs.args.Cipherdir, filepath.Dir(pDir))
 		if err != nil {

Original file line number	Diff line number	Diff line change
`@@ -138,6 +138,8 @@ func (f File) Readdirent(ctx context.Context) (entry fuse.DirEntry, errno sysc`
`138`	`138`	`continue`
`139`	`139`	`}`
`140`	`140`	`if f.rootNode.args.PlaintextNames {`
	`141`	`+ // Even in plaintext mode, normalize for macOS display`
	`142`	`+ entry.Name = normalizeFilenameForDisplay(cName)`
`141`	`143`	`return`
`142`	`144`	`}`
`143`	`145`	`if !f.rootNode.args.DeterministicNames && cName == nametransform.DirIVFilename {`
`@@ -171,7 +173,7 @@ func (f File) Readdirent(ctx context.Context) (entry fuse.DirEntry, errno sysc`
`171`	`173`	`}`
`172`	`174`	`// Override the ciphertext name with the plaintext name but reuse the rest`
`173`	`175`	`// of the structure`
`174`		`- entry.Name = name`
	`176`	`+ entry.Name = normalizeFilenameForDisplay(name)`
`175`	`177`	`return`
`176`	`178`	`}`
`177`	`179`	`}`