* refactor(general): clarify comments
* refactor(general): rename `repodiag.logWriteSyncer`
This name reflects:
- the function of the struct; and
- the interface it implements (`zapcore.WriteSyncer`)
This name reflects the function of the struct / type.
The previous name (`Writer`) conveyed that this type
implemented the `Writer` interface / `Write` function,
which it does not.
Generalize a couple of functions in the units package using generics.
This allows removing duplicate code and simplifying callers by removing unnecessary integer conversions.
Additional cleanups:
- make "/s" part of the Printf format string ;
- simplify setSizeMBParameter;
- generalize cli.maybeHumanReadable*` helpers;
- remove unneeded receiver in commandRepositorySetParameters helpers.
Cleanups:
- use non-format variants of Log/Print with no additional args;
- fold in Fprintf call with no args into the following one;
- add missing arg placeholder in format strings;
- use require.Positive instead of Greater(..., 0);
- rename function to fillWithZeros to avoid collision with builtin clear;
- define type for context key to avoid collisions.
Objectives:
- Facilitate the generation of valid password hashes that can be used with
the `server user --user-password` CLI command.
- Encapsulate implementation details of password hashing in
the `user` package.
Adds a new `server user hash-password` CLI command to generate the
hash from a supplied password.
Modifies the `server user set/add --user-password-hash` CLI command
to accept the password hash generated using the `hash-password`
command.
Adds `GetNewProfile(ctx, rep, username)` helper to move implementation
details to the `user` package.
Includes CLI and unit tests.
Cleans up and removes unused functions.
Use non-formatting logging functions for message without formatting.
For example, `log.Info("message")` instead of `log.Infof("message")`
Configure linter for printf-like functions
Followup cleanup for #3919
All the changes are in the `epoch` package
Summary:
- Removal of now unused code and tests.
- Refactoring to simplify test and remove a linter annotation.
- Fix a typo
While the current implementation should not produce non-contiguous
ranges, this invariant check may be too stringent, in particular for
repositories created and mutated by older kopia (client) processes.
For backwards compatibility the check is relaxed to allow operations to
proceed in older repositories.
Rationale: this code path is primarily executed from the server. A
potential error, say from a corrupt, unsupported or otherwise invalid
user profile should not cause the server to panic (and crash).
It is possible for `computePasswordHash` to return an error, not just an
impossibility.
Test refactoring:
- use 'require' in user profile tests;
- move test case to TestBadPasswordHashVersion;
- update comments in test.
Motivation: avoid making accidental decisions based on all-zeros content
in the future.
While the dummy hash is a non-zero-value slice, that is it is non-empty
(thus not nil), it is still the default value produced by
`make([]byte, salt + hashLength)`, and it is possible to accidentally
compare and have a positive match against a newly initialized slice.
Changing the minimum salt length of Pbkdf2 key derivation
algorithm to the NIST recommended minimum of 16 bytes.
This matches the minimum salt for scrypt-based key derivation.
Previously, empty master keys were passed to the underlying
cryptographic primitives (HKDF, AEAD, etc.).
While this worked because the authentication mechanisms returned an
error, it's best to avoid passing empty master keys to these primitives
in the first place. This refactor avoids passing empty master keys and
enforces this via an assertion in the key derivation function.
Code movement and simplification, no functional changes.
Objectives:
- Allow callers specifying the needed key (or hash) size, instead of
hard-coding it in the registered PBK derivers. Conceptually, the caller
needs to specify the key size, since that is a requirement of the
(encryption) algorithm being used in the caller. Now, the code changes
here do not result in any functional changes since the key size is
always 32 bytes.
- Remove a global definition for the default PB key deriver to use.
Instead, each of the 3 use case sets the default value.
Changes:
- `crypto.DeriveKeyFromPassword` now takes a key size.
- Adds new constants for the key sizes at the callers.
- Removes the global `crypto.MasterKeySize` const.
- Removes the global `crypto.DefaultKeyDerivationAlgorithm` const.
- Adds const for the default derivation algorithms for each use case.
- Adds a const for the salt length in the `internal/user` package, to ensure
the same salt length is used in both hash versions.
- Unexports various functions, variables and constants in the `internal/crypto`
& `internal/user` packages.
- Renames various constants for consistency.
- Removes unused functions and symbols.
- Renames files to be consistent and better reflect the structure of the code.
- Adds a couple of tests to ensure the const values are in sync and supported.
- Fixes a couple of typos
Followups to:
- #3725
- #3770
- #3779
- #3799
- #3816
The individual commits show the code transformations to simplify the
review of the changes.
Reverts to using the `PasswordHashVersion` in the user profile.
Adds a simple mechanism for translating between password hash
version and the corresponding password hashing algorithm (key
derivation algorithm).
* User profile add set cli changes
* Add additional test
* get salt length from key deriver
* Fixes for failing tests
* after shikhars review
* lint fixes
* Add multi-language support
* Adding a guidline to outline the localisation process.
* Moved doc to separate pr
---------
Co-authored-by: lupusA <lupuapps@gmail.com>
Avoid minio allocations by implementing `ReadAt` function.
This change causes Minio libraries to reduce memory allocations.
Specifically, buffer allocations for S3 upload.
Add tests for new functionality.
---------
Co-authored-by: Shikhar Mall <shikhar.mall@veeam.com>
Co-authored-by: Nick <nick@kasten.io>
Change default 'allowWritesOnIndexLoad' to false when env var is unset
Add TestNoEpochAdvanceOnIndexRead
Ref:
- Followup to #3645
- Avoid index (epoch) cleanup and compaction during index reads #3638
- Make "read" commands/operations really read-only. #3639
Add:
- epoch.Manager.MaybeCompactSingleEpoch
- getCompactedEpochRange helper
- oldestUncompactedEpoch helper
- TestOldestUncompactedEpoch
- Tests for MaybeCompactSingleEpoch
Ref:
- Subset and dependency of #3651
- Depends on #3735
- Avoid index (epoch) cleanup and compaction during index reads #3638
- Make "read" commands/operations really read-only. #3639
Refactoring for the original implementation with intRange and
getKeyRange from closed-open ranges [lo, hi) to closed ranges: [lo, hi].
The primary motivation is for consistency with the implementation
of epoch.RangeMetadata in the same package, and thus avoid
confusion and reduce cognitive load.
Changes:
- adds a getContiguousKeyRange wrapper that checks for contiguity.
- getKeyRange simply returns a range with minimum and maximum
values for the keys in the map.
- changes the range implementation from closed-open ranges [lo, hi)
to closed ranges: [lo, hi] where both lo and hi are included in the range.
- Additional unit tests are included.
- renames intRange to closedIntRange to reflect new functionality.
Ref:
- Follow up refactor(general): add epoch.getKeyRange helper #3721
- Needed for refactor(general): add epoch.Manager.MaybeCompactSingleEpoch #3728
- Avoid index (epoch) cleanup and compaction during index reads #3638
