gui, man: Update docs & translations

This change sorts the language selection menu in Syncthing's home page so
that the languages are displayed alphabetically. The issue was discussed in
#3813. There were few ways of doing this. Sorting the language names in
transifix file did not work due to access control. So I sorted the languages
directly in languageSelectdirective.js by inverting and sorting the language
info retrieved from localeService.js.

GitHub-Pull-Request: https://github.com/syncthing/syncthing/pull/4052

.gitattributes

@@ -6,4 +6,3 @@ vendor/**   -text=auto
 
 # Diffs on these files are meaningless
 *.svg           -diff
-*.pb.go         -diff

.gitignore

@@ -5,6 +5,7 @@ stdiscosrv.exe
 *.tar.gz
 *.zip
 *.asc
+*.deb
 .jshintrc
 coverage.out
 files/pidx
@@ -15,3 +16,4 @@ syncthing.sig
 RELEASE
 deb
 lib/auto/gui.files.go
+snapcraft.yaml

AUTHORS

@@ -6,7 +6,8 @@
 # The NICKS list is auto generated from this file.
 
 Aaron Bieber (qbit) <qbit@deftly.net>
-Adam Piggott (simplypeachy) <aD@simplypeachy.co.uk> <simplypeachy@users.noreply.github.com>
+Adam Piggott (ProactiveServices) <aD@simplypeachy.co.uk> <simplypeachy@users.noreply.github.com> <ProactiveServices@users.noreply.github.com>
+Adel Qalieh (adelq) <aqalieh95@gmail.com> <adelq@users.noreply.github.com>
 Alessandro G. (alessandro.g89) <alessandro.g89@gmail.com>
 Alexander Graf (alex2108) <register-github@alex-graf.de>
 Alexandre Viau (aviau) <alexandre@alexandreviau.net> <aviau@debian.org>
@@ -20,6 +21,7 @@ Audrius Butkevicius (AudriusButkevicius) <audrius.butkevicius@gmail.com>
 Bart De Vries (mogwa1) <devriesb@gmail.com>
 Ben Curthoys (bencurthoys) <ben@bencurthoys.com>
 Ben Schulz (uok) <ueomkail@gmail.com> <uok@users.noreply.github.com>
+Ben Shepherd (benshep) <bjashepherd@gmail.com>
 Ben Sidhom (bsidhom) <bsidhom@gmail.com>
 Benny Ng (tpng) <benny.tpng@gmail.com>
 Brandon Philips (philips) <brandon@ifup.org>
@@ -48,12 +50,14 @@ Felix Unterpaintner (bigbear2nd) <bigbear2nd@gmail.com>
 Francois-Xavier Gsell (zukoo) <fxgsell@gmail.com>
 Frank Isemann (fti7) <frank@isemann.name>
 Gilli Sigurdsson (gillisig) <gilli@vx.is>
+Heiko Zuerker (Smiley73) <heiko@zuerker.org>
 Jaakko Hannikainen (jgke) <jgke@jgke.fi>
 Jacek Szafarkiewicz (hadogenes) <szafar@linux.pl>
 Jake Peterson (acogdev) <jake@acogdev.com>
 Jakob Borg (calmh) <jakob@nym.se> <jakob@kastelo.net>
 James Patterson (jpjp) <jamespatterson@operamail.com> <jpjp@users.noreply.github.com>
 Jaroslav Malec (dzarda) <dzardacz@gmail.com>
+Jaya Chithra (jayachithra) <s.k.jayachithra@gmail.com>
 Jens Diemer (jedie) <github.com@jensdiemer.de> <git@jensdiemer.de>
 Jochen Voss (seehuhn) <voss@seehuhn.de>
 Johan Vromans (sciurius) <jvromans@squirrel.nl>
@@ -61,14 +65,18 @@ Karol Różycki (krozycki) <rozycki.karol@gmail.com>
 Kelong Cong (kc1212) <kc04bc@gmx.com> <kc1212@users.noreply.github.com>
 Ken'ichi Kamada (kamadak) <kamada@nanohz.org>
 Kevin Allen (ironmig) <kma1660@gmail.com>
+Kevin White, Jr. (kwhite17) <kevinwhite1710@gmail.com>
+Kurt Fitzner (Kudalufi) <kurt@va1der.ca>
 Lars K.W. Gohlke (lkwg82) <lkwg82@gmx.de>
 Laurent Etiemble (letiemble) <laurent.etiemble@gmail.com> <laurent.etiemble@monobjc.net>
+Leo Arias (elopio) <yo@elopio.net>
 Lode Hoste (Zillode) <zillode@zillode.be>
 Lord Landon Agahnim (LordLandon) <lordlandon@gmail.com>
 Majed Abdulaziz (majedev) <majed.alhajry@gmail.com>
 Marc Laporte (marclaporte) <marc@marclaporte.com> <marc@laporte.name>
 Marc Pujol (kilburn) <kilburn@la3.org>
 Marcin Dziadus (marcindziadus) <dziadus.marcin@gmail.com>
+Mark Pulford (mpx) <mark@kyne.com.au>
 Mateusz Naściszewski (mateon1) <matin1111@wp.pl>
 Matt Burke (burkemw3) <mburke@amplify.com> <burkemw3@gmail.com>
 Max Schulze (kralo) <max.schulze@online.de> <kralo@users.noreply.github.com>
@@ -76,24 +84,32 @@ Michael Jephcote (Rewt0r) <rewt0r@gmx.com> <Rewt0r@users.noreply.github.com>
 Michael Ploujnikov (plouj) <ploujj@gmail.com>
 Michael Tilli (pyfisch) <pyfisch@gmail.com>
 Nate Morrison (nrm21) <natemorrison@gmail.com>
+Niels Peter Roest (Niller303) <nielsproest@hotmail.com> <seje.niels@hotmail.com>
 Pascal Jungblut (pascalj) <github@pascalj.com> <mail@pascal-jungblut.com>
 Peter Hoeg (peterhoeg) <peter@speartail.com>
 Philippe Schommers (filoozoom) <philippe@schommers.be>
 Phill Luby (pluby) <phill.luby@newredo.com>
 Piotr Bejda (piobpl) <piotrb10@gmail.com>
+Robert Carosi (nov1n) <robert@carosi.nl>
+Roman Zaynetdinov (zaynetro) <romanznet@gmail.com>
 Ryan Sullivan (KayoticSully) <kayoticsully@gmail.com>
+Sacheendra Talluri (sacheendra) <sacheendra.t@gmail.com>
 Scott Klupfel (kluppy) <kluppy@going2blue.com>
 Sergey Mishin (ralder) <ralder@yandex.ru>
+Simon Frei (imsodin) <freisim93@gmail.com>
 Stefan Kuntz (Stefan-Code) <stefan.github@gmail.com> <Stefan.github@gmail.com>
 Stefan Tatschner (rumpelsepp) <stefan@sevenbyte.org> <rumpelsepp@sevenbyte.org>
 Tim Abell (timabell) <tim@timwise.co.uk>
+Tim Howes (timhowes) <timhowes@berkeley.edu>
 Tobias Nygren (tnn2) <tnn@nygren.pp.se>
 Tomas Cerveny (kozec) <kozec@kozec.com>
 Tully Robinson (tojrobinson) <tully@tojr.org>
 Tyler Brazier (tylerbrazier) <tyler@tylerbrazier.com>
+Unrud (Unrud) <unrud@openaliasbox.org> <Unrud@users.noreply.github.com>
 Veeti Paananen (veeti) <veeti.paananen@rojekti.fi>
 Victor Buinsky (buinsky) <vix_booja@tut.by>
 Vil Brekin (Vilbrekin) <vilbrekin@gmail.com>
 William A. Kennington III (wkennington) <william@wkennington.com>
 Wulf Weich (wweich) <wweich@users.noreply.github.com> <wweich@gmx.de>
+Xavier O. (damajor) <damajor@gmail.com>
 Yannic A. (eipiminus1) <eipiminusone+github@gmail.com> <eipiminus1@users.noreply.github.com>

CONTRIBUTING.md

@@ -33,12 +33,12 @@ latest info on Transifex.
 
 Every contribution is welcome. If you want to contribute but are unsure
 where to start, any open issues are fair game! See the [Contribution
-Guidelines](http://docs.syncthing.net/dev/contributing.html) for the full
+Guidelines](https://docs.syncthing.net/dev/contributing.html) for the full
 story on committing code.
 
 ## Contributing Documentation
 
-Updates to the [documentation site](http://docs.syncthing.net/) can be
+Updates to the [documentation site](https://docs.syncthing.net/) can be
 made as pull requests on the [documentation
 repository](https://github.com/syncthing/docs).
 

GOALS.md

@@ -0,0 +1,83 @@
+# The Syncthing Goals
+
+Syncthing is a **continuous file synchronization program**. It synchronizes
+files between two or more computers. We strive to fulfill the goals below.
+The goals are listed in order of importance, the most important one being
+the first.
+
+> "Syncing files" here is precise. It means we specifically exclude things
+> that are not files - calendar items, instant messages, and so on. If those
+> are in fact stored as files on disk, they can of course be synced as
+> files.
+
+Syncthing should be:
+
+### 1. Safe From Data Loss
+
+Protecting the user's data is paramount. We take every reasonable precaution
+to avoid corrupting the user's files.
+
+> This is the overriding goal, without which synchronizing files becomes
+> pointless. This means that we do not make unsafe trade offs for the sake
+> of performance or, in some cases, even usability.
+
+### 2. Secure Against Attackers
+
+Again, protecting the user's data is paramount. Regardless of our other
+goals we must never allow the user's data to be susceptible to eavesdropping
+or modification by unauthorized parties.
+
+> This should be understood in context. It is not necessarily reasonable to
+> expect Syncthing to be resistant against well equipped state level
+> attackers. We will however do our best. Note also that this is different
+> from anonymity which is not, currently, a goal.
+
+### 3. Easy to Use
+
+Syncthing should be approachable, understandable and inclusive.
+
+> Complex concepts and maths form the base of Synchting's functionality.
+> This should nonetheless be abstracted or hidden to a degree where
+> Syncthing is usable by the general public.
+
+### 4. Automatic
+
+User interaction should be required only when absolutely necessary.
+
+> Specifically this means that changes to files are picked up without
+> prompting, conflicts are resolved without prompting and connections are
+> maintained without prompting. We only prompt the user when it is required
+> to fulfill one of the (overriding) Secure, Safe or Easy goals.
+
+### 5. Universally Available
+
+Syncthing should run on every common computer. We are mindful that the
+latest technology is not always available to any given individual.
+
+> Computers include desktops, laptops, servers, virtual machines, small
+> general purpose computers such as Raspberry Pis and, *where possible*,
+> tablets and phones. NAS appliances, toasters, cars, firearms, thermostats
+> and so on may include computing capabitilies but it is not our goal for
+> Syncthing to run smoothly on these devices.
+
+### 6. For Individuals
+
+Syncthing is primarily about empowering the individual user with safe,
+secure and easy to use file synchronization.
+
+> We acknowledge that it's also useful in an enterprise setting and include
+> functionality to support that. If this is in conflict with the
+> requirements of the individual, those will however take priority.
+
+### 7. Everything Else
+
+There are many things we care about that don't make it on to the list. It is
+fine to optimize for these values as well, as long as they are not in
+conflict with the stated goals above.
+
+> For example, performance is a thing we care about. We just don't care more
+> about it than safety, security, etc. Maintainability of the code base and
+> providing entertainment value for the maintainers are also things that
+> matter. It is understood that there are aspects of Syncthing that are
+> suboptimal or even in opposition with the goals above. However, we
+> continuously strive to align Syncthing more and more with these goals.

LICENSE

@@ -357,7 +357,7 @@ Exhibit A - Source Code Form License Notice
 
   This Source Code Form is subject to the terms of the Mozilla Public
   License, v. 2.0. If a copy of the MPL was not distributed with this
-  file, You can obtain one at http://mozilla.org/MPL/2.0/.
+  file, You can obtain one at https://mozilla.org/MPL/2.0/.
 
 If it is not possible or desirable to put the notice in a particular
 file, then You may include the notice in a location (such as a LICENSE

NICKS

@@ -4,6 +4,8 @@
 0x010C <antoine.lamielle@0x010c.fr>
 0x010C <gh@0x010c.fr>
 acogdev <jake@acogdev.com>
+adelq <aqalieh95@gmail.com>
+adelq <adelq@users.noreply.github.com>
 alessandro.g89 <alessandro.g89@gmail.com>
 alex2108 <register-github@alex-graf.de>
 andersonvom <andersonvom@gmail.com>
@@ -13,6 +15,7 @@ AudriusButkevicius <audrius.butkevicius@gmail.com>
 aviau <alexandre@alexandreviau.net>
 aviau <aviau@debian.org>
 bencurthoys <ben@bencurthoys.com>
+benshep <bjashepherd@gmail.com>
 bigbear2nd <bigbear2nd@gmail.com>
 brbecker <brbecker@gmail.com>
 brendanlong <self@brendanlong.com>
@@ -31,11 +34,13 @@ cdata <chris@scriptolo.gy>
 cdhowie <me@chrishowie.com>
 ceh <emil@hessman.se>
 cqcallaw <enlightened.despot@gmail.com>
+damajor <damajor@gmail.com>
 dinosore <dinosore@dbrsoftware.co.uk>
 dva <denisva@gmail.com>
 dzarda <dzardacz@gmail.com>
 eipiminus1 <eipiminusone+github@gmail.com>
 eipiminus1 <eipiminus1@users.noreply.github.com>
+elopio <yo@elopio.net>
 facastagnini <federico.castagnini@gmail.com>
 filoozoom <philippe@schommers.be>
 frioux <frew@afoolishmanifesto.com>
@@ -43,8 +48,10 @@ frioux <frioux@gmail.com>
 fti7 <frank@isemann.name>
 gillisig <gilli@vx.is>
 hadogenes <szafar@linux.pl>
+imsodin <freisim93@gmail.com>
 ironmig <kma1660@gmail.com>
 jarlebring <jarlebring@gmail.com>
+jayachithra <s.k.jayachithra@gmail.com>
 jedie <github.com@jensdiemer.de>
 jedie <git@jensdiemer.de>
 jgke <jgke@jgke.fi>
@@ -60,6 +67,8 @@ kozec <kozec@kozec.com>
 kralo <max.schulze@online.de>
 kralo <kralo@users.noreply.github.com>
 krozycki <rozycki.karol@gmail.com>
+Kudalufi <kurt@va1der.ca>
+kwhite17 <kevinwhite1710@gmail.com>
 letiemble <laurent.etiemble@gmail.com>
 letiemble <laurent.etiemble@monobjc.net>
 lkwg82 <lkwg82@gmx.de>
@@ -72,10 +81,14 @@ mateon1 <matin1111@wp.pl>
 mogwa1 <devriesb@gmail.com>
 moshen <moshen.colin@gmail.com>
 Moter8 <moter8@gmail.com>
+mpx <mark@kyne.com.au>
 mvdan <mvdan@mvdan.cc>
+Niller303 <nielsproest@hotmail.com>
+Niller303 <seje.niels@hotmail.com>
 norgeous <daniel@harte.me>
 norgeous <daniel@danielharte.co.uk>
 norgeous <norgeous@users.noreply.github.com>
+nov1n <robert@carosi.nl>
 nrm21 <natemorrison@gmail.com>
 Nutomic <me@nutomic.com>
 pascalj <github@pascalj.com>
@@ -85,6 +98,9 @@ philips <brandon@ifup.org>
 piobpl <piotrb10@gmail.com>
 plouj <ploujj@gmail.com>
 pluby <phill.luby@newredo.com>
+ProactiveServices <aD@simplypeachy.co.uk>
+ProactiveServices <simplypeachy@users.noreply.github.com>
+ProactiveServices <ProactiveServices@users.noreply.github.com>
 pyfisch <pyfisch@gmail.com>
 qbit <qbit@deftly.net>
 ralder <ralder@yandex.ru>
@@ -92,19 +108,22 @@ Rewt0r <rewt0r@gmx.com>
 Rewt0r <Rewt0r@users.noreply.github.com>
 rumpelsepp <stefan@sevenbyte.org>
 rumpelsepp <rumpelsepp@sevenbyte.org>
+sacheendra <sacheendra.t@gmail.com>
 scienmind <scintertech@cryptolab.net>
 sciurius <jvromans@squirrel.nl>
 seehuhn <voss@seehuhn.de>
-simplypeachy <aD@simplypeachy.co.uk>
-simplypeachy <simplypeachy@users.noreply.github.com>
+Smiley73 <heiko@zuerker.org>
 snnd <dw@risu.io>
 Stefan-Code <stefan.github@gmail.com>
 Stefan-Code <Stefan.github@gmail.com>
 timabell <tim@timwise.co.uk>
+timhowes <timhowes@berkeley.edu>
 tnn2 <tnn@nygren.pp.se>
 tojrobinson <tully@tojr.org>
 tpng <benny.tpng@gmail.com>
 tylerbrazier <tyler@tylerbrazier.com>
+Unrud <unrud@openaliasbox.org>
+Unrud <Unrud@users.noreply.github.com>
 uok <ueomkail@gmail.com>
 uok <uok@users.noreply.github.com>
 veeti <veeti.paananen@rojekti.fi>
@@ -114,5 +133,6 @@ WSGCSysadmin <e.meitner@willystreet.coop>
 wweich <wweich@users.noreply.github.com>
 wweich <wweich@gmx.de>
 xduugu <cedric@gmx.ca>
+zaynetro <romanznet@gmail.com>
 Zillode <zillode@zillode.be>
 zukoo <fxgsell@gmail.com>

README.md

@@ -1,23 +1,58 @@
 # Syncthing
 
-[![Latest Build (Official)](https://img.shields.io/jenkins/s/http/build.syncthing.net/syncthing.svg?style=flat-square&label=unix%20build)](http://build.syncthing.net/job/syncthing/lastBuild/)
-[![API Documentation](https://img.shields.io/badge/api-Godoc-blue.svg?style=flat-square)](http://godoc.org/github.com/syncthing/syncthing)
+[![Latest Linux & Cross Build](https://img.shields.io/jenkins/s/http/build.syncthing.net/syncthing.svg?style=flat-square&label=linux+%26+cross)](https://build.syncthing.net/job/syncthing/lastBuild/)
+[![Latest Windows Build](https://img.shields.io/jenkins/s/http/build.syncthing.net/syncthing-windows.svg?style=flat-square&label=windows)](https://build.syncthing.net/job/syncthing/lastBuild/)
+[![Latest Mac Build](https://img.shields.io/jenkins/s/http/build.syncthing.net/syncthing-mac.svg?style=flat-square&label=mac)](https://build.syncthing.net/job/syncthing/lastBuild/)
+[![Latest Solaris Build](https://img.shields.io/jenkins/s/http/build.syncthing.net/syncthing-solaris.svg?style=flat-square&label=solaris)](https://build.syncthing.net/job/syncthing/lastBuild/)
+[![API Documentation](https://img.shields.io/badge/api-Godoc-blue.svg?style=flat-square)](https://godoc.org/github.com/syncthing/syncthing)
 [![MPLv2 License](https://img.shields.io/badge/license-MPLv2-blue.svg?style=flat-square)](https://www.mozilla.org/MPL/2.0/)
+[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/88/badge)](https://bestpractices.coreinfrastructure.org/projects/88)
+[![Go Report Card](https://goreportcard.com/badge/github.com/syncthing/syncthing)](https://goreportcard.com/report/github.com/syncthing/syncthing)
 
-This is the Syncthing project which pursues the following goals:
+## Goals
 
- 1. Define a protocol for synchronization of a folder between a number of
-    collaborating devices. This protocol should be well defined, unambiguous,
-    easily understood, free to use, efficient, secure and language neutral.
-    This is called the [Block Exchange Protocol][1].
+Syncthing is a **continuous file synchronization program**. It synchronizes
+files between two or more computers. We strive to fulfill the goals below.
+The goals are listed in order of importance, the most important one being
+the first. This is the summary version of the goal list - for more
+commentary, see the full [Goals document][13].
 
- 2. Provide the reference implementation to demonstrate the usability of
-    said protocol. This is the `syncthing` utility. We hope that
-    alternative, compatible implementations of the protocol will arise.
+Syncthing should be:
 
-The two are evolving together; the protocol is not to be considered
-stable until Syncthing 1.0 is released, at which point it is locked down
-for incompatible changes.
+1. Safe From Data Loss
+
+   Protecting the user's data is paramount. We take every reasonable
+   precaution to avoid corrupting the user's files.
+
+2. Secure Against Attackers
+
+   Again, protecting the user's data is paramount. Regardless of our other
+   goals we must never allow the user's data to be susceptible to
+   eavesdropping or modification by unauthorized parties.
+
+3. Easy to Use
+
+   Syncthing should be approachable, understandable and inclusive.
+
+4. Automatic
+
+   User interaction should be required only when absolutely necessary.
+
+5. Universally Available
+
+   Syncthing should run on every common computer. We are mindful that the
+   latest technology is not always available to any given individual.
+
+6. For Individuals
+
+   Syncthing is primarily about empowering the individual user with safe,
+   secure and easy to use file synchronization.
+
+7. Everything Else
+
+   There are many things we care about that don't make it on to the list. It
+   is fine to optimize for these values, as long as they are not in conflict
+   with the stated goals above.
 
 ## Getting Started
 
@@ -60,15 +95,16 @@ Please see the [Syncthing documentation site][6].
 
 All code is licensed under the [MPLv2 License][7].
 
-[1]: http://docs.syncthing.net/specs/bep-v1.html
-[2]: http://docs.syncthing.net/intro/getting-started.html
+[1]: https://docs.syncthing.net/specs/bep-v1.html
+[2]: https://docs.syncthing.net/intro/getting-started.html
 [3]: https://github.com/syncthing/syncthing/blob/master/etc
-[4]: http://www.freenode.net/irc_servers.shtml
-[5]: http://docs.syncthing.net/dev/building.html
-[6]: http://docs.syncthing.net/
+[4]: http://www.freenode.net/
+[5]: https://docs.syncthing.net/dev/building.html
+[6]: https://docs.syncthing.net/
 [7]: https://github.com/syncthing/syncthing/blob/master/LICENSE
 [8]: https://forum.syncthing.net/
 [9]: https://kiwiirc.com/client/irc.freenode.net/#syncthing
 [10]: https://github.com/syncthing/syncthing/issues
-[11]: http://docs.syncthing.net/users/contrib.html#gui-wrappers
+[11]: https://docs.syncthing.net/users/contrib.html#gui-wrappers
 [12]: https://www.bountysource.com/teams/syncthing/issues
+[13]: https://github.com/syncthing/syncthing/blob/master/GOALS.md

build.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 // +build ignore
 
@@ -13,6 +13,7 @@ import (
 	"archive/zip"
 	"bytes"
 	"compress/gzip"
+	"errors"
 	"flag"
 	"fmt"
 	"io"
@@ -26,7 +27,6 @@ import (
 	"runtime"
 	"strconv"
 	"strings"
-	"syscall"
 	"text/template"
 	"time"
 )
@@ -43,12 +43,12 @@ var (
 )
 
 type target struct {
-	name         string
-	buildPkg     string
-	binaryName   string
-	archiveFiles []archiveFile
-	debianFiles  []archiveFile
-	tags         []string
+	name              string
+	buildPkg          string
+	binaryName        string
+	archiveFiles      []archiveFile
+	installationFiles []archiveFile
+	tags              []string
 }
 
 type archiveFile struct {
@@ -76,7 +76,7 @@ var targets = map[string]target{
 			{src: "AUTHORS", dst: "AUTHORS.txt", perm: 0644},
 			// All files from etc/ and extra/ added automatically in init().
 		},
-		debianFiles: []archiveFile{
+		installationFiles: []archiveFile{
 			{src: "{{binary}}", dst: "deb/usr/bin/{{binary}}", perm: 0755},
 			{src: "README.md", dst: "deb/usr/share/doc/syncthing/README.txt", perm: 0644},
 			{src: "LICENSE", dst: "deb/usr/share/doc/syncthing/LICENSE.txt", perm: 0644},
@@ -94,6 +94,7 @@ var targets = map[string]target{
 			{src: "etc/linux-systemd/system/syncthing@.service", dst: "deb/lib/systemd/system/syncthing@.service", perm: 0644},
 			{src: "etc/linux-systemd/system/syncthing-resume.service", dst: "deb/lib/systemd/system/syncthing-resume.service", perm: 0644},
 			{src: "etc/linux-systemd/user/syncthing.service", dst: "deb/usr/lib/systemd/user/syncthing.service", perm: 0644},
+			{src: "etc/firewall-ufw/syncthing", dst: "deb/etc/ufw/applications.d/syncthing", perm: 0644},
 		},
 	},
 	"stdiscosrv": {
@@ -106,7 +107,7 @@ var targets = map[string]target{
 			{src: "cmd/stdiscosrv/LICENSE", dst: "LICENSE.txt", perm: 0644},
 			{src: "AUTHORS", dst: "AUTHORS.txt", perm: 0644},
 		},
-		debianFiles: []archiveFile{
+		installationFiles: []archiveFile{
 			{src: "{{binary}}", dst: "deb/usr/bin/{{binary}}", perm: 0755},
 			{src: "cmd/stdiscosrv/README.md", dst: "deb/usr/share/doc/stdiscosrv/README.txt", perm: 0644},
 			{src: "cmd/stdiscosrv/LICENSE", dst: "deb/usr/share/doc/stdiscosrv/LICENSE.txt", perm: 0644},
@@ -125,7 +126,7 @@ var targets = map[string]target{
 			{src: "cmd/strelaysrv/LICENSE", dst: "LICENSE.txt", perm: 0644},
 			{src: "AUTHORS", dst: "AUTHORS.txt", perm: 0644},
 		},
-		debianFiles: []archiveFile{
+		installationFiles: []archiveFile{
 			{src: "{{binary}}", dst: "deb/usr/bin/{{binary}}", perm: 0755},
 			{src: "cmd/strelaysrv/README.md", dst: "deb/usr/share/doc/strelaysrv/README.txt", perm: 0644},
 			{src: "cmd/strelaysrv/LICENSE", dst: "deb/usr/share/doc/strelaysrv/LICENSE.txt", perm: 0644},
@@ -143,7 +144,7 @@ var targets = map[string]target{
 			{src: "cmd/strelaypoolsrv/LICENSE", dst: "LICENSE.txt", perm: 0644},
 			{src: "AUTHORS", dst: "AUTHORS.txt", perm: 0644},
 		},
-		debianFiles: []archiveFile{
+		installationFiles: []archiveFile{
 			{src: "{{binary}}", dst: "deb/usr/bin/{{binary}}", perm: 0755},
 			{src: "cmd/strelaypoolsrv/README.md", dst: "deb/usr/share/doc/relaysrv/README.txt", perm: 0644},
 			{src: "cmd/strelaypoolsrv/LICENSE", dst: "deb/usr/share/doc/relaysrv/LICENSE.txt", perm: 0644},
@@ -152,6 +153,41 @@ var targets = map[string]target{
 	},
 }
 
+var (
+	// fast linters complete in a fraction of a second and might as well be
+	// run always as part of the build
+	fastLinters = []string{
+		"deadcode",
+		"golint",
+		"ineffassign",
+		"vet",
+	}
+
+	// slow linters take several seconds and are run only as part of the
+	// "metalint" command.
+	slowLinters = []string{
+		"gosimple",
+		"staticcheck",
+		"structcheck",
+		"unused",
+		"varcheck",
+	}
+
+	// Which parts of the tree to lint
+	lintDirs = []string{".", "./lib/...", "./cmd/..."}
+
+	// Messages to ignore
+	lintExcludes = []string{
+		".pb.go",
+		"should have comment",
+		"protocol.Vector composite literal uses unkeyed fields",
+		"cli.Requires composite literal uses unkeyed fields",
+		"Use DialContext instead",   // Go 1.7
+		"os.SEEK_SET is deprecated", // Go 1.7
+		"SA4017",                    // staticcheck "is a pure function but its return value is ignored"
+	}
+)
+
 func init() {
 	// The "syncthing" target includes a few more files found in the "etc"
 	// and "extra" dirs.
@@ -163,13 +199,11 @@ func init() {
 		syncthingPkg.archiveFiles = append(syncthingPkg.archiveFiles, archiveFile{src: file, dst: file, perm: 0644})
 	}
 	for _, file := range listFiles("extra") {
-		syncthingPkg.debianFiles = append(syncthingPkg.debianFiles, archiveFile{src: file, dst: "deb/usr/share/doc/syncthing/" + filepath.Base(file), perm: 0644})
+		syncthingPkg.installationFiles = append(syncthingPkg.installationFiles, archiveFile{src: file, dst: "deb/usr/share/doc/syncthing/" + filepath.Base(file), perm: 0644})
 	}
 	targets["syncthing"] = syncthingPkg
 }
 
-const minGoVersion = 1.5
-
 func main() {
 	log.SetOutput(os.Stdout)
 	log.SetFlags(0)
@@ -185,9 +219,6 @@ func main() {
 		setGoPath()
 	}
 
-	// We use Go 1.5+ vendoring.
-	os.Setenv("GO15VENDOREXPERIMENT", "1")
-
 	// Set path to $GOPATH/bin:$PATH so that we can for sure find tools we
 	// might have installed during "build.go setup".
 	os.Setenv("PATH", fmt.Sprintf("%s%cbin%c%s", os.Getenv("GOPATH"), os.PathSeparator, os.PathListSeparator, os.Getenv("PATH")))
@@ -195,14 +226,11 @@ func main() {
 	parseFlags()
 
 	checkArchitecture()
-	goVersion, _ = checkRequiredGoVersion()
 
 	// Invoking build.go with no parameters at all builds everything (incrementally),
 	// which is what you want for maximum error checking during development.
 	if flag.NArg() == 0 {
 		runCommand("install", targets["all"])
-		runCommand("vet", target{})
-		runCommand("lint", target{})
 	} else {
 		// with any command given but not a target, the target is
 		// "syncthing". So "go run build.go install" is "go run build.go install
@@ -222,7 +250,7 @@ func main() {
 
 func checkArchitecture() {
 	switch goarch {
-	case "386", "amd64", "arm", "arm64", "ppc64", "ppc64le":
+	case "386", "amd64", "arm", "arm64", "ppc64", "ppc64le", "mips", "mipsle":
 		break
 	default:
 		log.Printf("Unknown goarch %q; proceed with caution!", goarch)
@@ -240,6 +268,7 @@ func runCommand(cmd string, target target) {
 			tags = []string{"noupgrade"}
 		}
 		install(target, tags)
+		metalint(fastLinters, lintDirs)
 
 	case "build":
 		var tags []string
@@ -247,6 +276,7 @@ func runCommand(cmd string, target target) {
 			tags = []string{"noupgrade"}
 		}
 		build(target, tags)
+		metalint(fastLinters, lintDirs)
 
 	case "test":
 		test("./lib/...", "./cmd/...")
@@ -275,28 +305,24 @@ func runCommand(cmd string, target target) {
 	case "deb":
 		buildDeb(target)
 
+	case "snap":
+		buildSnap(target)
+
 	case "clean":
 		clean()
 
 	case "vet":
-		vet("build.go")
-		vet("cmd", "lib")
+		metalint(fastLinters, lintDirs)
 
 	case "lint":
-		lint(".")
-		lint("./cmd/...")
-		lint("./lib/...")
+		metalint(fastLinters, lintDirs)
 
 	case "metalint":
-		if isGometalinterInstalled() {
-			dirs := []string{".", "./cmd/...", "./lib/..."}
-			ok := gometalinter("deadcode", dirs, "test/util.go")
-			ok = gometalinter("structcheck", dirs) && ok
-			ok = gometalinter("varcheck", dirs) && ok
-			if !ok {
-				os.Exit(1)
-			}
-		}
+		metalint(fastLinters, lintDirs)
+		metalint(slowLinters, lintDirs)
+
+	case "version":
+		fmt.Println(getVersion())
 
 	default:
 		log.Fatalf("Unknown command %q", cmd)
@@ -324,39 +350,30 @@ func parseFlags() {
 	flag.Parse()
 }
 
-func checkRequiredGoVersion() (float64, bool) {
-	re := regexp.MustCompile(`go(\d+\.\d+)`)
-	ver := runtime.Version()
-	if m := re.FindStringSubmatch(ver); len(m) == 2 {
-		vs := string(m[1])
-		// This is a standard go build. Verify that it's new enough.
-		f, err := strconv.ParseFloat(vs, 64)
-		if err != nil {
-			log.Printf("*** Couldn't parse Go version out of %q.\n*** This isn't known to work, proceed on your own risk.", vs)
-			return 0, false
-		}
-		if f < 1.5 {
-			log.Printf("*** Go version %.01f doesn't support the vendoring mechanism.\n*** Ensure correct dependencies in your $GOPATH.", f)
-		} else if f < minGoVersion {
-			log.Fatalf("*** Go version %.01f is less than required %.01f.\n*** This is known not to work, not proceeding.", f, minGoVersion)
-		}
-		return f, true
+func setup() {
+	packages := []string{
+		"github.com/alecthomas/gometalinter",
+		"github.com/AlekSi/gocov-xml",
+		"github.com/axw/gocov/gocov",
+		"github.com/FiloSottile/gvt",
+		"github.com/golang/lint/golint",
+		"github.com/gordonklaus/ineffassign",
+		"github.com/mdempsky/unconvert",
+		"github.com/mitchellh/go-wordwrap",
+		"github.com/opennota/check/cmd/...",
+		"github.com/tsenart/deadcode",
+		"golang.org/x/net/html",
+		"golang.org/x/tools/cmd/cover",
+		"honnef.co/go/simple/cmd/gosimple",
+		"honnef.co/go/staticcheck/cmd/staticcheck",
+		"honnef.co/go/unused/cmd/unused",
+	}
+	for _, pkg := range packages {
+		fmt.Println(pkg)
+		runPrint("go", "get", "-u", pkg)
 	}
 
-	log.Printf("*** Unknown Go version %q.\n*** This isn't known to work, proceed on your own risk.", ver)
-	return 0, false
-}
-
-func setup() {
-	runPrint("go", "get", "-v", "github.com/golang/lint/golint")
-	runPrint("go", "get", "-v", "golang.org/x/tools/cmd/cover")
-	runPrint("go", "get", "-v", "golang.org/x/net/html")
-	runPrint("go", "get", "-v", "github.com/FiloSottile/gvt")
-	runPrint("go", "get", "-v", "github.com/axw/gocov/gocov")
-	runPrint("go", "get", "-v", "github.com/AlekSi/gocov-xml")
-	runPrint("go", "get", "-v", "bitbucket.org/tebeka/go2xunit")
-	runPrint("go", "get", "-v", "github.com/alecthomas/gometalinter")
-	runPrint("go", "get", "-v", "github.com/mitchellh/go-wordwrap")
+	runPrint("go", "install", "-v", "./vendor/github.com/gogo/protobuf/protoc-gen-gogofast")
 }
 
 func test(pkgs ...string) {
@@ -479,8 +496,8 @@ func buildDeb(target target) {
 	os.RemoveAll("deb")
 
 	// "goarch" here is set to whatever the Debian packages expect. We correct
-	// "it to what we actually know how to build and keep the Debian variant
-	// "name in "debarch".
+	// it to what we actually know how to build and keep the Debian variant
+	// name in "debarch".
 	debarch := goarch
 	switch goarch {
 	case "i386":
@@ -491,46 +508,69 @@ func buildDeb(target target) {
 
 	build(target, []string{"noupgrade"})
 
-	for i := range target.debianFiles {
-		target.debianFiles[i].src = strings.Replace(target.debianFiles[i].src, "{{binary}}", target.binaryName, 1)
-		target.debianFiles[i].dst = strings.Replace(target.debianFiles[i].dst, "{{binary}}", target.binaryName, 1)
+	for i := range target.installationFiles {
+		target.installationFiles[i].src = strings.Replace(target.installationFiles[i].src, "{{binary}}", target.binaryName, 1)
+		target.installationFiles[i].dst = strings.Replace(target.installationFiles[i].dst, "{{binary}}", target.binaryName, 1)
 	}
 
-	for _, af := range target.debianFiles {
+	for _, af := range target.installationFiles {
 		if err := copyFile(af.src, af.dst, af.perm); err != nil {
 			log.Fatal(err)
 		}
 	}
 
-	os.MkdirAll("deb/DEBIAN", 0755)
+	maintainer := "Syncthing Release Management <release@syncthing.net>"
+	debver := version
+	if strings.HasPrefix(debver, "v") {
+		debver = debver[1:]
+	}
+	runPrint("fpm", "-t", "deb", "-s", "dir", "-C", "deb",
+		"-n", "syncthing", "-v", debver, "-a", debarch,
+		"--vendor", maintainer, "-m", maintainer,
+		"-d", "libc6",
+		"-d", "procps", // because postinst script
+		"--url", "https://syncthing.net/",
+		"--description", "Open Source Continuous File Synchronization",
+		"--after-upgrade", "script/post-upgrade",
+		"--license", "MPL-2")
+}
 
-	data := map[string]string{
-		"name":    target.name,
-		"arch":    debarch,
-		"version": version[1:],
-		"date":    time.Now().Format(time.RFC1123),
+func buildSnap(target target) {
+	os.RemoveAll("snap")
+
+	tmpl, err := template.ParseFiles("snapcraft.yaml.template")
+	if err != nil {
+		log.Fatal(err)
+	}
+	f, err := os.Create("snapcraft.yaml")
+	defer f.Close()
+	if err != nil {
+		log.Fatal(err)
 	}
 
-	debTemplateFiles := append(listFiles("debtpl/common"), listFiles("debtpl/"+target.name)...)
-	for _, file := range debTemplateFiles {
-		tpl, err := template.New(filepath.Base(file)).ParseFiles(file)
-		if err != nil {
-			log.Fatal(err)
-		}
-		outFile := filepath.Join("deb/DEBIAN", filepath.Base(file))
-		out, err := os.Create(outFile)
-		if err != nil {
-			log.Fatal(err)
-		}
-		if err := tpl.Execute(out, data); err != nil {
-			log.Fatal(err)
-		}
-		if err := out.Close(); err != nil {
-			log.Fatal(err)
-		}
-		info, _ := os.Lstat(file)
-		os.Chmod(outFile, info.Mode())
+	snaparch := goarch
+	if snaparch == "armhf" {
+		goarch = "arm"
 	}
+	snapver := version
+	if strings.HasPrefix(snapver, "v") {
+		snapver = snapver[1:]
+	}
+	snapgrade := "devel"
+	if matched, _ := regexp.MatchString(`^\d+\.\d+\.\d+(-rc.\d+)?$`, snapver); matched {
+		snapgrade = "stable"
+	}
+	err = tmpl.Execute(f, map[string]string{
+		"Version":      snapver,
+		"Architecture": snaparch,
+		"Grade":        snapgrade,
+	})
+	if err != nil {
+		log.Fatal(err)
+	}
+	runPrint("snapcraft", "clean")
+	build(target, []string{"noupgrade"})
+	runPrint("snapcraft")
 }
 
 func copyFile(src, dst string, perm os.FileMode) error {
@@ -586,14 +626,15 @@ func shouldRebuildAssets(target, srcdir string) bool {
 	// so we should rebuild it.
 	currentBuild := info.ModTime()
 	assetsAreNewer := false
+	stop := errors.New("no need to iterate further")
 	filepath.Walk(srcdir, func(path string, info os.FileInfo, err error) error {
 		if err != nil {
 			return err
 		}
-		if assetsAreNewer {
-			return nil
+		if info.ModTime().After(currentBuild) {
+			assetsAreNewer = true
+			return stop
 		}
-		assetsAreNewer = info.ModTime().After(currentBuild)
 		return nil
 	})
 
@@ -642,7 +683,9 @@ func ldflags() string {
 
 func rmr(paths ...string) {
 	for _, path := range paths {
-		log.Println("rm -r", path)
+		if debug {
+			log.Println("rm -r", path)
+		}
 		os.RemoveAll(path)
 	}
 }
@@ -960,48 +1003,6 @@ func zipFile(out string, files []archiveFile) {
 	}
 }
 
-func vet(dirs ...string) {
-	params := []string{"tool", "vet", "-all"}
-	params = append(params, dirs...)
-	bs, err := runError("go", params...)
-
-	if len(bs) > 0 {
-		log.Printf("%s", bs)
-	}
-
-	if err != nil {
-		if exitStatus(err) == 3 {
-			// Exit code 3, the "vet" tool is not installed
-			return
-		}
-
-		// A genuine error exit from the vet tool.
-		log.Fatal(err)
-	}
-}
-
-func lint(pkg string) {
-	bs, err := runError("golint", pkg)
-	if err != nil {
-		log.Println(`- No golint, not linting. Try "go get -u github.com/golang/lint/golint".`)
-		return
-	}
-
-	analCommentPolicy := regexp.MustCompile(`exported (function|method|const|type|var) [^\s]+ should have comment`)
-	for _, line := range strings.Split(string(bs), "\n") {
-		if line == "" {
-			continue
-		}
-		if analCommentPolicy.MatchString(line) {
-			continue
-		}
-		if strings.Contains(line, ".pb.go:") {
-			continue
-		}
-		log.Println(line)
-	}
-}
-
 func macosCodesign(file string) {
 	if pass := os.Getenv("CODESIGN_KEYCHAIN_PASS"); pass != "" {
 		bs, err := runError("security", "unlock-keychain", "-p", pass)
@@ -1021,14 +1022,16 @@ func macosCodesign(file string) {
 	}
 }
 
-func exitStatus(err error) int {
-	if err, ok := err.(*exec.ExitError); ok {
-		if ws, ok := err.ProcessState.Sys().(syscall.WaitStatus); ok {
-			return ws.ExitStatus()
+func metalint(linters []string, dirs []string) {
+	ok := true
+	if isGometalinterInstalled() {
+		if !gometalinter(linters, dirs, lintExcludes...) {
+			ok = false
 		}
 	}
-
-	return -1
+	if !ok {
+		log.Fatal("Build succeeded, but there were lint warnings")
+	}
 }
 
 func isGometalinterInstalled() bool {
@@ -1039,10 +1042,12 @@ func isGometalinterInstalled() bool {
 	return true
 }
 
-func gometalinter(linter string, dirs []string, excludes ...string) bool {
-	params := []string{"--disable-all"}
-	params = append(params, fmt.Sprintf("--deadline=%ds", 60))
-	params = append(params, "--enable="+linter)
+func gometalinter(linters []string, dirs []string, excludes ...string) bool {
+	params := []string{"--disable-all", "--concurrency=2", "--deadline=300s"}
+
+	for _, linter := range linters {
+		params = append(params, "--enable="+linter)
+	}
 
 	for _, exclude := range excludes {
 		params = append(params, "--exclude="+exclude)
@@ -1055,14 +1060,19 @@ func gometalinter(linter string, dirs []string, excludes ...string) bool {
 	bs, _ := runError("gometalinter", params...)
 
 	nerr := 0
+	lines := make(map[string]struct{})
 	for _, line := range strings.Split(string(bs), "\n") {
 		if line == "" {
 			continue
 		}
-		if strings.Contains(line, ".pb.go:") {
+		if _, ok := lines[line]; ok {
 			continue
 		}
 		log.Println(line)
+		if strings.Contains(line, "executable file not found") {
+			log.Println(` - Try "go run build.go setup" to install missing tools`)
+		}
+		lines[line] = struct{}{}
 		nerr++
 	}
 

cmd/stbench/main.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 // This doesn't build on Windows due to the Rusage stuff.
 

cmd/stcli/LICENSE

@@ -0,0 +1,19 @@
+Copyright (C) 2014 Audrius Butkevičius
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+- The above copyright notice and this permission notice shall be included in
+  all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

cmd/stcli/client.go

@@ -0,0 +1,115 @@
+// Copyright (C) 2014 Audrius Butkevičius
+
+package main
+
+import (
+	"bytes"
+	"crypto/tls"
+	"net/http"
+	"strings"
+
+	"github.com/AudriusButkevicius/cli"
+)
+
+type APIClient struct {
+	httpClient http.Client
+	endpoint   string
+	apikey     string
+	username   string
+	password   string
+	id         string
+	csrf       string
+}
+
+var instance *APIClient
+
+func getClient(c *cli.Context) *APIClient {
+	if instance != nil {
+		return instance
+	}
+	endpoint := c.GlobalString("endpoint")
+	if !strings.HasPrefix(endpoint, "http") {
+		endpoint = "http://" + endpoint
+	}
+	httpClient := http.Client{
+		Transport: &http.Transport{
+			TLSClientConfig: &tls.Config{
+				InsecureSkipVerify: c.GlobalBool("insecure"),
+			},
+		},
+	}
+	client := APIClient{
+		httpClient: httpClient,
+		endpoint:   endpoint,
+		apikey:     c.GlobalString("apikey"),
+		username:   c.GlobalString("username"),
+		password:   c.GlobalString("password"),
+	}
+
+	if client.apikey == "" {
+		request, err := http.NewRequest("GET", client.endpoint, nil)
+		die(err)
+		response := client.handleRequest(request)
+		client.id = response.Header.Get("X-Syncthing-ID")
+		if client.id == "" {
+			die("Failed to get device ID")
+		}
+		for _, item := range response.Cookies() {
+			if item.Name == "CSRF-Token-"+client.id[:5] {
+				client.csrf = item.Value
+				goto csrffound
+			}
+		}
+		die("Failed to get CSRF token")
+	csrffound:
+	}
+	instance = &client
+	return &client
+}
+
+func (client *APIClient) handleRequest(request *http.Request) *http.Response {
+	if client.apikey != "" {
+		request.Header.Set("X-API-Key", client.apikey)
+	}
+	if client.username != "" || client.password != "" {
+		request.SetBasicAuth(client.username, client.password)
+	}
+	if client.csrf != "" {
+		request.Header.Set("X-CSRF-Token-"+client.id[:5], client.csrf)
+	}
+
+	response, err := client.httpClient.Do(request)
+	die(err)
+
+	if response.StatusCode == 404 {
+		die("Invalid endpoint or API call")
+	} else if response.StatusCode == 401 {
+		die("Invalid username or password")
+	} else if response.StatusCode == 403 {
+		if client.apikey == "" {
+			die("Invalid CSRF token")
+		}
+		die("Invalid API key")
+	} else if response.StatusCode != 200 {
+		body := strings.TrimSpace(string(responseToBArray(response)))
+		if body != "" {
+			die(body)
+		}
+		die("Unknown HTTP status returned: " + response.Status)
+	}
+	return response
+}
+
+func httpGet(c *cli.Context, url string) *http.Response {
+	client := getClient(c)
+	request, err := http.NewRequest("GET", client.endpoint+"/rest/"+url, nil)
+	die(err)
+	return client.handleRequest(request)
+}
+
+func httpPost(c *cli.Context, url string, body string) *http.Response {
+	client := getClient(c)
+	request, err := http.NewRequest("POST", client.endpoint+"/rest/"+url, bytes.NewBufferString(body))
+	die(err)
+	return client.handleRequest(request)
+}

cmd/stcli/cmd_devices.go

@@ -0,0 +1,188 @@
+// Copyright (C) 2014 Audrius Butkevičius
+
+package main
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/AudriusButkevicius/cli"
+	"github.com/syncthing/syncthing/lib/config"
+)
+
+func init() {
+	cliCommands = append(cliCommands, cli.Command{
+		Name:     "devices",
+		HideHelp: true,
+		Usage:    "Device command group",
+		Subcommands: []cli.Command{
+			{
+				Name:     "list",
+				Usage:    "List registered devices",
+				Requires: &cli.Requires{},
+				Action:   devicesList,
+			},
+			{
+				Name:     "add",
+				Usage:    "Add a new device",
+				Requires: &cli.Requires{"device id", "device name?"},
+				Action:   devicesAdd,
+			},
+			{
+				Name:     "remove",
+				Usage:    "Remove an existing device",
+				Requires: &cli.Requires{"device id"},
+				Action:   devicesRemove,
+			},
+			{
+				Name:     "get",
+				Usage:    "Get a property of a device",
+				Requires: &cli.Requires{"device id", "property"},
+				Action:   devicesGet,
+			},
+			{
+				Name:     "set",
+				Usage:    "Set a property of a device",
+				Requires: &cli.Requires{"device id", "property", "value..."},
+				Action:   devicesSet,
+			},
+		},
+	})
+}
+
+func devicesList(c *cli.Context) {
+	cfg := getConfig(c)
+	first := true
+	writer := newTableWriter()
+	for _, device := range cfg.Devices {
+		if !first {
+			fmt.Fprintln(writer)
+		}
+		fmt.Fprintln(writer, "ID:\t", device.DeviceID, "\t")
+		fmt.Fprintln(writer, "Name:\t", device.Name, "\t(name)")
+		fmt.Fprintln(writer, "Address:\t", strings.Join(device.Addresses, " "), "\t(address)")
+		fmt.Fprintln(writer, "Compression:\t", device.Compression, "\t(compression)")
+		fmt.Fprintln(writer, "Certificate name:\t", device.CertName, "\t(certname)")
+		fmt.Fprintln(writer, "Introducer:\t", device.Introducer, "\t(introducer)")
+		first = false
+	}
+	writer.Flush()
+}
+
+func devicesAdd(c *cli.Context) {
+	nid := c.Args()[0]
+	id := parseDeviceID(nid)
+
+	newDevice := config.DeviceConfiguration{
+		DeviceID:  id,
+		Name:      nid,
+		Addresses: []string{"dynamic"},
+	}
+
+	if len(c.Args()) > 1 {
+		newDevice.Name = c.Args()[1]
+	}
+
+	if len(c.Args()) > 2 {
+		addresses := c.Args()[2:]
+		for _, item := range addresses {
+			if item == "dynamic" {
+				continue
+			}
+			validAddress(item)
+		}
+		newDevice.Addresses = addresses
+	}
+
+	cfg := getConfig(c)
+	for _, device := range cfg.Devices {
+		if device.DeviceID == id {
+			die("Device " + nid + " already exists")
+		}
+	}
+	cfg.Devices = append(cfg.Devices, newDevice)
+	setConfig(c, cfg)
+}
+
+func devicesRemove(c *cli.Context) {
+	nid := c.Args()[0]
+	id := parseDeviceID(nid)
+	if nid == getMyID(c) {
+		die("Cannot remove yourself")
+	}
+	cfg := getConfig(c)
+	for i, device := range cfg.Devices {
+		if device.DeviceID == id {
+			last := len(cfg.Devices) - 1
+			cfg.Devices[i] = cfg.Devices[last]
+			cfg.Devices = cfg.Devices[:last]
+			setConfig(c, cfg)
+			return
+		}
+	}
+	die("Device " + nid + " not found")
+}
+
+func devicesGet(c *cli.Context) {
+	nid := c.Args()[0]
+	id := parseDeviceID(nid)
+	arg := c.Args()[1]
+	cfg := getConfig(c)
+	for _, device := range cfg.Devices {
+		if device.DeviceID != id {
+			continue
+		}
+		switch strings.ToLower(arg) {
+		case "name":
+			fmt.Println(device.Name)
+		case "address":
+			fmt.Println(strings.Join(device.Addresses, "\n"))
+		case "compression":
+			fmt.Println(device.Compression.String())
+		case "certname":
+			fmt.Println(device.CertName)
+		case "introducer":
+			fmt.Println(device.Introducer)
+		default:
+			die("Invalid property: " + arg + "\nAvailable properties: name, address, compression, certname, introducer")
+		}
+		return
+	}
+	die("Device " + nid + " not found")
+}
+
+func devicesSet(c *cli.Context) {
+	nid := c.Args()[0]
+	id := parseDeviceID(nid)
+	arg := c.Args()[1]
+	config := getConfig(c)
+	for i, device := range config.Devices {
+		if device.DeviceID != id {
+			continue
+		}
+		switch strings.ToLower(arg) {
+		case "name":
+			config.Devices[i].Name = strings.Join(c.Args()[2:], " ")
+		case "address":
+			for _, item := range c.Args()[2:] {
+				if item == "dynamic" {
+					continue
+				}
+				validAddress(item)
+			}
+			config.Devices[i].Addresses = c.Args()[2:]
+		case "compression":
+			err := config.Devices[i].Compression.UnmarshalText([]byte(c.Args()[2]))
+			die(err)
+		case "certname":
+			config.Devices[i].CertName = strings.Join(c.Args()[2:], " ")
+		case "introducer":
+			config.Devices[i].Introducer = parseBool(c.Args()[2])
+		default:
+			die("Invalid property: " + arg + "\nAvailable properties: name, address, compression, certname, introducer")
+		}
+		setConfig(c, config)
+		return
+	}
+	die("Device " + nid + " not found")
+}

cmd/stcli/cmd_errors.go

@@ -0,0 +1,67 @@
+// Copyright (C) 2014 Audrius Butkevičius
+
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"strings"
+
+	"github.com/AudriusButkevicius/cli"
+)
+
+func init() {
+	cliCommands = append(cliCommands, cli.Command{
+		Name:     "errors",
+		HideHelp: true,
+		Usage:    "Error command group",
+		Subcommands: []cli.Command{
+			{
+				Name:     "show",
+				Usage:    "Show pending errors",
+				Requires: &cli.Requires{},
+				Action:   errorsShow,
+			},
+			{
+				Name:     "push",
+				Usage:    "Push an error to active clients",
+				Requires: &cli.Requires{"error message..."},
+				Action:   errorsPush,
+			},
+			{
+				Name:     "clear",
+				Usage:    "Clear pending errors",
+				Requires: &cli.Requires{},
+				Action:   wrappedHTTPPost("system/error/clear"),
+			},
+		},
+	})
+}
+
+func errorsShow(c *cli.Context) {
+	response := httpGet(c, "system/error")
+	var data map[string][]map[string]interface{}
+	json.Unmarshal(responseToBArray(response), &data)
+	writer := newTableWriter()
+	for _, item := range data["errors"] {
+		time := item["time"].(string)[:19]
+		time = strings.Replace(time, "T", " ", 1)
+		err := item["error"].(string)
+		err = strings.TrimSpace(err)
+		fmt.Fprintln(writer, time+":\t"+err)
+	}
+	writer.Flush()
+}
+
+func errorsPush(c *cli.Context) {
+	err := strings.Join(c.Args(), " ")
+	response := httpPost(c, "system/error", strings.TrimSpace(err))
+	if response.StatusCode != 200 {
+		err = fmt.Sprint("Failed to push error\nStatus code: ", response.StatusCode)
+		body := string(responseToBArray(response))
+		if body != "" {
+			err += "\nBody: " + body
+		}
+		die(err)
+	}
+}

cmd/stcli/cmd_folders.go

@@ -0,0 +1,351 @@
+// Copyright (C) 2014 Audrius Butkevičius
+
+package main
+
+import (
+	"fmt"
+	"path/filepath"
+	"strings"
+
+	"github.com/AudriusButkevicius/cli"
+	"github.com/syncthing/syncthing/lib/config"
+)
+
+func init() {
+	cliCommands = append(cliCommands, cli.Command{
+		Name:     "folders",
+		HideHelp: true,
+		Usage:    "Folder command group",
+		Subcommands: []cli.Command{
+			{
+				Name:     "list",
+				Usage:    "List available folders",
+				Requires: &cli.Requires{},
+				Action:   foldersList,
+			},
+			{
+				Name:     "add",
+				Usage:    "Add a new folder",
+				Requires: &cli.Requires{"folder id", "directory"},
+				Action:   foldersAdd,
+			},
+			{
+				Name:     "remove",
+				Usage:    "Remove an existing folder",
+				Requires: &cli.Requires{"folder id"},
+				Action:   foldersRemove,
+			},
+			{
+				Name:     "override",
+				Usage:    "Override changes from other nodes for a master folder",
+				Requires: &cli.Requires{"folder id"},
+				Action:   foldersOverride,
+			},
+			{
+				Name:     "get",
+				Usage:    "Get a property of a folder",
+				Requires: &cli.Requires{"folder id", "property"},
+				Action:   foldersGet,
+			},
+			{
+				Name:     "set",
+				Usage:    "Set a property of a folder",
+				Requires: &cli.Requires{"folder id", "property", "value..."},
+				Action:   foldersSet,
+			},
+			{
+				Name:     "unset",
+				Usage:    "Unset a property of a folder",
+				Requires: &cli.Requires{"folder id", "property"},
+				Action:   foldersUnset,
+			},
+			{
+				Name:     "devices",
+				Usage:    "Folder devices command group",
+				HideHelp: true,
+				Subcommands: []cli.Command{
+					{
+						Name:     "list",
+						Usage:    "List of devices which the folder is shared with",
+						Requires: &cli.Requires{"folder id"},
+						Action:   foldersDevicesList,
+					},
+					{
+						Name:     "add",
+						Usage:    "Share a folder with a device",
+						Requires: &cli.Requires{"folder id", "device id"},
+						Action:   foldersDevicesAdd,
+					},
+					{
+						Name:     "remove",
+						Usage:    "Unshare a folder with a device",
+						Requires: &cli.Requires{"folder id", "device id"},
+						Action:   foldersDevicesRemove,
+					},
+					{
+						Name:     "clear",
+						Usage:    "Unshare a folder with all devices",
+						Requires: &cli.Requires{"folder id"},
+						Action:   foldersDevicesClear,
+					},
+				},
+			},
+		},
+	})
+}
+
+func foldersList(c *cli.Context) {
+	cfg := getConfig(c)
+	first := true
+	writer := newTableWriter()
+	for _, folder := range cfg.Folders {
+		if !first {
+			fmt.Fprintln(writer)
+		}
+		fmt.Fprintln(writer, "ID:\t", folder.ID, "\t")
+		fmt.Fprintln(writer, "Path:\t", folder.RawPath, "\t(directory)")
+		fmt.Fprintln(writer, "Folder type:\t", folder.Type, "\t(type)")
+		fmt.Fprintln(writer, "Ignore permissions:\t", folder.IgnorePerms, "\t(permissions)")
+		fmt.Fprintln(writer, "Rescan interval in seconds:\t", folder.RescanIntervalS, "\t(rescan)")
+
+		if folder.Versioning.Type != "" {
+			fmt.Fprintln(writer, "Versioning:\t", folder.Versioning.Type, "\t(versioning)")
+			for key, value := range folder.Versioning.Params {
+				fmt.Fprintf(writer, "Versioning %s:\t %s \t(versioning-%s)\n", key, value, key)
+			}
+		}
+		first = false
+	}
+	writer.Flush()
+}
+
+func foldersAdd(c *cli.Context) {
+	cfg := getConfig(c)
+	abs, err := filepath.Abs(c.Args()[1])
+	die(err)
+	folder := config.FolderConfiguration{
+		ID:      c.Args()[0],
+		RawPath: filepath.Clean(abs),
+	}
+	cfg.Folders = append(cfg.Folders, folder)
+	setConfig(c, cfg)
+}
+
+func foldersRemove(c *cli.Context) {
+	cfg := getConfig(c)
+	rid := c.Args()[0]
+	for i, folder := range cfg.Folders {
+		if folder.ID == rid {
+			last := len(cfg.Folders) - 1
+			cfg.Folders[i] = cfg.Folders[last]
+			cfg.Folders = cfg.Folders[:last]
+			setConfig(c, cfg)
+			return
+		}
+	}
+	die("Folder " + rid + " not found")
+}
+
+func foldersOverride(c *cli.Context) {
+	cfg := getConfig(c)
+	rid := c.Args()[0]
+	for _, folder := range cfg.Folders {
+		if folder.ID == rid && folder.Type == config.FolderTypeSendOnly {
+			response := httpPost(c, "db/override", "")
+			if response.StatusCode != 200 {
+				err := fmt.Sprint("Failed to override changes\nStatus code: ", response.StatusCode)
+				body := string(responseToBArray(response))
+				if body != "" {
+					err += "\nBody: " + body
+				}
+				die(err)
+			}
+			return
+		}
+	}
+	die("Folder " + rid + " not found or folder not master")
+}
+
+func foldersGet(c *cli.Context) {
+	cfg := getConfig(c)
+	rid := c.Args()[0]
+	arg := strings.ToLower(c.Args()[1])
+	for _, folder := range cfg.Folders {
+		if folder.ID != rid {
+			continue
+		}
+		if strings.HasPrefix(arg, "versioning-") {
+			arg = arg[11:]
+			value, ok := folder.Versioning.Params[arg]
+			if ok {
+				fmt.Println(value)
+				return
+			}
+			die("Versioning property " + c.Args()[1][11:] + " not found")
+		}
+		switch arg {
+		case "directory":
+			fmt.Println(folder.RawPath)
+		case "type":
+			fmt.Println(folder.Type)
+		case "permissions":
+			fmt.Println(folder.IgnorePerms)
+		case "rescan":
+			fmt.Println(folder.RescanIntervalS)
+		case "versioning":
+			if folder.Versioning.Type != "" {
+				fmt.Println(folder.Versioning.Type)
+			}
+		default:
+			die("Invalid property: " + c.Args()[1] + "\nAvailable properties: directory, type, permissions, versioning, versioning-<key>")
+		}
+		return
+	}
+	die("Folder " + rid + " not found")
+}
+
+func foldersSet(c *cli.Context) {
+	rid := c.Args()[0]
+	arg := strings.ToLower(c.Args()[1])
+	val := strings.Join(c.Args()[2:], " ")
+	cfg := getConfig(c)
+	for i, folder := range cfg.Folders {
+		if folder.ID != rid {
+			continue
+		}
+		if strings.HasPrefix(arg, "versioning-") {
+			cfg.Folders[i].Versioning.Params[arg[11:]] = val
+			setConfig(c, cfg)
+			return
+		}
+		switch arg {
+		case "directory":
+			cfg.Folders[i].RawPath = val
+		case "type":
+			var t config.FolderType
+			if err := t.UnmarshalText([]byte(val)); err != nil {
+				die("Invalid folder type: " + err.Error())
+			}
+			cfg.Folders[i].Type = t
+		case "permissions":
+			cfg.Folders[i].IgnorePerms = parseBool(val)
+		case "rescan":
+			cfg.Folders[i].RescanIntervalS = parseInt(val)
+		case "versioning":
+			cfg.Folders[i].Versioning.Type = val
+		default:
+			die("Invalid property: " + c.Args()[1] + "\nAvailable properties: directory, master, permissions, versioning, versioning-<key>")
+		}
+		setConfig(c, cfg)
+		return
+	}
+	die("Folder " + rid + " not found")
+}
+
+func foldersUnset(c *cli.Context) {
+	rid := c.Args()[0]
+	arg := strings.ToLower(c.Args()[1])
+	cfg := getConfig(c)
+	for i, folder := range cfg.Folders {
+		if folder.ID != rid {
+			continue
+		}
+		if strings.HasPrefix(arg, "versioning-") {
+			arg = arg[11:]
+			if _, ok := folder.Versioning.Params[arg]; ok {
+				delete(cfg.Folders[i].Versioning.Params, arg)
+				setConfig(c, cfg)
+				return
+			}
+			die("Versioning property " + c.Args()[1][11:] + " not found")
+		}
+		switch arg {
+		case "versioning":
+			cfg.Folders[i].Versioning.Type = ""
+			cfg.Folders[i].Versioning.Params = make(map[string]string)
+		default:
+			die("Invalid property: " + c.Args()[1] + "\nAvailable properties: versioning, versioning-<key>")
+		}
+		setConfig(c, cfg)
+		return
+	}
+	die("Folder " + rid + " not found")
+}
+
+func foldersDevicesList(c *cli.Context) {
+	rid := c.Args()[0]
+	cfg := getConfig(c)
+	for _, folder := range cfg.Folders {
+		if folder.ID != rid {
+			continue
+		}
+		for _, device := range folder.Devices {
+			fmt.Println(device.DeviceID)
+		}
+		return
+	}
+	die("Folder " + rid + " not found")
+}
+
+func foldersDevicesAdd(c *cli.Context) {
+	rid := c.Args()[0]
+	nid := parseDeviceID(c.Args()[1])
+	cfg := getConfig(c)
+	for i, folder := range cfg.Folders {
+		if folder.ID != rid {
+			continue
+		}
+		for _, device := range folder.Devices {
+			if device.DeviceID == nid {
+				die("Device " + c.Args()[1] + " is already part of this folder")
+			}
+		}
+		for _, device := range cfg.Devices {
+			if device.DeviceID == nid {
+				cfg.Folders[i].Devices = append(folder.Devices, config.FolderDeviceConfiguration{
+					DeviceID: device.DeviceID,
+				})
+				setConfig(c, cfg)
+				return
+			}
+		}
+		die("Device " + c.Args()[1] + " not found in device list")
+	}
+	die("Folder " + rid + " not found")
+}
+
+func foldersDevicesRemove(c *cli.Context) {
+	rid := c.Args()[0]
+	nid := parseDeviceID(c.Args()[1])
+	cfg := getConfig(c)
+	for ri, folder := range cfg.Folders {
+		if folder.ID != rid {
+			continue
+		}
+		for ni, device := range folder.Devices {
+			if device.DeviceID == nid {
+				last := len(folder.Devices) - 1
+				cfg.Folders[ri].Devices[ni] = folder.Devices[last]
+				cfg.Folders[ri].Devices = cfg.Folders[ri].Devices[:last]
+				setConfig(c, cfg)
+				return
+			}
+		}
+		die("Device " + c.Args()[1] + " not found")
+	}
+	die("Folder " + rid + " not found")
+}
+
+func foldersDevicesClear(c *cli.Context) {
+	rid := c.Args()[0]
+	cfg := getConfig(c)
+	for i, folder := range cfg.Folders {
+		if folder.ID != rid {
+			continue
+		}
+		cfg.Folders[i].Devices = []config.FolderDeviceConfiguration{}
+		setConfig(c, cfg)
+		return
+	}
+	die("Folder " + rid + " not found")
+}

cmd/stcli/cmd_general.go

@@ -0,0 +1,78 @@
+// Copyright (C) 2014 Audrius Butkevičius
+
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+
+	"github.com/AudriusButkevicius/cli"
+)
+
+func init() {
+	cliCommands = append(cliCommands, []cli.Command{
+		{
+			Name:     "id",
+			Usage:    "Get ID of the Syncthing client",
+			Requires: &cli.Requires{},
+			Action:   generalID,
+		},
+		{
+			Name:     "status",
+			Usage:    "Configuration status, whether or not a restart is required for changes to take effect",
+			Requires: &cli.Requires{},
+			Action:   generalStatus,
+		},
+		{
+			Name:     "restart",
+			Usage:    "Restart syncthing",
+			Requires: &cli.Requires{},
+			Action:   wrappedHTTPPost("system/restart"),
+		},
+		{
+			Name:     "shutdown",
+			Usage:    "Shutdown syncthing",
+			Requires: &cli.Requires{},
+			Action:   wrappedHTTPPost("system/shutdown"),
+		},
+		{
+			Name:     "reset",
+			Usage:    "Reset syncthing deleting all folders and devices",
+			Requires: &cli.Requires{},
+			Action:   wrappedHTTPPost("system/reset"),
+		},
+		{
+			Name:     "upgrade",
+			Usage:    "Upgrade syncthing (if a newer version is available)",
+			Requires: &cli.Requires{},
+			Action:   wrappedHTTPPost("system/upgrade"),
+		},
+		{
+			Name:     "version",
+			Usage:    "Syncthing client version",
+			Requires: &cli.Requires{},
+			Action:   generalVersion,
+		},
+	}...)
+}
+
+func generalID(c *cli.Context) {
+	fmt.Println(getMyID(c))
+}
+
+func generalStatus(c *cli.Context) {
+	response := httpGet(c, "system/config/insync")
+	var status struct{ ConfigInSync bool }
+	json.Unmarshal(responseToBArray(response), &status)
+	if !status.ConfigInSync {
+		die("Config out of sync")
+	}
+	fmt.Println("Config in sync")
+}
+
+func generalVersion(c *cli.Context) {
+	response := httpGet(c, "system/version")
+	version := make(map[string]interface{})
+	json.Unmarshal(responseToBArray(response), &version)
+	prettyPrintJSON(version)
+}

cmd/stcli/cmd_gui.go

@@ -0,0 +1,127 @@
+// Copyright (C) 2014 Audrius Butkevičius
+
+package main
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/AudriusButkevicius/cli"
+)
+
+func init() {
+	cliCommands = append(cliCommands, cli.Command{
+		Name:     "gui",
+		HideHelp: true,
+		Usage:    "GUI command group",
+		Subcommands: []cli.Command{
+			{
+				Name:     "dump",
+				Usage:    "Show all GUI configuration settings",
+				Requires: &cli.Requires{},
+				Action:   guiDump,
+			},
+			{
+				Name:     "get",
+				Usage:    "Get a GUI configuration setting",
+				Requires: &cli.Requires{"setting"},
+				Action:   guiGet,
+			},
+			{
+				Name:     "set",
+				Usage:    "Set a GUI configuration setting",
+				Requires: &cli.Requires{"setting", "value"},
+				Action:   guiSet,
+			},
+			{
+				Name:     "unset",
+				Usage:    "Unset a GUI configuration setting",
+				Requires: &cli.Requires{"setting"},
+				Action:   guiUnset,
+			},
+		},
+	})
+}
+
+func guiDump(c *cli.Context) {
+	cfg := getConfig(c).GUI
+	writer := newTableWriter()
+	fmt.Fprintln(writer, "Enabled:\t", cfg.Enabled, "\t(enabled)")
+	fmt.Fprintln(writer, "Use HTTPS:\t", cfg.UseTLS(), "\t(tls)")
+	fmt.Fprintln(writer, "Listen Addresses:\t", cfg.Address(), "\t(address)")
+	if cfg.User != "" {
+		fmt.Fprintln(writer, "Authentication User:\t", cfg.User, "\t(username)")
+		fmt.Fprintln(writer, "Authentication Password:\t", cfg.Password, "\t(password)")
+	}
+	if cfg.APIKey != "" {
+		fmt.Fprintln(writer, "API Key:\t", cfg.APIKey, "\t(apikey)")
+	}
+	writer.Flush()
+}
+
+func guiGet(c *cli.Context) {
+	cfg := getConfig(c).GUI
+	arg := c.Args()[0]
+	switch strings.ToLower(arg) {
+	case "enabled":
+		fmt.Println(cfg.Enabled)
+	case "tls":
+		fmt.Println(cfg.UseTLS())
+	case "address":
+		fmt.Println(cfg.Address())
+	case "user":
+		if cfg.User != "" {
+			fmt.Println(cfg.User)
+		}
+	case "password":
+		if cfg.User != "" {
+			fmt.Println(cfg.Password)
+		}
+	case "apikey":
+		if cfg.APIKey != "" {
+			fmt.Println(cfg.APIKey)
+		}
+	default:
+		die("Invalid setting: " + arg + "\nAvailable settings: enabled, tls, address, user, password, apikey")
+	}
+}
+
+func guiSet(c *cli.Context) {
+	cfg := getConfig(c)
+	arg := c.Args()[0]
+	val := c.Args()[1]
+	switch strings.ToLower(arg) {
+	case "enabled":
+		cfg.GUI.Enabled = parseBool(val)
+	case "tls":
+		cfg.GUI.RawUseTLS = parseBool(val)
+	case "address":
+		validAddress(val)
+		cfg.GUI.RawAddress = val
+	case "user":
+		cfg.GUI.User = val
+	case "password":
+		cfg.GUI.Password = val
+	case "apikey":
+		cfg.GUI.APIKey = val
+	default:
+		die("Invalid setting: " + arg + "\nAvailable settings: enabled, tls, address, user, password, apikey")
+	}
+	setConfig(c, cfg)
+}
+
+func guiUnset(c *cli.Context) {
+	cfg := getConfig(c)
+	arg := c.Args()[0]
+	switch strings.ToLower(arg) {
+	case "user":
+		cfg.GUI.User = ""
+	case "password":
+		cfg.GUI.Password = ""
+	case "apikey":
+		cfg.GUI.APIKey = ""
+	default:
+		die("Invalid setting: " + arg + "\nAvailable settings: user, password, apikey")
+	}
+	setConfig(c, cfg)
+}

cmd/stcli/cmd_options.go

@@ -0,0 +1,173 @@
+// Copyright (C) 2014 Audrius Butkevičius
+
+package main
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/AudriusButkevicius/cli"
+)
+
+func init() {
+	cliCommands = append(cliCommands, cli.Command{
+		Name:     "options",
+		HideHelp: true,
+		Usage:    "Options command group",
+		Subcommands: []cli.Command{
+			{
+				Name:     "dump",
+				Usage:    "Show all Syncthing option settings",
+				Requires: &cli.Requires{},
+				Action:   optionsDump,
+			},
+			{
+				Name:     "get",
+				Usage:    "Get a Syncthing option setting",
+				Requires: &cli.Requires{"setting"},
+				Action:   optionsGet,
+			},
+			{
+				Name:     "set",
+				Usage:    "Set a Syncthing option setting",
+				Requires: &cli.Requires{"setting", "value..."},
+				Action:   optionsSet,
+			},
+		},
+	})
+}
+
+func optionsDump(c *cli.Context) {
+	cfg := getConfig(c).Options
+	writer := newTableWriter()
+
+	fmt.Fprintln(writer, "Sync protocol listen addresses:\t", strings.Join(cfg.ListenAddresses, " "), "\t(addresses)")
+	fmt.Fprintln(writer, "Global discovery enabled:\t", cfg.GlobalAnnEnabled, "\t(globalannenabled)")
+	fmt.Fprintln(writer, "Global discovery servers:\t", strings.Join(cfg.GlobalAnnServers, " "), "\t(globalannserver)")
+
+	fmt.Fprintln(writer, "Local discovery enabled:\t", cfg.LocalAnnEnabled, "\t(localannenabled)")
+	fmt.Fprintln(writer, "Local discovery port:\t", cfg.LocalAnnPort, "\t(localannport)")
+
+	fmt.Fprintln(writer, "Outgoing rate limit in KiB/s:\t", cfg.MaxSendKbps, "\t(maxsend)")
+	fmt.Fprintln(writer, "Incoming rate limit in KiB/s:\t", cfg.MaxRecvKbps, "\t(maxrecv)")
+	fmt.Fprintln(writer, "Reconnect interval in seconds:\t", cfg.ReconnectIntervalS, "\t(reconnect)")
+	fmt.Fprintln(writer, "Start browser:\t", cfg.StartBrowser, "\t(browser)")
+	fmt.Fprintln(writer, "Enable UPnP:\t", cfg.NATEnabled, "\t(nat)")
+	fmt.Fprintln(writer, "UPnP Lease in minutes:\t", cfg.NATLeaseM, "\t(natlease)")
+	fmt.Fprintln(writer, "UPnP Renewal period in minutes:\t", cfg.NATRenewalM, "\t(natrenew)")
+	fmt.Fprintln(writer, "Restart on Wake Up:\t", cfg.RestartOnWakeup, "\t(wake)")
+
+	reporting := "unrecognized value"
+	switch cfg.URAccepted {
+	case -1:
+		reporting = "false"
+	case 0:
+		reporting = "undecided/false"
+	case 1:
+		reporting = "true"
+	}
+	fmt.Fprintln(writer, "Anonymous usage reporting:\t", reporting, "\t(reporting)")
+
+	writer.Flush()
+}
+
+func optionsGet(c *cli.Context) {
+	cfg := getConfig(c).Options
+	arg := c.Args()[0]
+	switch strings.ToLower(arg) {
+	case "address":
+		fmt.Println(strings.Join(cfg.ListenAddresses, "\n"))
+	case "globalannenabled":
+		fmt.Println(cfg.GlobalAnnEnabled)
+	case "globalannservers":
+		fmt.Println(strings.Join(cfg.GlobalAnnServers, "\n"))
+	case "localannenabled":
+		fmt.Println(cfg.LocalAnnEnabled)
+	case "localannport":
+		fmt.Println(cfg.LocalAnnPort)
+	case "maxsend":
+		fmt.Println(cfg.MaxSendKbps)
+	case "maxrecv":
+		fmt.Println(cfg.MaxRecvKbps)
+	case "reconnect":
+		fmt.Println(cfg.ReconnectIntervalS)
+	case "browser":
+		fmt.Println(cfg.StartBrowser)
+	case "nat":
+		fmt.Println(cfg.NATEnabled)
+	case "natlease":
+		fmt.Println(cfg.NATLeaseM)
+	case "natrenew":
+		fmt.Println(cfg.NATRenewalM)
+	case "reporting":
+		switch cfg.URAccepted {
+		case -1:
+			fmt.Println("false")
+		case 0:
+			fmt.Println("undecided/false")
+		case 1:
+			fmt.Println("true")
+		default:
+			fmt.Println("unknown")
+		}
+	case "wake":
+		fmt.Println(cfg.RestartOnWakeup)
+	default:
+		die("Invalid setting: " + arg + "\nAvailable settings: address, globalannenabled, globalannserver, localannenabled, localannport, maxsend, maxrecv, reconnect, browser, upnp, upnplease, upnprenew, reporting, wake")
+	}
+}
+
+func optionsSet(c *cli.Context) {
+	config := getConfig(c)
+	arg := c.Args()[0]
+	val := c.Args()[1]
+	switch strings.ToLower(arg) {
+	case "address":
+		for _, item := range c.Args().Tail() {
+			validAddress(item)
+		}
+		config.Options.ListenAddresses = c.Args().Tail()
+	case "globalannenabled":
+		config.Options.GlobalAnnEnabled = parseBool(val)
+	case "globalannserver":
+		for _, item := range c.Args().Tail() {
+			validAddress(item)
+		}
+		config.Options.GlobalAnnServers = c.Args().Tail()
+	case "localannenabled":
+		config.Options.LocalAnnEnabled = parseBool(val)
+	case "localannport":
+		config.Options.LocalAnnPort = parsePort(val)
+	case "maxsend":
+		config.Options.MaxSendKbps = parseUint(val)
+	case "maxrecv":
+		config.Options.MaxRecvKbps = parseUint(val)
+	case "reconnect":
+		config.Options.ReconnectIntervalS = parseUint(val)
+	case "browser":
+		config.Options.StartBrowser = parseBool(val)
+	case "nat":
+		config.Options.NATEnabled = parseBool(val)
+	case "natlease":
+		config.Options.NATLeaseM = parseUint(val)
+	case "natrenew":
+		config.Options.NATRenewalM = parseUint(val)
+	case "reporting":
+		switch strings.ToLower(val) {
+		case "u", "undecided", "unset":
+			config.Options.URAccepted = 0
+		default:
+			boolvalue := parseBool(val)
+			if boolvalue {
+				config.Options.URAccepted = 1
+			} else {
+				config.Options.URAccepted = -1
+			}
+		}
+	case "wake":
+		config.Options.RestartOnWakeup = parseBool(val)
+	default:
+		die("Invalid setting: " + arg + "\nAvailable settings: address, globalannenabled, globalannserver, localannenabled, localannport, maxsend, maxrecv, reconnect, browser, upnp, upnplease, upnprenew, reporting, wake")
+	}
+	setConfig(c, config)
+}

cmd/stcli/cmd_report.go

@@ -0,0 +1,72 @@
+// Copyright (C) 2014 Audrius Butkevičius
+
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+
+	"github.com/AudriusButkevicius/cli"
+)
+
+func init() {
+	cliCommands = append(cliCommands, cli.Command{
+		Name:     "report",
+		HideHelp: true,
+		Usage:    "Reporting command group",
+		Subcommands: []cli.Command{
+			{
+				Name:     "system",
+				Usage:    "Report system state",
+				Requires: &cli.Requires{},
+				Action:   reportSystem,
+			},
+			{
+				Name:     "connections",
+				Usage:    "Report about connections to other devices",
+				Requires: &cli.Requires{},
+				Action:   reportConnections,
+			},
+			{
+				Name:     "usage",
+				Usage:    "Usage report",
+				Requires: &cli.Requires{},
+				Action:   reportUsage,
+			},
+		},
+	})
+}
+
+func reportSystem(c *cli.Context) {
+	response := httpGet(c, "system/status")
+	data := make(map[string]interface{})
+	json.Unmarshal(responseToBArray(response), &data)
+	prettyPrintJSON(data)
+}
+
+func reportConnections(c *cli.Context) {
+	response := httpGet(c, "system/connections")
+	data := make(map[string]map[string]interface{})
+	json.Unmarshal(responseToBArray(response), &data)
+	var overall map[string]interface{}
+	for key, value := range data {
+		if key == "total" {
+			overall = value
+			continue
+		}
+		value["Device ID"] = key
+		prettyPrintJSON(value)
+		fmt.Println()
+	}
+	if overall != nil {
+		fmt.Println("=== Overall statistics ===")
+		prettyPrintJSON(overall)
+	}
+}
+
+func reportUsage(c *cli.Context) {
+	response := httpGet(c, "svc/report")
+	report := make(map[string]interface{})
+	json.Unmarshal(responseToBArray(response), &report)
+	prettyPrintJSON(report)
+}

cmd/stcli/labels.go

@@ -0,0 +1,31 @@
+// Copyright (C) 2014 Audrius Butkevičius
+
+package main
+
+var jsonAttributeLabels = map[string]string{
+	"folderMaxMiB":   "Largest folder size in MiB",
+	"folderMaxFiles": "Largest folder file count",
+	"longVersion":    "Long version",
+	"totMiB":         "Total size in MiB",
+	"totFiles":       "Total files",
+	"uniqueID":       "Unique ID",
+	"numFolders":     "Folder count",
+	"numDevices":     "Device count",
+	"memoryUsageMiB": "Memory usage in MiB",
+	"memorySize":     "Total memory in MiB",
+	"sha256Perf":     "SHA256 Benchmark",
+	"At":             "Last contacted",
+	"Completion":     "Percent complete",
+	"InBytesTotal":   "Total bytes received",
+	"OutBytesTotal":  "Total bytes sent",
+	"ClientVersion":  "Client version",
+	"alloc":          "Memory allocated in bytes",
+	"sys":            "Memory using in bytes",
+	"cpuPercent":     "CPU load in percent",
+	"extAnnounceOK":  "External announcments working",
+	"goroutines":     "Number of Go routines",
+	"myID":           "Client ID",
+	"tilde":          "Tilde expands to",
+	"arch":           "Architecture",
+	"os":             "OS",
+}

cmd/stcli/main.go

@@ -0,0 +1,63 @@
+// Copyright (C) 2014 Audrius Butkevičius
+
+package main
+
+import (
+	"sort"
+
+	"github.com/AudriusButkevicius/cli"
+)
+
+type ByAlphabet []cli.Command
+
+func (a ByAlphabet) Len() int           { return len(a) }
+func (a ByAlphabet) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
+func (a ByAlphabet) Less(i, j int) bool { return a[i].Name < a[j].Name }
+
+var cliCommands []cli.Command
+
+func main() {
+	app := cli.NewApp()
+	app.Name = "syncthing-cli"
+	app.Author = "Audrius Butkevičius"
+	app.Email = "audrius.butkevicius@gmail.com"
+	app.Usage = "Syncthing command line interface"
+	app.Version = "0.1"
+	app.HideHelp = true
+
+	app.Flags = []cli.Flag{
+		cli.StringFlag{
+			Name:   "endpoint, e",
+			Value:  "http://127.0.0.1:8384",
+			Usage:  "End point to connect to",
+			EnvVar: "STENDPOINT",
+		},
+		cli.StringFlag{
+			Name:   "apikey, k",
+			Value:  "",
+			Usage:  "API Key",
+			EnvVar: "STAPIKEY",
+		},
+		cli.StringFlag{
+			Name:   "username, u",
+			Value:  "",
+			Usage:  "Username",
+			EnvVar: "STUSERNAME",
+		},
+		cli.StringFlag{
+			Name:   "password, p",
+			Value:  "",
+			Usage:  "Password",
+			EnvVar: "STPASSWORD",
+		},
+		cli.BoolFlag{
+			Name:   "insecure, i",
+			Usage:  "Do not verify SSL certificate",
+			EnvVar: "STINSECURE",
+		},
+	}
+
+	sort.Sort(ByAlphabet(cliCommands))
+	app.Commands = cliCommands
+	app.RunAndExitOnError()
+}

cmd/stcli/utils.go

@@ -0,0 +1,165 @@
+// Copyright (C) 2014 Audrius Butkevičius
+
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"os"
+	"regexp"
+	"sort"
+	"strconv"
+	"strings"
+	"text/tabwriter"
+	"unicode"
+
+	"github.com/AudriusButkevicius/cli"
+	"github.com/syncthing/syncthing/lib/config"
+	"github.com/syncthing/syncthing/lib/protocol"
+)
+
+func responseToBArray(response *http.Response) []byte {
+	defer response.Body.Close()
+	bytes, err := ioutil.ReadAll(response.Body)
+	if err != nil {
+		die(err)
+	}
+	return bytes
+}
+
+func die(vals ...interface{}) {
+	if len(vals) > 1 || vals[0] != nil {
+		os.Stderr.WriteString(fmt.Sprintln(vals...))
+		os.Exit(1)
+	}
+}
+
+func wrappedHTTPPost(url string) func(c *cli.Context) {
+	return func(c *cli.Context) {
+		httpPost(c, url, "")
+	}
+}
+
+func prettyPrintJSON(json map[string]interface{}) {
+	writer := newTableWriter()
+	remap := make(map[string]interface{})
+	for k, v := range json {
+		key, ok := jsonAttributeLabels[k]
+		if !ok {
+			key = firstUpper(k)
+		}
+		remap[key] = v
+	}
+
+	jsonKeys := make([]string, 0, len(remap))
+	for key := range remap {
+		jsonKeys = append(jsonKeys, key)
+	}
+	sort.Strings(jsonKeys)
+	for _, k := range jsonKeys {
+		var value string
+		rvalue := remap[k]
+		switch rvalue.(type) {
+		case int, int16, int32, int64, uint, uint16, uint32, uint64, float32, float64:
+			value = fmt.Sprintf("%.0f", rvalue)
+		default:
+			value = fmt.Sprint(rvalue)
+		}
+		if value == "" {
+			continue
+		}
+		fmt.Fprintln(writer, k+":\t"+value)
+	}
+	writer.Flush()
+}
+
+func firstUpper(str string) string {
+	for i, v := range str {
+		return string(unicode.ToUpper(v)) + str[i+1:]
+	}
+	return ""
+}
+
+func newTableWriter() *tabwriter.Writer {
+	writer := new(tabwriter.Writer)
+	writer.Init(os.Stdout, 0, 8, 0, '\t', 0)
+	return writer
+}
+
+func getMyID(c *cli.Context) string {
+	response := httpGet(c, "system/status")
+	data := make(map[string]interface{})
+	json.Unmarshal(responseToBArray(response), &data)
+	return data["myID"].(string)
+}
+
+func getConfig(c *cli.Context) config.Configuration {
+	response := httpGet(c, "system/config")
+	config := config.Configuration{}
+	json.Unmarshal(responseToBArray(response), &config)
+	return config
+}
+
+func setConfig(c *cli.Context, cfg config.Configuration) {
+	body, err := json.Marshal(cfg)
+	die(err)
+	response := httpPost(c, "system/config", string(body))
+	if response.StatusCode != 200 {
+		die("Unexpected status code", response.StatusCode)
+	}
+}
+
+func parseBool(input string) bool {
+	val, err := strconv.ParseBool(input)
+	if err != nil {
+		die(input + " is not a valid value for a boolean")
+	}
+	return val
+}
+
+func parseInt(input string) int {
+	val, err := strconv.ParseInt(input, 0, 64)
+	if err != nil {
+		die(input + " is not a valid value for an integer")
+	}
+	return int(val)
+}
+
+func parseUint(input string) int {
+	val, err := strconv.ParseUint(input, 0, 64)
+	if err != nil {
+		die(input + " is not a valid value for an unsigned integer")
+	}
+	return int(val)
+}
+
+func parsePort(input string) int {
+	port := parseUint(input)
+	if port < 1 || port > 65535 {
+		die(input + " is not a valid port\nExpected value between 1 and 65535")
+	}
+	return port
+}
+
+func validAddress(input string) {
+	tokens := strings.Split(input, ":")
+	if len(tokens) != 2 {
+		die(input + " is not a valid value for an address\nExpected format <ip or hostname>:<port>")
+	}
+	matched, err := regexp.MatchString("^[a-zA-Z0-9]+([-a-zA-Z0-9.]+[-a-zA-Z0-9]+)?$", tokens[0])
+	die(err)
+	if !matched {
+		die(input + " is not a valid value for an address\nExpected format <ip or hostname>:<port>")
+	}
+	parsePort(tokens[1])
+}
+
+func parseDeviceID(input string) protocol.DeviceID {
+	device, err := protocol.DeviceIDFromString(input)
+	if err != nil {
+		die(input + " is not a valid device id")
+	}
+	return device
+}

cmd/stcompdirs/main.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 
@@ -15,8 +15,6 @@ import (
 	"log"
 	"os"
 	"path/filepath"
-
-	"github.com/syncthing/syncthing/lib/symlinks"
 )
 
 func main() {
@@ -104,7 +102,7 @@ func startWalker(dir string, res chan<- fileInfo, abort <-chan struct{}) chan er
 				mode: os.ModeSymlink,
 			}
 
-			tgt, _, err := symlinks.Read(path)
+			tgt, err := os.Readlink(path)
 			if err != nil {
 				return err
 			}

cmd/stdisco/main.go

@@ -2,12 +2,11 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 
 import (
-	"bytes"
 	"crypto/rand"
 	"encoding/binary"
 	"flag"
@@ -45,7 +44,7 @@ func main() {
 	flag.Parse()
 
 	if fake {
-		log.Println("My ID:", protocol.DeviceIDFromBytes(myID))
+		log.Println("My ID:", myID)
 	}
 
 	runbeacon(beacon.NewMulticast(mc), fake)
@@ -75,17 +74,17 @@ func recv(bc beacon.Interface) {
 		var ann discover.Announce
 		ann.Unmarshal(data[4:])
 
-		if bytes.Equal(ann.ID, myID) {
+		if ann.ID == myID {
 			// This is one of our own fake packets, don't print it.
 			continue
 		}
 
 		// Print announcement details for the first packet from a given
 		// device ID and source address, or if -all was given.
-		key := string(ann.ID) + src.String()
+		key := ann.ID.String() + src.String()
 		if all || !seen[key] {
 			log.Printf("Announcement from %v\n", src)
-			log.Printf(" %v at %s\n", protocol.DeviceIDFromBytes(ann.ID), strings.Join(ann.Addresses, ", "))
+			log.Printf(" %v at %s\n", ann.ID, strings.Join(ann.Addresses, ", "))
 			seen[key] = true
 		}
 	}
@@ -106,9 +105,9 @@ func send(bc beacon.Interface) {
 }
 
 // returns a random but recognizable device ID
-func randomDeviceID() []byte {
-	var id [32]byte
+func randomDeviceID() protocol.DeviceID {
+	var id protocol.DeviceID
 	copy(id[:], randomPrefix)
 	rand.Read(id[len(randomPrefix):])
-	return id[:]
+	return id
 }

cmd/stdiscosrv/README.md

@@ -1,14 +1,8 @@
 stdiscosrv
 ==========
 
-[![Latest Build](http://img.shields.io/jenkins/s/http/build.syncthing.net/stdiscosrv.svg?style=flat-square)](http://build.syncthing.net/job/stdiscosrv/lastBuild/)
-
 This is the global discovery server for the `syncthing` project.
 
-To get it, run `go get github.com/syncthing/stdiscosrv` or download the
-[latest build](http://build.syncthing.net/job/stdiscosrv/lastSuccessfulBuild/artifact/)
-from the build server.
-
 Usage
 -----
 
@@ -38,3 +32,7 @@ In all cases, the appropriate tables and indexes will be created at first
 startup. If it doesn't exit with an error, you're fine.
 
 See `stdiscosrv -help` for other options.
+
+##### Third-party attribution
+
+[cznic/lldb](https://github.com/cznic/lldb), Copyright (C) 2014 The lldb Authors.

cmd/stdiscosrv/querysrv.go

@@ -19,9 +19,9 @@ import (
 	"time"
 
 	"github.com/golang/groupcache/lru"
-	"github.com/juju/ratelimit"
 	"github.com/syncthing/syncthing/lib/protocol"
 	"golang.org/x/net/context"
+	"golang.org/x/time/rate"
 )
 
 type querysrv struct {
@@ -62,6 +62,10 @@ func (i requestID) String() string {
 	return fmt.Sprintf("%016x", int64(i))
 }
 
+type contextKey int
+
+const idKey contextKey = iota
+
 func negCacheFor(lastSeen time.Time) int {
 	since := time.Since(lastSeen).Seconds()
 	if since >= maxDeviceAge {
@@ -132,7 +136,7 @@ var topCtx = context.Background()
 
 func (s *querysrv) handler(w http.ResponseWriter, req *http.Request) {
 	reqID := requestID(rand.Int63())
-	ctx := context.WithValue(topCtx, "id", reqID)
+	ctx := context.WithValue(topCtx, idKey, reqID)
 
 	if debug {
 		log.Println(reqID, req.Method, req.URL)
@@ -186,7 +190,7 @@ func (s *querysrv) handler(w http.ResponseWriter, req *http.Request) {
 }
 
 func (s *querysrv) handleGET(ctx context.Context, w http.ResponseWriter, req *http.Request) {
-	reqID := ctx.Value("id").(requestID)
+	reqID := ctx.Value(idKey).(requestID)
 
 	deviceID, err := protocol.DeviceIDFromString(req.URL.Query().Get("device"))
 	if err != nil {
@@ -238,7 +242,7 @@ func (s *querysrv) handleGET(ctx context.Context, w http.ResponseWriter, req *ht
 }
 
 func (s *querysrv) handlePOST(ctx context.Context, remoteIP net.IP, w http.ResponseWriter, req *http.Request) {
-	reqID := ctx.Value("id").(requestID)
+	reqID := ctx.Value(idKey).(requestID)
 
 	rawCert := certificateBytes(req)
 	if rawCert == nil {
@@ -299,7 +303,7 @@ func (s *querysrv) Stop() {
 }
 
 func (s *querysrv) handleAnnounce(ctx context.Context, remote net.IP, deviceID protocol.DeviceID, addresses []string) (userErr, internalErr error) {
-	reqID := ctx.Value("id").(requestID)
+	reqID := ctx.Value(idKey).(requestID)
 
 	tx, err := s.db.Begin()
 	if err != nil {
@@ -369,21 +373,21 @@ func (s *querysrv) limit(remote net.IP) bool {
 
 	bkt, ok := s.limiter.Get(key)
 	if ok {
-		bkt := bkt.(*ratelimit.Bucket)
-		if bkt.TakeAvailable(1) != 1 {
+		bkt := bkt.(*rate.Limiter)
+		if !bkt.Allow() {
 			// Rate limit exceeded; ignore packet
 			return true
 		}
 	} else {
-		// One packet per ten seconds average rate, burst ten packets
-		s.limiter.Add(key, ratelimit.NewBucket(10*time.Second/time.Duration(limitAvg), int64(limitBurst)))
+		// limitAvg is in packets per ten seconds.
+		s.limiter.Add(key, rate.NewLimiter(rate.Limit(limitAvg)/10, limitBurst))
 	}
 
 	return false
 }
 
 func (s *querysrv) updateDevice(ctx context.Context, tx *sql.Tx, device protocol.DeviceID) error {
-	reqID := ctx.Value("id").(requestID)
+	reqID := ctx.Value(idKey).(requestID)
 	t0 := time.Now()
 	res, err := tx.Stmt(s.prep["updateDevice"]).Exec(device.String())
 	if err != nil {

cmd/stevents/main.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 

cmd/stfileinfo/main.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 
@@ -70,7 +70,7 @@ func main() {
 		if *standardBlocks || blockSize < protocol.BlockSize {
 			blockSize = protocol.BlockSize
 		}
-		bs, err := scanner.Blocks(fd, blockSize, fi.Size(), nil)
+		bs, err := scanner.Blocks(fd, blockSize, fi.Size(), nil, true)
 		if err != nil {
 			log.Fatal(err)
 		}

cmd/stfinddevice/main.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 

cmd/stgenfiles/main.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 
@@ -66,7 +66,7 @@ func generateFiles(dir string, files, maxexp int, srcname string) error {
 }
 
 func generateOneFile(fd io.ReadSeeker, p1 string, s int64) error {
-	src := io.LimitReader(&inifiteReader{fd}, int64(s))
+	src := io.LimitReader(&inifiteReader{fd}, s)
 	dst, err := os.Create(p1)
 	if err != nil {
 		return err
@@ -85,12 +85,7 @@ func generateOneFile(fd io.ReadSeeker, p1 string, s int64) error {
 	_ = os.Chmod(p1, os.FileMode(rand.Intn(0777)|0400))
 
 	t := time.Now().Add(-time.Duration(rand.Intn(30*86400)) * time.Second)
-	err = os.Chtimes(p1, t, t)
-	if err != nil {
-		return err
-	}
-
-	return nil
+	return os.Chtimes(p1, t, t)
 }
 
 func randomName() string {

cmd/stindex/dump.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 

cmd/stindex/dumpsize.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 

cmd/stindex/main.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 

cmd/stindex/util.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 

cmd/strelaypoolsrv/README.md

@@ -1,15 +1,24 @@
 # relaypoolsrv
 
-[![Latest Build](http://img.shields.io/jenkins/s/http/build.syncthing.net/relaypoolsrv.svg?style=flat-square)](http://build.syncthing.net/job/relaypoolsrv/lastBuild/)
+This is the relay pool server for the `syncthing` project, which allows
+community hosted [relaysrv](https://github.com/syncthing/relaysrv)'s to join
+the public pool.
 
-This is the relay pool server for the `syncthing` project, which allows community hosted [relaysrv](https://github.com/syncthing/relaysrv)'s to join the public pool.
+Servers that join the pool are then advertised to users of `syncthing` as
+potential connection points for those who are unable to connect directly due
+to NAT or firewall issues.
 
-Servers that join the pool are then advertised to users of `syncthing` as potential connection points for those who are unable to connect directly due to NAT or firewall issues.
-
-There is very little reason why you'd want to run this yourself, as `relaypoolsrv` is just used for announcement and lookup of public relay servers. If you are looking to setup a private or a public relay, please check the documentation for [relaysrv](https://github.com/syncthing/relaysrv), which also explains how to join the default public pool.
-
-If you still want to run it, you can run `go get github.com/syncthing/relaypoolsrv` download it or download the
-[latest build](http://build.syncthing.net/job/relaypoolsrv/lastSuccessfulBuild/artifact/)
-from the build server.
+There is very little reason why you'd want to run this yourself, as
+`relaypoolsrv` is just used for announcement and lookup of public relay
+servers. If you are looking to setup a private or a public relay, please
+check the documentation for
+[relaysrv](https://github.com/syncthing/relaysrv), which also explains how
+to join the default public pool.
 
 See `relaypoolsrv -help` for configuration options.
+
+##### Third-party attributions
+
+[oschwald/geoip2-golang](https://github.com/oschwald/geoip2-golang), [oschwald/maxminddb-golang](https://github.com/oschwald/maxminddb-golang), Copyright (C) 2015 [Gregory J. Oschwald](mailto:oschwald@gmail.com).
+
+[lib/pq](https://github.com/lib/pq)</a>, Copyright (C) 2011-2013 'pq' Contributors Portions Copyright (C) 2011 Blake Mizerany.

cmd/strelaypoolsrv/gui/index.html

@@ -48,7 +48,7 @@
           </p>
         </div>
         <div id="map"></div> <!-- Can't hide the map, otherwise it freaks out -->
-        <p>The circle size represents how much bytes the relay transfered relative to other relays</p>
+        <p>The circle size represents how much bytes the relay transferred relative to other relays</p>
       </div>
       <div>
         <table class="table table-striped table-condensed table">
@@ -56,32 +56,32 @@
             <tr>
               <th rowspan="2">Address</td>
               <th rowspan="2">
-                <a ng-click="sortType = 'status.numActiveSessions || -1'; sortReverse = !sortReverse">
+                <a ng-click="sortType = 'status.numActiveSessions'; sortReverse = !sortReverse">
                   Sessions
-                  <span ng-show="sortType == 'status.numActiveSessions || -1' && !sortReverse" class="fa fa-caret-down"></span>
-                  <span ng-show="sortType == 'status.numActiveSessions || -1' && sortReverse" class="fa fa-caret-up"></span>
+                  <span ng-show="sortType == 'status.numActiveSessions' && !sortReverse" class="fa fa-caret-down"></span>
+                  <span ng-show="sortType == 'status.numActiveSessions' && sortReverse" class="fa fa-caret-up"></span>
                 </a>
               </th>
               <th rowspan="2">
-                <a ng-click="sortType = 'status.numConnections || -1'; sortReverse = !sortReverse">
+                <a ng-click="sortType = 'status.numConnections'; sortReverse = !sortReverse">
                   Connections
-                  <span ng-show="sortType == 'status.numConnections || -1' && !sortReverse" class="fa fa-caret-down"></span>
-                  <span ng-show="sortType == 'status.numConnections || -1' && sortReverse" class="fa fa-caret-up"></span>
+                  <span ng-show="sortType == 'status.numConnections' && !sortReverse" class="fa fa-caret-down"></span>
+                  <span ng-show="sortType == 'status.numConnections' && sortReverse" class="fa fa-caret-up"></span>
                 </a>
               </th>
               <th rowspan="2">
-                <a ng-click="sortType = 'status.bytesProxied || -1'; sortReverse = !sortReverse">
+                <a ng-click="sortType = 'status.bytesProxied'; sortReverse = !sortReverse">
                   Data relayed
-                  <span ng-show="sortType == 'status.bytesProxied || -1' && !sortReverse" class="fa fa-caret-down"></span>
-                  <span ng-show="sortType == 'status.bytesProxied || -1' && sortReverse" class="fa fa-caret-up"></span>
+                  <span ng-show="sortType == 'status.bytesProxied' && !sortReverse" class="fa fa-caret-down"></span>
+                  <span ng-show="sortType == 'status.bytesProxied' && sortReverse" class="fa fa-caret-up"></span>
                 </a>
               </th>
               <th colspan="6" class="text-center">Transfer rate in the last period</th>
               <th rowspan="2">
-                <a ng-click="sortType = 'status.uptimeSeconds || -1'; sortReverse = !sortReverse">
+                <a ng-click="sortType = 'status.uptimeSeconds'; sortReverse = !sortReverse">
                   Uptime hours
-                  <span ng-show="sortType == 'status.uptimeSeconds || -1' && !sortReverse" class="fa fa-caret-down"></span>
-                  <span ng-show="sortType == 'status.uptimeSeconds || -1' && sortReverse" class="fa fa-caret-up"></span>
+                  <span ng-show="sortType == 'status.uptimeSeconds' && !sortReverse" class="fa fa-caret-down"></span>
+                  <span ng-show="sortType == 'status.uptimeSeconds' && sortReverse" class="fa fa-caret-up"></span>
                 </a>
               </th>
               <th rowspan="2">
@@ -94,51 +94,51 @@
             </tr>
             <tr>
               <th>
-                <a ng-click="sortType = 'status.kbps10s1m5m15m30m60m[0] || -1'; sortReverse = !sortReverse">
+                <a ng-click="sortType = 'status.kbps10s1m5m15m30m60m[0]'; sortReverse = !sortReverse">
                   10s
-                  <span ng-show="sortType == 'status.kbps10s1m5m15m30m60m[0] || -1' && !sortReverse" class="fa fa-caret-down"></span>
-                  <span ng-show="sortType == 'status.kbps10s1m5m15m30m60m[0] || -1' && sortReverse" class="fa fa-caret-up"></span>
+                  <span ng-show="sortType == 'status.kbps10s1m5m15m30m60m[0]' && !sortReverse" class="fa fa-caret-down"></span>
+                  <span ng-show="sortType == 'status.kbps10s1m5m15m30m60m[0]' && sortReverse" class="fa fa-caret-up"></span>
                 </a>
               </th>
               <th>
-                <a ng-click="sortType = 'status.kbps10s1m5m15m30m60m[1] || -1'; sortReverse = !sortReverse">
+                <a ng-click="sortType = 'status.kbps10s1m5m15m30m60m[1]'; sortReverse = !sortReverse">
                   1m
-                  <span ng-show="sortType == 'status.kbps10s1m5m15m30m60m[1] || -1' && !sortReverse" class="fa fa-caret-down"></span>
-                  <span ng-show="sortType == 'status.kbps10s1m5m15m30m60m[1] || -1' && sortReverse" class="fa fa-caret-up"></span>
+                  <span ng-show="sortType == 'status.kbps10s1m5m15m30m60m[1]' && !sortReverse" class="fa fa-caret-down"></span>
+                  <span ng-show="sortType == 'status.kbps10s1m5m15m30m60m[1]' && sortReverse" class="fa fa-caret-up"></span>
                 </a>
               </th>
               <th>
-                <a ng-click="sortType = 'status.kbps10s1m5m15m30m60m[2] || -1'; sortReverse = !sortReverse">
+                <a ng-click="sortType = 'status.kbps10s1m5m15m30m60m[2]'; sortReverse = !sortReverse">
                   5m
-                  <span ng-show="sortType == 'status.kbps10s1m5m15m30m60m[2] || -1' && !sortReverse" class="fa fa-caret-down"></span>
-                  <span ng-show="sortType == 'status.kbps10s1m5m15m30m60m[2] || -1' && sortReverse" class="fa fa-caret-up"></span>
+                  <span ng-show="sortType == 'status.kbps10s1m5m15m30m60m[2]' && !sortReverse" class="fa fa-caret-down"></span>
+                  <span ng-show="sortType == 'status.kbps10s1m5m15m30m60m[2]' && sortReverse" class="fa fa-caret-up"></span>
                 </a>
               </th>
               <th>
-                <a ng-click="sortType = 'status.kbps10s1m5m15m30m60m[3] || -1'; sortReverse = !sortReverse">
+                <a ng-click="sortType = 'status.kbps10s1m5m15m30m60m[3]'; sortReverse = !sortReverse">
                   15m
-                  <span ng-show="sortType == 'status.kbps10s1m5m15m30m60m[3] || -1' && !sortReverse" class="fa fa-caret-down"></span>
-                  <span ng-show="sortType == 'status.kbps10s1m5m15m30m60m[3] || -1' && sortReverse" class="fa fa-caret-up"></span>
+                  <span ng-show="sortType == 'status.kbps10s1m5m15m30m60m[3]' && !sortReverse" class="fa fa-caret-down"></span>
+                  <span ng-show="sortType == 'status.kbps10s1m5m15m30m60m[3]' && sortReverse" class="fa fa-caret-up"></span>
                 </a>
               </th>
               <th>
-                <a ng-click="sortType = 'status.kbps10s1m5m15m30m60m[4] || -1'; sortReverse = !sortReverse">
+                <a ng-click="sortType = 'status.kbps10s1m5m15m30m60m[4]'; sortReverse = !sortReverse">
                   30m
-                  <span ng-show="sortType == 'status.kbps10s1m5m15m30m60m[4] || -1' && !sortReverse" class="fa fa-caret-down"></span>
-                  <span ng-show="sortType == 'status.kbps10s1m5m15m30m60m[4] || -1' && sortReverse" class="fa fa-caret-up"></span>
+                  <span ng-show="sortType == 'status.kbps10s1m5m15m30m60m[4]' && !sortReverse" class="fa fa-caret-down"></span>
+                  <span ng-show="sortType == 'status.kbps10s1m5m15m30m60m[4]' && sortReverse" class="fa fa-caret-up"></span>
                 </a>
               </th>
               <th>
-                <a ng-click="sortType = 'status.kbps10s1m5m15m30m60m[5] || -1'; sortReverse = !sortReverse">
+                <a ng-click="sortType = 'status.kbps10s1m5m15m30m60m[5]'; sortReverse = !sortReverse">
                   60m
-                  <span ng-show="sortType == 'status.kbps10s1m5m15m30m60m[5] || -1' && !sortReverse" class="fa fa-caret-down"></span>
-                  <span ng-show="sortType == 'status.kbps10s1m5m15m30m60m[5] || -1' && sortReverse" class="fa fa-caret-up"></span>
+                  <span ng-show="sortType == 'status.kbps10s1m5m15m30m60m[5]' && !sortReverse" class="fa fa-caret-down"></span>
+                  <span ng-show="sortType == 'status.kbps10s1m5m15m30m60m[5]' && sortReverse" class="fa fa-caret-up"></span>
                 </a>
               </th>
             </tr>
           </thead>
           <tbody>
-            <tr ng-repeat="relay in relays | orderBy:sortType:sortReverse ">
+            <tr ng-repeat="relay in relays | orderBy:sortType:sortReverse:sortCompare">
               <td>{{ relay.address }}</td>
               <td ng-if="relay.status === undefined" colspan="11" class="text-center">Looking up...</td>
               <td ng-if-start="relay.status !== undefined">{{ relay.status.numActiveSessions }}</td>
@@ -185,7 +185,7 @@
 
 
     <script src="//code.jquery.com/jquery-2.1.4.min.js"></script>
-    <script src="//cdnjs.cloudflare.com/ajax/libs/angular.js/1.4.7/angular.min.js"></script>
+    <script src="//cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/angular.min.js"></script>
     <script src="//maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js"></script>
     <script src="//maps.googleapis.com/maps/api/js"></script>
   </body>
@@ -235,8 +235,20 @@
     $scope.mapBounds = new google.maps.LatLngBounds();
     $scope.tooltipTemplate = $('#infoTemplate').html();
     $scope.usedLocations = {};
-    $scope.sortType = 'status.numActiveSessions || -1';
+    $scope.sortType = 'status.numActiveSessions';
     $scope.sortReverse = true;
+    $scope.sortCompare = function(a, b) {
+      if (a.value == b.value) {
+        return 0;
+      }
+      if (a.type == "undefined") {
+        return -1;
+      }
+      if (b.type == "undefined") {
+        return 1;
+      }
+      return a.value > b.value ? 1 : -1;
+    }
 
     $http.get("/endpoint").then(function(response) {
       $scope.relays = response.data.relays;
@@ -325,7 +337,8 @@
       var timeoutRequest = $q.defer();
       var resolveStatus = $q.defer();
 
-      $http.get("http://" + relay.uri.hostname + (relay.uri.args.statusAddr || ":22070") + "/status", { timeout: timeoutRequest.promise }).then(function (response) {
+
+      $http.get("http://" + relay.uri.hostname + ':' + ((relay.uri.args.statusAddr && relay.uri.args.statusAddr.split(':')[1]) || "22070") + "/status", { timeout: timeoutRequest.promise }).then(function (response) {
         relay.status = response.data;
         resolveStatus.resolve();
         angular.forEach($scope.totals, function(value, key) {

cmd/strelaypoolsrv/main.go

@@ -1,6 +1,6 @@
 // Copyright (C) 2015 Audrius Butkevicius and Contributors (see the CONTRIBUTORS file).
 
-//go:generate go run genassets.go gui auto/gui.go
+//go:generate go run ../../script/genassets.go gui >auto/gui.go
 
 package main
 
@@ -23,14 +23,12 @@ import (
 	"time"
 
 	"github.com/golang/groupcache/lru"
-	"github.com/juju/ratelimit"
-
 	"github.com/oschwald/geoip2-golang"
-
 	"github.com/syncthing/syncthing/cmd/strelaypoolsrv/auto"
 	"github.com/syncthing/syncthing/lib/relay/client"
 	"github.com/syncthing/syncthing/lib/sync"
 	"github.com/syncthing/syncthing/lib/tlsutil"
+	"golang.org/x/time/rate"
 )
 
 type location struct {
@@ -65,12 +63,12 @@ var (
 	dir            string
 	evictionTime   = time.Hour
 	debug          bool
-	getLRUSize           = 10 << 10
-	getLimitBurst  int64 = 10
-	getLimitAvg          = 1
-	postLRUSize          = 1 << 10
-	postLimitBurst int64 = 2
-	postLimitAvg         = 1
+	getLRUSize     = 10 << 10
+	getLimitBurst  = 10
+	getLimitAvg    = 1
+	postLRUSize    = 1 << 10
+	postLimitBurst = 2
+	postLimitAvg   = 1
 	getLimit       time.Duration
 	postLimit      time.Duration
 	permRelaysFile string
@@ -99,10 +97,10 @@ func main() {
 	flag.DurationVar(&evictionTime, "eviction", evictionTime, "After how long the relay is evicted")
 	flag.IntVar(&getLRUSize, "get-limit-cache", getLRUSize, "Get request limiter cache size")
 	flag.IntVar(&getLimitAvg, "get-limit-avg", 2, "Allowed average get request rate, per 10 s")
-	flag.Int64Var(&getLimitBurst, "get-limit-burst", getLimitBurst, "Allowed burst get requests")
+	flag.IntVar(&getLimitBurst, "get-limit-burst", getLimitBurst, "Allowed burst get requests")
 	flag.IntVar(&postLRUSize, "post-limit-cache", postLRUSize, "Post request limiter cache size")
 	flag.IntVar(&postLimitAvg, "post-limit-avg", 2, "Allowed average post request rate, per minute")
-	flag.Int64Var(&postLimitBurst, "post-limit-burst", postLimitBurst, "Allowed burst post requests")
+	flag.IntVar(&postLimitBurst, "post-limit-burst", postLimitBurst, "Allowed burst post requests")
 	flag.StringVar(&permRelaysFile, "perm-relays", "", "Path to list of permanent relays")
 	flag.StringVar(&ipHeader, "ip-header", "", "Name of header which holds clients ip:port. Only meaningful when running behind a reverse proxy.")
 	flag.StringVar(&geoipPath, "geoip", "GeoLite2-City.mmdb", "Path to GeoLite2-City database")
@@ -249,13 +247,13 @@ func handleRequest(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Access-Control-Allow-Origin", "*")
 	switch r.Method {
 	case "GET":
-		if limit(r.RemoteAddr, getLRUCache, getMut, getLimit, int64(getLimitBurst)) {
+		if limit(r.RemoteAddr, getLRUCache, getMut, getLimit, getLimitBurst) {
 			w.WriteHeader(429)
 			return
 		}
 		handleGetRequest(w, r)
 	case "POST":
-		if limit(r.RemoteAddr, postLRUCache, postMut, postLimit, int64(postLimitBurst)) {
+		if limit(r.RemoteAddr, postLRUCache, postMut, postLimit, postLimitBurst) {
 			w.WriteHeader(429)
 			return
 		}
@@ -326,8 +324,9 @@ func handlePostRequest(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	ip := net.ParseIP(host)
 	// The client did not provide an IP address, use the IP address of the client.
-	if host == "" {
+	if ip == nil || ip.IsUnspecified() {
 		uri.Host = net.JoinHostPort(rhost, port)
 		newRelay.URL = uri.String()
 	} else if host != rhost {
@@ -445,7 +444,7 @@ func evict(relay relay) func() {
 	}
 }
 
-func limit(addr string, cache *lru.Cache, lock sync.RWMutex, rate time.Duration, burst int64) bool {
+func limit(addr string, cache *lru.Cache, lock sync.RWMutex, intv time.Duration, burst int) bool {
 	host, _, err := net.SplitHostPort(addr)
 	if err != nil {
 		return false
@@ -455,14 +454,14 @@ func limit(addr string, cache *lru.Cache, lock sync.RWMutex, rate time.Duration,
 	bkt, ok := cache.Get(host)
 	lock.RUnlock()
 	if ok {
-		bkt := bkt.(*ratelimit.Bucket)
-		if bkt.TakeAvailable(1) != 1 {
+		bkt := bkt.(*rate.Limiter)
+		if !bkt.Allow() {
 			// Rate limit
 			return true
 		}
 	} else {
 		lock.Lock()
-		cache.Add(host, ratelimit.NewBucket(rate, burst))
+		cache.Add(host, rate.NewLimiter(rate.Every(intv), burst))
 		lock.Unlock()
 	}
 	return false

cmd/strelaysrv/README.md

@@ -1,28 +1,20 @@
 strelaysrv
 ==========
 
-[![Latest Build](http://img.shields.io/jenkins/s/http/build.syncthing.net/strelaysrv.svg?style=flat-square)](http://build.syncthing.net/job/strelaysrv/lastBuild/)
-
 This is the relay server for the `syncthing` project.
 
-To get it, run `go get github.com/syncthing/strelaysrv` or download the
-[latest build](http://build.syncthing.net/job/strelaysrv/lastSuccessfulBuild/artifact/)
-from the build server.
-
 :exclamation:Warnings:exclamation: - Read or regret
 -----
 
-By default, all relay servers will join the default public relay pool, which means that the relay server will be availble for public use, and **will consume your bandwidth** helping others to connect.
+By default, all relay servers will join to the default public relay pool, which means that the relay server will be available for public use, and **will consume your bandwidth** helping others to connect.
 
-If you wish to disable this behaviour, please specify `-pools=""` argument.
+If you wish to disable this behaviour, please specify the `-pools=""` argument.
 
 Please note that `strelaysrv` is only usable by `syncthing` **version v0.12 and onwards**.
 
-To run `strelaysrv` you need to have port 22067 available to the internet, which means you might need to allow it through your firewall if you **have a public IP, or setup a port-forwarding** (22067 to 22067) if you are behind a router.
+To run `strelaysrv` you need to have port 22067 available to the internet, which means you might need to port forward it and/or allow it through your firewall.
 
-Furthermore, **by default strelaysrv will also expose a /status HTTP endpoint on port 22070**, which is used by the pool servers to peek at metrics of the strelaysrv, such as what are the current transfer rates, how many clients are connected, etc, etc. If you wish this information to be available, similarlly you might want to allow it through your firewall, or port-forward it (22070 to 22070) on your NAT device.
-
-This is **not mandatory** for the strelaysrv to function, and is used only to gather metrics and present them in the overview page of the pool server, displaying stats about the specific relay.
+Furthermore, by default `strelaysrv` will also expose a /status HTTP endpoint on port 22070, which is used by the pool servers to read metrics of the `strelaysrv`, such as  the current transfer rates, how many clients are connected, etc. If you wish this information to be available you may need to port forward and allow it through your firewall. This is not mandatory for the `strelaysrv` to function, and is used only to gather metrics and present them in the overview page of the pool server.
 
 At the point of writing the endpoint output looks as follows:
 
@@ -66,7 +58,7 @@ If you wish to disable the /status endpoint, provide `-status-srv=""` as one of
 
 Running for public use
 ----
-Make sure you have a public IP with port 22067 open, or make sure you have port-forwarding (22067 to 22067) if you are behind a router.
+Make sure you have a public IP with port 22067 open, or have forwarded port 22067 if you are behind a NAT.
 
 Run the `strelaysrv` with no arguments (or `-debug` if you want more output), and that should be enough for the server to join the public relay pool.
 You should see a message saying:
@@ -79,37 +71,37 @@ See `strelaysrv -help` for other options, such as rate limits, timeout intervals
 Running for private use
 -----
 
-Once you've started the `strelaysrv`, it will generate a key pair and print an URI:
+Once you've started the `strelaysrv`, it will generate a key pair and print a URI:
 ```bash
 relay://:22067/?id=EZQOIDM-6DDD4ZI-DJ65NSM-4OQWRAT-EIKSMJO-OZ552BO-WQZEGYY-STS5RQM&pingInterval=1m0s&networkTimeout=2m0s&sessionLimitBps=0&globalLimitBps=0&statusAddr=:22070
 ```
 
-This URI contains partial address of the relay server, as well as it's options which in the future may be taken into account when choosing the best suitable relay out of multiple available.
+This URI contains a partial address of the relay server, as well as its options which in the future may be taken into account when choosing the most suitable relay.
 
-Because `-listen` option was not used, the `strelaysrv` does not know it's external IP, therefore you should replace the host part of the URI with your public IP address on which the `strelaysrv` will be available:
+Because the `-listen` option was not used `strelaysrv` does not know its external IP, therefore you should replace the host part of the URI with your public IP address on which the `strelaysrv` will be available:
 
 ```bash
-relay://123.123.123.123:22067/?id=EZQOIDM-6DDD4ZI-DJ65NSM-4OQWRAT-EIKSMJO-OZ552BO-WQZEGYY-STS5RQM&pingInterval=1m0s&networkTimeout=2m0s&sessionLimitBps=0&globalLimitBps=0&statusAddr=:22070
+relay://192.0.2.1:22067/?id=EZQOIDM-6DDD4ZI-DJ65NSM-4OQWRAT-EIKSMJO-OZ552BO-WQZEGYY-STS5RQM&pingInterval=1m0s&networkTimeout=2m0s&sessionLimitBps=0&globalLimitBps=0&statusAddr=:22070
 ```
 
 If you do not care about certificate pinning (improved security) or do not care about passing verbose settings to the clients, you can shorten the URL to just the host part:
 
 ```bash
-relay://123.123.123.123:22067
+relay://192.0.2.1:22067
 ```
 
-This URI can then be used in `syncthing` as one of the relay servers.
+This URI can then be used in `syncthing` clients as one of the relay servers by adding the URI to the "Sync Protocol Listen Address" field, under Actions and Settings.
 
 See `strelaysrv -help` for other options, such as rate limits, timeout intervals, etc.
 
 Other items available in this repo
 ----
 ##### testutil
-A test utility which can be used to test connectivity of a relay server.
-You need to generate two x509 key pairs (key.pem and cert.pem), one for the client, another one for the server, in separate directories.
+A test utility which can be used to test the connectivity of a relay server.
+You need to generate two x509 key pairs (key.pem and cert.pem), one for the client and one for the server, in separate directories.
 Afterwards, start the client:
 ```bash
-./testutil -relay="relay://uri.of.relay" -keys=certs/client/ -join
+./testutil -relay="relay://192.0.2.1:22067" -keys=certs/client/ -join
 ```
 
 This prints out the client ID:
@@ -120,7 +112,7 @@ This prints out the client ID:
 In the other terminal run the following:
 
 ```bash
- ./testutil -relay="relay://uri.of.relay" -keys=certs/server/ -connect=BG2C5ZA-W7XPFDO-LH222Z6-65F3HJX-ADFTGRT-3SBFIGM-KV26O2Q-E5RMRQ2
+ ./testutil -relay="relay://192.0.2.1:22067" -keys=certs/server/ -connect=BG2C5ZA-W7XPFDO-LH222Z6-65F3HJX-ADFTGRT-3SBFIGM-KV26O2Q-E5RMRQ2
 ```
 
 Which should then give you an interactive prompt, where you can type things in one terminal, and they get relayed to the other terminal.
@@ -137,5 +129,3 @@ Relay related libraries used by this repo
 Only used by the testutil.
 
 [Available here](https://github.com/syncthing/syncthing/tree/master/lib/relay/client)
-
-

cmd/strelaysrv/listener.go

@@ -172,7 +172,7 @@ func protocolConnectionHandler(tcpConn net.Conn, config *tls.Config) {
 					if debug {
 						log.Println("Sent invitation from", id, "to", requestedPeer)
 					}
-				default:
+				case <-time.After(time.Second):
 					if debug {
 						log.Println("Could not send invitation from", id, "to", requestedPeer, "as peer disconnected")
 					}
@@ -204,7 +204,6 @@ func protocolConnectionHandler(tcpConn net.Conn, config *tls.Config) {
 			if debug {
 				log.Printf("Closing connection %s: %s", id, err)
 			}
-			close(outbox)
 
 			// Potentially closing a second time.
 			conn.Close()
@@ -260,10 +259,6 @@ func protocolConnectionHandler(tcpConn net.Conn, config *tls.Config) {
 			conn.Close()
 
 		case msg := <-outbox:
-			if msg == nil {
-				conn.Close()
-				return
-			}
 			if debug {
 				log.Printf("Sending message %T to %s", msg, id)
 			}

cmd/strelaysrv/main.go

@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"log"
 	"net"
+	"net/http"
 	"net/url"
 	"os"
 	"os/signal"
@@ -19,10 +20,10 @@ import (
 	"syscall"
 	"time"
 
-	"github.com/juju/ratelimit"
 	"github.com/syncthing/syncthing/lib/osutil"
 	"github.com/syncthing/syncthing/lib/relay/protocol"
 	"github.com/syncthing/syncthing/lib/tlsutil"
+	"golang.org/x/time/rate"
 
 	"github.com/syncthing/syncthing/lib/config"
 	"github.com/syncthing/syncthing/lib/nat"
@@ -53,7 +54,6 @@ func init() {
 var (
 	listen string
 	debug  bool
-	proto  string
 
 	sessionAddress []byte
 	sessionPort    uint16
@@ -68,8 +68,8 @@ var (
 	globalLimitBps  int
 	overLimit       int32
 	descriptorLimit int64
-	sessionLimiter  *ratelimit.Bucket
-	globalLimiter   *ratelimit.Bucket
+	sessionLimiter  *rate.Limiter
+	globalLimiter   *rate.Limiter
 
 	statusAddr       string
 	poolAddrs        string
@@ -120,6 +120,21 @@ func main() {
 		log.Fatal(err)
 	}
 
+	laddr, err := net.ResolveTCPAddr(proto, listen)
+	if err != nil {
+		log.Fatal(err)
+	}
+	if laddr.IP != nil && !laddr.IP.IsUnspecified() {
+		laddr.Port = 0
+		transport, ok := http.DefaultTransport.(*http.Transport)
+		if ok {
+			transport.Dial = (&net.Dialer{
+				Timeout:   30 * time.Second,
+				LocalAddr: laddr,
+			}).Dial
+		}
+	}
+
 	log.Println(LongVersion)
 
 	maxDescriptors, err := osutil.MaximizeOpenFileLimit()
@@ -200,10 +215,10 @@ func main() {
 	}
 
 	if sessionLimitBps > 0 {
-		sessionLimiter = ratelimit.NewBucketWithRate(float64(sessionLimitBps), int64(2*sessionLimitBps))
+		sessionLimiter = rate.NewLimiter(rate.Limit(sessionLimitBps), 2*sessionLimitBps)
 	}
 	if globalLimitBps > 0 {
-		globalLimiter = ratelimit.NewBucketWithRate(float64(globalLimitBps), int64(2*globalLimitBps))
+		globalLimiter = rate.NewLimiter(rate.Limit(globalLimitBps), 2*globalLimitBps)
 	}
 
 	if statusAddr != "" {

cmd/strelaysrv/session.go

@@ -7,15 +7,16 @@ import (
 	"encoding/hex"
 	"fmt"
 	"log"
+	"math"
 	"net"
 	"sync"
 	"sync/atomic"
 	"time"
 
-	"github.com/juju/ratelimit"
-	"github.com/syncthing/syncthing/lib/relay/protocol"
+	"golang.org/x/time/rate"
 
 	syncthingprotocol "github.com/syncthing/syncthing/lib/protocol"
+	"github.com/syncthing/syncthing/lib/relay/protocol"
 )
 
 var (
@@ -26,7 +27,7 @@ var (
 	bytesProxied    int64
 )
 
-func newSession(serverid, clientid syncthingprotocol.DeviceID, sessionRateLimit, globalRateLimit *ratelimit.Bucket) *session {
+func newSession(serverid, clientid syncthingprotocol.DeviceID, sessionRateLimit, globalRateLimit *rate.Limiter) *session {
 	serverkey := make([]byte, 32)
 	_, err := rand.Read(serverkey)
 	if err != nil {
@@ -108,7 +109,7 @@ type session struct {
 	clientkey []byte
 	clientid  syncthingprotocol.DeviceID
 
-	rateLimit func(bytes int64)
+	rateLimit func(bytes int)
 
 	connsChan chan net.Conn
 	conns     []net.Conn
@@ -216,7 +217,7 @@ done:
 func (s *session) GetClientInvitationMessage() protocol.SessionInvitation {
 	return protocol.SessionInvitation{
 		From:         s.serverid[:],
-		Key:          []byte(s.clientkey),
+		Key:          s.clientkey,
 		Address:      sessionAddress,
 		Port:         sessionPort,
 		ServerSocket: false,
@@ -226,7 +227,7 @@ func (s *session) GetClientInvitationMessage() protocol.SessionInvitation {
 func (s *session) GetServerInvitationMessage() protocol.SessionInvitation {
 	return protocol.SessionInvitation{
 		From:         s.clientid[:],
-		Key:          []byte(s.serverkey),
+		Key:          s.serverkey,
 		Address:      sessionAddress,
 		Port:         sessionPort,
 		ServerSocket: true,
@@ -268,7 +269,7 @@ func (s *session) proxy(c1, c2 net.Conn) error {
 		}
 
 		if s.rateLimit != nil {
-			s.rateLimit(int64(n))
+			s.rateLimit(n)
 		}
 
 		c2.SetWriteDeadline(time.Now().Add(networkTimeout))
@@ -283,7 +284,7 @@ func (s *session) String() string {
 	return fmt.Sprintf("<%s/%s>", hex.EncodeToString(s.clientkey)[:5], hex.EncodeToString(s.serverkey)[:5])
 }
 
-func makeRateLimitFunc(sessionRateLimit, globalRateLimit *ratelimit.Bucket) func(int64) {
+func makeRateLimitFunc(sessionRateLimit, globalRateLimit *rate.Limiter) func(int) {
 	// This may be a case of super duper premature optimization... We build an
 	// optimized function to do the rate limiting here based on what we need
 	// to do and then use it in the loop.
@@ -298,29 +299,55 @@ func makeRateLimitFunc(sessionRateLimit, globalRateLimit *ratelimit.Bucket) func
 
 	if sessionRateLimit == nil {
 		// We only have a global limiter
-		return func(bytes int64) {
-			globalRateLimit.Wait(bytes)
+		return func(bytes int) {
+			take(bytes, globalRateLimit)
 		}
 	}
 
 	if globalRateLimit == nil {
 		// We only have a session limiter
-		return func(bytes int64) {
-			sessionRateLimit.Wait(bytes)
+		return func(bytes int) {
+			take(bytes, sessionRateLimit)
 		}
 	}
 
 	// We have both. Queue the bytes on both the global and session specific
-	// rate limiters. Wait for both in parallell, so that the actual send
-	// happens when both conditions are satisfied. In practice this just means
-	// wait the longer of the two times.
-	return func(bytes int64) {
-		t0 := sessionRateLimit.Take(bytes)
-		t1 := globalRateLimit.Take(bytes)
-		if t0 > t1 {
-			time.Sleep(t0)
-		} else {
-			time.Sleep(t1)
-		}
+	// rate limiters.
+	return func(bytes int) {
+		take(bytes, sessionRateLimit, globalRateLimit)
+	}
+}
+
+// take is a utility function to consume tokens from a set of rate.Limiters.
+// Tokens are consumed in parallel on all limiters, respecting their
+// individual burst sizes.
+func take(tokens int, ls ...*rate.Limiter) {
+	// minBurst is the smallest burst size supported by all limiters.
+	minBurst := int(math.MaxInt32)
+	for _, l := range ls {
+		if burst := l.Burst(); burst < minBurst {
+			minBurst = burst
+		}
+	}
+
+	for tokens > 0 {
+		// chunk is how many tokens we can consume at a time
+		chunk := tokens
+		if chunk > minBurst {
+			chunk = minBurst
+		}
+
+		// maxDelay is the longest delay mandated by any of the limiters for
+		// the chosen chunk size.
+		var maxDelay time.Duration
+		for _, l := range ls {
+			res := l.ReserveN(time.Now(), chunk)
+			if del := res.Delay(); del > maxDelay {
+				maxDelay = del
+			}
+		}
+
+		time.Sleep(maxDelay)
+		tokens -= chunk
 	}
 }

cmd/strelaysrv/status.go

@@ -42,7 +42,7 @@ func getStatus(w http.ResponseWriter, r *http.Request) {
 	status["goMaxProcs"] = runtime.GOMAXPROCS(-1)
 	status["goNumRoutine"] = runtime.NumGoroutine()
 	status["kbps10s1m5m15m30m60m"] = []int64{
-		rc.rate(10/10) * 8 / 1000,
+		rc.rate(1) * 8 / 1000, // each interval is 10s
 		rc.rate(60/10) * 8 / 1000,
 		rc.rate(5*60/10) * 8 / 1000,
 		rc.rate(15*60/10) * 8 / 1000,

cmd/stsigtool/main.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 

cmd/stvanity/main.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 

cmd/stwatchfile/main.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 

cmd/syncthing/auditservice.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 

cmd/syncthing/auditservice_test.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 
@@ -20,13 +20,13 @@ func TestAuditService(t *testing.T) {
 	service := newAuditService(buf)
 
 	// Event sent before start, will not be logged
-	events.Default.Log(events.Ping, "the first event")
+	events.Default.Log(events.ConfigSaved, "the first event")
 
 	go service.Serve()
 	service.WaitForStart()
 
 	// Event that should end up in the audit log
-	events.Default.Log(events.Ping, "the second event")
+	events.Default.Log(events.ConfigSaved, "the second event")
 
 	// We need to give the events time to arrive, since the channels are buffered etc.
 	time.Sleep(10 * time.Millisecond)
@@ -35,7 +35,7 @@ func TestAuditService(t *testing.T) {
 	service.WaitForStop()
 
 	// This event should not be logged, since we have stopped.
-	events.Default.Log(events.Ping, "the third event")
+	events.Default.Log(events.ConfigSaved, "the third event")
 
 	result := string(buf.Bytes())
 	t.Log(result)

cmd/syncthing/blockprof.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 

cmd/syncthing/buildtag_noupgrade.go

@@ -0,0 +1,13 @@
+// Copyright (C) 2017 The Syncthing Authors.
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this file,
+// You can obtain one at https://mozilla.org/MPL/2.0/.
+
+//+build noupgrade
+
+package main
+
+func init() {
+	BuildTags = append(BuildTags, "noupgrade")
+}

cmd/syncthing/buildtag_race.go

@@ -0,0 +1,13 @@
+// Copyright (C) 2017 The Syncthing Authors.
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this file,
+// You can obtain one at https://mozilla.org/MPL/2.0/.
+
+//+build race
+
+package main
+
+func init() {
+	BuildTags = append(BuildTags, "race")
+}

cmd/syncthing/debug.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 

cmd/syncthing/gui.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 
@@ -53,6 +53,7 @@ type apiService struct {
 	statics            *staticsServer
 	model              modelIntf
 	eventSub           events.BufferedSubscription
+	diskEventSub       events.BufferedSubscription
 	discoverer         discover.CachingMux
 	connectionsService connectionsIntf
 	fss                *folderSummaryService
@@ -60,7 +61,7 @@ type apiService struct {
 	stop               chan struct{} // signals intentional stop
 	configChanged      chan struct{} // signals intentional listener close due to config change
 	started            chan string   // signals startup complete by sending the listener address, for testing only
-	startedOnce        bool          // the service has started successfully at least once
+	startedOnce        chan struct{} // the service has started successfully at least once
 
 	guiErrors logger.Recorder
 	systemLog logger.Recorder
@@ -71,7 +72,7 @@ type modelIntf interface {
 	Completion(device protocol.DeviceID, folder string) model.FolderCompletion
 	Override(folder string)
 	NeedFolderFiles(folder string, page, perpage int) ([]db.FileInfoTruncated, []db.FileInfoTruncated, []db.FileInfoTruncated, int)
-	NeedSize(folder string) (nfiles int, bytes int64)
+	NeedSize(folder string) db.Counts
 	ConnectionStats() map[string]interface{}
 	DeviceStatistics() map[string]stats.DeviceStatistics
 	FolderStatistics() map[string]stats.FolderStatistics
@@ -81,16 +82,14 @@ type modelIntf interface {
 	Availability(folder, file string, version protocol.Vector, block protocol.BlockInfo) []model.Availability
 	GetIgnores(folder string) ([]string, []string, error)
 	SetIgnores(folder string, content []string) error
-	PauseDevice(device protocol.DeviceID)
-	ResumeDevice(device protocol.DeviceID)
 	DelayScan(folder string, next time.Duration)
 	ScanFolder(folder string) error
 	ScanFolders() map[string]error
 	ScanFolderSubdirs(folder string, subs []string) error
 	BringToFront(folder, file string)
 	ConnectedTo(deviceID protocol.DeviceID) bool
-	GlobalSize(folder string) (nfiles, deleted int, bytes int64)
-	LocalSize(folder string) (nfiles, deleted int, bytes int64)
+	GlobalSize(folder string) db.Counts
+	LocalSize(folder string) db.Counts
 	CurrentSequence(folder string) (int64, bool)
 	RemoteSequence(folder string) (int64, bool)
 	State(folder string) (string, time.Time, error)
@@ -98,12 +97,14 @@ type modelIntf interface {
 
 type configIntf interface {
 	GUI() config.GUIConfiguration
-	Raw() config.Configuration
+	RawCopy() config.Configuration
 	Options() config.OptionsConfiguration
 	Replace(cfg config.Configuration) error
 	Subscribe(c config.Committer)
 	Folders() map[string]config.FolderConfiguration
 	Devices() map[protocol.DeviceID]config.DeviceConfiguration
+	SetDevice(config.DeviceConfiguration) error
+	SetDevices([]config.DeviceConfiguration) error
 	Save() error
 	ListenAddresses() []string
 	RequiresRestart() bool
@@ -113,7 +114,7 @@ type connectionsIntf interface {
 	Status() map[string]interface{}
 }
 
-func newAPIService(id protocol.DeviceID, cfg configIntf, httpsCertFile, httpsKeyFile, assetDir string, m modelIntf, eventSub events.BufferedSubscription, discoverer discover.CachingMux, connectionsService connectionsIntf, errors, systemLog logger.Recorder) *apiService {
+func newAPIService(id protocol.DeviceID, cfg configIntf, httpsCertFile, httpsKeyFile, assetDir string, m modelIntf, eventSub events.BufferedSubscription, diskEventSub events.BufferedSubscription, discoverer discover.CachingMux, connectionsService connectionsIntf, errors, systemLog logger.Recorder) *apiService {
 	service := &apiService{
 		id:                 id,
 		cfg:                cfg,
@@ -122,11 +123,13 @@ func newAPIService(id protocol.DeviceID, cfg configIntf, httpsCertFile, httpsKey
 		statics:            newStaticsServer(cfg.GUI().Theme, assetDir),
 		model:              m,
 		eventSub:           eventSub,
+		diskEventSub:       diskEventSub,
 		discoverer:         discoverer,
 		connectionsService: connectionsService,
 		systemConfigMut:    sync.NewMutex(),
 		stop:               make(chan struct{}),
 		configChanged:      make(chan struct{}),
+		startedOnce:        make(chan struct{}),
 		guiErrors:          errors,
 		systemLog:          systemLog,
 	}
@@ -200,20 +203,20 @@ func sendJSON(w http.ResponseWriter, jsonObject interface{}) {
 func (s *apiService) Serve() {
 	listener, err := s.getListener(s.cfg.GUI())
 	if err != nil {
-		if !s.startedOnce {
+		select {
+		case <-s.startedOnce:
+			// We let this be a loud user-visible warning as it may be the only
+			// indication they get that the GUI won't be available.
+			l.Warnln("Starting API/GUI:", err)
+			return
+
+		default:
 			// This is during initialization. A failure here should be fatal
 			// as there will be no way for the user to communicate with us
 			// otherwise anyway.
 			l.Fatalln("Starting API/GUI:", err)
 		}
-
-		// We let this be a loud user-visible warning as it may be the only
-		// indication they get that the GUI won't be available on startup.
-		l.Warnln("Starting API/GUI:", err)
-		return
 	}
-	s.startedOnce = true
-	defer listener.Close()
 
 	if listener == nil {
 		// Not much we can do here other than exit quickly. The supervisor
@@ -221,6 +224,8 @@ func (s *apiService) Serve() {
 		return
 	}
 
+	defer listener.Close()
+
 	// The GET handlers
 	getRestMux := http.NewServeMux()
 	getRestMux.HandleFunc("/rest/db/completion", s.getDBCompletion)              // device folder
@@ -229,7 +234,8 @@ func (s *apiService) Serve() {
 	getRestMux.HandleFunc("/rest/db/need", s.getDBNeed)                          // folder [perpage] [page]
 	getRestMux.HandleFunc("/rest/db/status", s.getDBStatus)                      // folder
 	getRestMux.HandleFunc("/rest/db/browse", s.getDBBrowse)                      // folder [prefix] [dirsonly] [levels]
-	getRestMux.HandleFunc("/rest/events", s.getEvents)                           // since [limit]
+	getRestMux.HandleFunc("/rest/events", s.getIndexEvents)                      // [since] [limit] [timeout]
+	getRestMux.HandleFunc("/rest/events/disk", s.getDiskEvents)                  // [since] [limit] [timeout]
 	getRestMux.HandleFunc("/rest/stats/device", s.getDeviceStats)                // -
 	getRestMux.HandleFunc("/rest/stats/folder", s.getFolderStats)                // -
 	getRestMux.HandleFunc("/rest/svc/deviceid", s.getDeviceID)                   // id
@@ -252,21 +258,21 @@ func (s *apiService) Serve() {
 
 	// The POST handlers
 	postRestMux := http.NewServeMux()
-	postRestMux.HandleFunc("/rest/db/prio", s.postDBPrio)                      // folder file [perpage] [page]
-	postRestMux.HandleFunc("/rest/db/ignores", s.postDBIgnores)                // folder
-	postRestMux.HandleFunc("/rest/db/override", s.postDBOverride)              // folder
-	postRestMux.HandleFunc("/rest/db/scan", s.postDBScan)                      // folder [sub...] [delay]
-	postRestMux.HandleFunc("/rest/system/config", s.postSystemConfig)          // <body>
-	postRestMux.HandleFunc("/rest/system/error", s.postSystemError)            // <body>
-	postRestMux.HandleFunc("/rest/system/error/clear", s.postSystemErrorClear) // -
-	postRestMux.HandleFunc("/rest/system/ping", s.restPing)                    // -
-	postRestMux.HandleFunc("/rest/system/reset", s.postSystemReset)            // [folder]
-	postRestMux.HandleFunc("/rest/system/restart", s.postSystemRestart)        // -
-	postRestMux.HandleFunc("/rest/system/shutdown", s.postSystemShutdown)      // -
-	postRestMux.HandleFunc("/rest/system/upgrade", s.postSystemUpgrade)        // -
-	postRestMux.HandleFunc("/rest/system/pause", s.postSystemPause)            // device
-	postRestMux.HandleFunc("/rest/system/resume", s.postSystemResume)          // device
-	postRestMux.HandleFunc("/rest/system/debug", s.postSystemDebug)            // [enable] [disable]
+	postRestMux.HandleFunc("/rest/db/prio", s.postDBPrio)                          // folder file [perpage] [page]
+	postRestMux.HandleFunc("/rest/db/ignores", s.postDBIgnores)                    // folder
+	postRestMux.HandleFunc("/rest/db/override", s.postDBOverride)                  // folder
+	postRestMux.HandleFunc("/rest/db/scan", s.postDBScan)                          // folder [sub...] [delay]
+	postRestMux.HandleFunc("/rest/system/config", s.postSystemConfig)              // <body>
+	postRestMux.HandleFunc("/rest/system/error", s.postSystemError)                // <body>
+	postRestMux.HandleFunc("/rest/system/error/clear", s.postSystemErrorClear)     // -
+	postRestMux.HandleFunc("/rest/system/ping", s.restPing)                        // -
+	postRestMux.HandleFunc("/rest/system/reset", s.postSystemReset)                // [folder]
+	postRestMux.HandleFunc("/rest/system/restart", s.postSystemRestart)            // -
+	postRestMux.HandleFunc("/rest/system/shutdown", s.postSystemShutdown)          // -
+	postRestMux.HandleFunc("/rest/system/upgrade", s.postSystemUpgrade)            // -
+	postRestMux.HandleFunc("/rest/system/pause", s.makeDevicePauseHandler(true))   // [device]
+	postRestMux.HandleFunc("/rest/system/resume", s.makeDevicePauseHandler(false)) // [device]
+	postRestMux.HandleFunc("/rest/system/debug", s.postSystemDebug)                // [enable] [disable]
 
 	// Debug endpoints, not for general use
 	debugMux := http.NewServeMux()
@@ -313,11 +319,18 @@ func (s *apiService) Serve() {
 	// Add the CORS handling
 	handler = corsMiddleware(handler)
 
+	if addressIsLocalhost(guiCfg.Address()) && !guiCfg.InsecureSkipHostCheck {
+		// Verify source host
+		handler = localhostMiddleware(handler)
+	}
+
 	handler = debugMiddleware(handler)
 
 	srv := http.Server{
-		Handler:     handler,
-		ReadTimeout: 10 * time.Second,
+		Handler: handler,
+		// ReadTimeout must be longer than SyncthingController $scope.refresh
+		// interval to avoid HTTP keepalive/GUI refresh race.
+		ReadTimeout: 15 * time.Second,
 	}
 
 	s.fss = newFolderSummaryService(s.cfg, s.model)
@@ -331,6 +344,14 @@ func (s *apiService) Serve() {
 		s.started <- listener.Addr().String()
 	}
 
+	// Indicate successful initial startup, to ourselves and to interested
+	// listeners (i.e. the thing that starts the browser).
+	select {
+	case <-s.startedOnce:
+	default:
+		close(s.startedOnce)
+	}
+
 	// Serve in the background
 
 	serveError := make(chan error, 1)
@@ -362,10 +383,8 @@ func (s *apiService) String() string {
 }
 
 func (s *apiService) VerifyConfiguration(from, to config.Configuration) error {
-	if _, err := net.ResolveTCPAddr("tcp", to.GUI.Address()); err != nil {
-		return err
-	}
-	return nil
+	_, err := net.ResolveTCPAddr("tcp", to.GUI.Address())
+	return err
 }
 
 func (s *apiService) CommitConfiguration(from, to config.Configuration) bool {
@@ -437,10 +456,12 @@ func corsMiddleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		// Process OPTIONS requests
 		if r.Method == "OPTIONS" {
+			// Add a generous access-control-allow-origin header for CORS requests
+			w.Header().Add("Access-Control-Allow-Origin", "*")
 			// Only GET/POST Methods are supported
 			w.Header().Set("Access-Control-Allow-Methods", "GET, POST")
-			// Only this custom header can be set
-			w.Header().Set("Access-Control-Allow-Headers", "X-API-Key")
+			// Only these headers can be set
+			w.Header().Set("Access-Control-Allow-Headers", "Content-Type, X-API-Key")
 			// The request is meant to be cached 10 minutes
 			w.Header().Set("Access-Control-Max-Age", "600")
 
@@ -495,6 +516,17 @@ func withDetailsMiddleware(id protocol.DeviceID, h http.Handler) http.Handler {
 	})
 }
 
+func localhostMiddleware(h http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if addressIsLocalhost(r.Host) {
+			h.ServeHTTP(w, r)
+			return
+		}
+
+		http.Error(w, "Host check error", http.StatusForbidden)
+	})
+}
+
 func (s *apiService) whenDebugging(h http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if s.cfg.GUI().Debugging {
@@ -503,7 +535,6 @@ func (s *apiService) whenDebugging(h http.Handler) http.Handler {
 		}
 
 		http.Error(w, "Debugging disabled", http.StatusBadRequest)
-		return
 	})
 }
 
@@ -588,6 +619,7 @@ func (s *apiService) getDBCompletion(w http.ResponseWriter, r *http.Request) {
 		"completion":  comp.CompletionPct,
 		"needBytes":   comp.NeedBytes,
 		"globalBytes": comp.GlobalBytes,
+		"needDeletes": comp.NeedDeletes,
 	})
 }
 
@@ -602,16 +634,16 @@ func folderSummary(cfg configIntf, m modelIntf, folder string) map[string]interf
 
 	res["invalid"] = "" // Deprecated, retains external API for now
 
-	globalFiles, globalDeleted, globalBytes := m.GlobalSize(folder)
-	res["globalFiles"], res["globalDeleted"], res["globalBytes"] = globalFiles, globalDeleted, globalBytes
+	global := m.GlobalSize(folder)
+	res["globalFiles"], res["globalDirectories"], res["globalSymlinks"], res["globalDeleted"], res["globalBytes"] = global.Files, global.Directories, global.Symlinks, global.Deleted, global.Bytes
 
-	localFiles, localDeleted, localBytes := m.LocalSize(folder)
-	res["localFiles"], res["localDeleted"], res["localBytes"] = localFiles, localDeleted, localBytes
+	local := m.LocalSize(folder)
+	res["localFiles"], res["localDirectories"], res["localSymlinks"], res["localDeleted"], res["localBytes"] = local.Files, local.Directories, local.Symlinks, local.Deleted, local.Bytes
 
-	needFiles, needBytes := m.NeedSize(folder)
-	res["needFiles"], res["needBytes"] = needFiles, needBytes
+	need := m.NeedSize(folder)
+	res["needFiles"], res["needDirectories"], res["needSymlinks"], res["needDeletes"], res["needBytes"] = need.Files, need.Directories, need.Symlinks, need.Deleted, need.Bytes
 
-	res["inSyncFiles"], res["inSyncBytes"] = globalFiles-needFiles, globalBytes-needBytes
+	res["inSyncFiles"], res["inSyncBytes"] = global.Files-need.Files, global.Bytes-need.Bytes
 
 	var err error
 	res["state"], res["stateChanged"], err = m.State(folder)
@@ -704,7 +736,7 @@ func (s *apiService) getDBFile(w http.ResponseWriter, r *http.Request) {
 }
 
 func (s *apiService) getSystemConfig(w http.ResponseWriter, r *http.Request) {
-	sendJSON(w, s.cfg.Raw())
+	sendJSON(w, s.cfg.RawCopy())
 }
 
 func (s *apiService) postSystemConfig(w http.ResponseWriter, r *http.Request) {
@@ -747,11 +779,13 @@ func (s *apiService) postSystemConfig(w http.ResponseWriter, r *http.Request) {
 	// Activate and save
 
 	if err := s.cfg.Replace(to); err != nil {
+		l.Warnln("Replacing config:", err)
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 		return
 	}
 
 	if err := s.cfg.Save(); err != nil {
+		l.Warnln("Saving config:", err)
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 		return
 	}
@@ -973,14 +1007,27 @@ func (s *apiService) postDBIgnores(w http.ResponseWriter, r *http.Request) {
 	s.getDBIgnores(w, r)
 }
 
-func (s *apiService) getEvents(w http.ResponseWriter, r *http.Request) {
+func (s *apiService) getIndexEvents(w http.ResponseWriter, r *http.Request) {
+	s.fss.gotEventRequest()
+	s.getEvents(w, r, s.eventSub)
+}
+
+func (s *apiService) getDiskEvents(w http.ResponseWriter, r *http.Request) {
+	s.getEvents(w, r, s.diskEventSub)
+}
+
+func (s *apiService) getEvents(w http.ResponseWriter, r *http.Request, eventSub events.BufferedSubscription) {
 	qs := r.URL.Query()
 	sinceStr := qs.Get("since")
 	limitStr := qs.Get("limit")
+	timeoutStr := qs.Get("timeout")
 	since, _ := strconv.Atoi(sinceStr)
 	limit, _ := strconv.Atoi(limitStr)
 
-	s.fss.gotEventRequest()
+	timeout := defaultEventTimeout
+	if timeoutSec, timeoutErr := strconv.Atoi(timeoutStr); timeoutErr == nil && timeoutSec >= 0 { // 0 is a valid timeout
+		timeout = time.Duration(timeoutSec) * time.Second
+	}
 
 	// Flush before blocking, to indicate that we've received the request and
 	// that it should not be retried. Must set Content-Type header before
@@ -989,7 +1036,8 @@ func (s *apiService) getEvents(w http.ResponseWriter, r *http.Request) {
 	f := w.(http.Flusher)
 	f.Flush()
 
-	evs := s.eventSub.Since(since, nil)
+	// If there are no events available return an empty slice, as this gets serialized as `[]`
+	evs := eventSub.Since(since, []events.Event{}, timeout)
 	if 0 < limit && limit < len(evs) {
 		evs = evs[len(evs)-limit:]
 	}
@@ -998,11 +1046,12 @@ func (s *apiService) getEvents(w http.ResponseWriter, r *http.Request) {
 }
 
 func (s *apiService) getSystemUpgrade(w http.ResponseWriter, r *http.Request) {
-	if noUpgrade {
+	if noUpgradeFromEnv {
 		http.Error(w, upgrade.ErrUpgradeUnsupported.Error(), 500)
 		return
 	}
-	rel, err := upgrade.LatestRelease(s.cfg.Options().ReleasesURL, Version)
+	opts := s.cfg.Options()
+	rel, err := upgrade.LatestRelease(opts.ReleasesURL, Version, opts.UpgradeToPreReleases)
 	if err != nil {
 		http.Error(w, err.Error(), 500)
 		return
@@ -1043,7 +1092,8 @@ func (s *apiService) getLang(w http.ResponseWriter, r *http.Request) {
 }
 
 func (s *apiService) postSystemUpgrade(w http.ResponseWriter, r *http.Request) {
-	rel, err := upgrade.LatestRelease(s.cfg.Options().ReleasesURL, Version)
+	opts := s.cfg.Options()
+	rel, err := upgrade.LatestRelease(opts.ReleasesURL, Version, opts.UpgradeToPreReleases)
 	if err != nil {
 		l.Warnln("getting latest release:", err)
 		http.Error(w, err.Error(), 500)
@@ -1064,48 +1114,56 @@ func (s *apiService) postSystemUpgrade(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
-func (s *apiService) postSystemPause(w http.ResponseWriter, r *http.Request) {
-	var qs = r.URL.Query()
-	var deviceStr = qs.Get("device")
+func (s *apiService) makeDevicePauseHandler(paused bool) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		var qs = r.URL.Query()
+		var deviceStr = qs.Get("device")
 
-	device, err := protocol.DeviceIDFromString(deviceStr)
-	if err != nil {
-		http.Error(w, err.Error(), 500)
-		return
+		var cfgs []config.DeviceConfiguration
+
+		if deviceStr == "" {
+			for _, cfg := range s.cfg.Devices() {
+				cfg.Paused = paused
+				cfgs = append(cfgs, cfg)
+			}
+		} else {
+			device, err := protocol.DeviceIDFromString(deviceStr)
+			if err != nil {
+				http.Error(w, err.Error(), 500)
+				return
+			}
+
+			cfg, ok := s.cfg.Devices()[device]
+			if !ok {
+				http.Error(w, "not found", http.StatusNotFound)
+				return
+			}
+
+			cfg.Paused = paused
+			cfgs = append(cfgs, cfg)
+		}
+
+		if err := s.cfg.SetDevices(cfgs); err != nil {
+			http.Error(w, err.Error(), 500)
+		}
 	}
-
-	s.model.PauseDevice(device)
-}
-
-func (s *apiService) postSystemResume(w http.ResponseWriter, r *http.Request) {
-	var qs = r.URL.Query()
-	var deviceStr = qs.Get("device")
-
-	device, err := protocol.DeviceIDFromString(deviceStr)
-	if err != nil {
-		http.Error(w, err.Error(), 500)
-		return
-	}
-
-	s.model.ResumeDevice(device)
 }
 
 func (s *apiService) postDBScan(w http.ResponseWriter, r *http.Request) {
 	qs := r.URL.Query()
 	folder := qs.Get("folder")
 	if folder != "" {
+		subs := qs["sub"]
+		err := s.model.ScanFolderSubdirs(folder, subs)
+		if err != nil {
+			http.Error(w, err.Error(), 500)
+			return
+		}
 		nextStr := qs.Get("next")
 		next, err := strconv.Atoi(nextStr)
 		if err == nil {
 			s.model.DelayScan(folder, time.Duration(next)*time.Second)
 		}
-
-		subs := qs["sub"]
-		err = s.model.ScanFolderSubdirs(folder, subs)
-		if err != nil {
-			http.Error(w, err.Error(), 500)
-			return
-		}
 	} else {
 		errors := s.model.ScanFolders()
 		if len(errors) > 0 {
@@ -1291,3 +1349,17 @@ func dirNames(dir string) []string {
 	sort.Strings(dirs)
 	return dirs
 }
+
+func addressIsLocalhost(addr string) bool {
+	host, _, err := net.SplitHostPort(addr)
+	if err != nil {
+		// There was no port, so we assume the address was just a hostname
+		host = addr
+	}
+	switch strings.ToLower(host) {
+	case "127.0.0.1", "::1", "localhost":
+		return true
+	default:
+		return false
+	}
+}

cmd/syncthing/gui_auth.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 

cmd/syncthing/gui_csrf.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 
@@ -37,6 +37,9 @@ func csrfMiddleware(unique string, prefix string, cfg config.GUIConfiguration, n
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		// Allow requests carrying a valid API key
 		if cfg.IsValidAPIKey(r.Header.Get("X-API-Key")) {
+			// Set the access-control-allow-origin header for CORS requests
+			// since a valid API key has been provided
+			w.Header().Add("Access-Control-Allow-Origin", "*")
 			next.ServeHTTP(w, r)
 			return
 		}
@@ -113,7 +116,7 @@ func saveCsrfTokens() {
 	// nothing relevant we can do about them anyway...
 
 	name := locations[locCsrfTokens]
-	f, err := osutil.CreateAtomic(name, 0600)
+	f, err := osutil.CreateAtomic(name)
 	if err != nil {
 		return
 	}

cmd/syncthing/gui_solaris.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 //+build solaris
 

cmd/syncthing/gui_statics.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 

cmd/syncthing/gui_test.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 
@@ -16,6 +16,7 @@ import (
 	"net"
 	"net/http"
 	"net/http/httptest"
+	"strconv"
 	"strings"
 	"testing"
 	"time"
@@ -69,7 +70,7 @@ func TestStopAfterBrokenConfig(t *testing.T) {
 	}
 	w := config.Wrap("/dev/null", cfg)
 
-	srv := newAPIService(protocol.LocalDeviceID, w, "../../test/h1/https-cert.pem", "../../test/h1/https-key.pem", "", nil, nil, nil, nil, nil, nil)
+	srv := newAPIService(protocol.LocalDeviceID, w, "../../test/h1/https-cert.pem", "../../test/h1/https-key.pem", "", nil, nil, nil, nil, nil, nil, nil)
 	srv.started = make(chan string)
 
 	sup := suture.NewSimple("test")
@@ -460,7 +461,6 @@ func TestHTTPLogin(t *testing.T) {
 	if resp.StatusCode != http.StatusOK {
 		t.Errorf("Unexpected non-200 return code %d for authed request (ISO-8859-1)", resp.StatusCode)
 	}
-
 }
 
 func startHTTP(cfg *mockedConfig) (string, error) {
@@ -469,6 +469,7 @@ func startHTTP(cfg *mockedConfig) (string, error) {
 	httpsKeyFile := "../../test/h1/https-key.pem"
 	assetDir := "../../gui"
 	eventSub := new(mockedEventSub)
+	diskEventSub := new(mockedEventSub)
 	discoverer := new(mockedCachingMux)
 	connections := new(mockedConnections)
 	errorLog := new(mockedLoggerRecorder)
@@ -477,7 +478,7 @@ func startHTTP(cfg *mockedConfig) (string, error) {
 
 	// Instantiate the API service
 	svc := newAPIService(protocol.LocalDeviceID, cfg, httpsCertFile, httpsKeyFile, assetDir, model,
-		eventSub, discoverer, connections, errorLog, systemLog)
+		eventSub, diskEventSub, discoverer, connections, errorLog, systemLog)
 	svc.started = addrChan
 
 	// Actually start the API service
@@ -491,7 +492,12 @@ func startHTTP(cfg *mockedConfig) (string, error) {
 	if err != nil {
 		return "", fmt.Errorf("Weird address from API service: %v", err)
 	}
-	baseURL := fmt.Sprintf("http://127.0.0.1:%d", tcpAddr.Port)
+
+	host, _, _ := net.SplitHostPort(cfg.gui.RawAddress)
+	if host == "" || host == "0.0.0.0" {
+		host = "127.0.0.1"
+	}
+	baseURL := fmt.Sprintf("http://%s", net.JoinHostPort(host, strconv.Itoa(tcpAddr.Port)))
 
 	return baseURL, nil
 }
@@ -501,6 +507,9 @@ func TestCSRFRequired(t *testing.T) {
 	cfg := new(mockedConfig)
 	cfg.gui.APIKey = testAPIKey
 	baseURL, err := startHTTP(cfg)
+	if err != nil {
+		t.Fatal("Unexpected error from getting base URL:", err)
+	}
 
 	cli := &http.Client{
 		Timeout: time.Second,
@@ -666,3 +675,252 @@ func testConfigPost(data io.Reader) (*http.Response, error) {
 	req.Header.Set("X-API-Key", testAPIKey)
 	return cli.Do(req)
 }
+
+func TestHostCheck(t *testing.T) {
+	// An API service bound to localhost should reject non-localhost host Headers
+
+	cfg := new(mockedConfig)
+	cfg.gui.RawAddress = "127.0.0.1:0"
+	baseURL, err := startHTTP(cfg)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// A normal HTTP get to the localhost-bound service should succeed
+
+	resp, err := http.Get(baseURL)
+	if err != nil {
+		t.Fatal(err)
+	}
+	resp.Body.Close()
+	if resp.StatusCode != http.StatusOK {
+		t.Error("Regular HTTP get: expected 200 OK, not", resp.Status)
+	}
+
+	// A request with a suspicious Host header should fail
+
+	req, _ := http.NewRequest("GET", baseURL, nil)
+	req.Host = "example.com"
+	resp, err = http.DefaultClient.Do(req)
+	if err != nil {
+		t.Fatal(err)
+	}
+	resp.Body.Close()
+	if resp.StatusCode != http.StatusForbidden {
+		t.Error("Suspicious Host header: expected 403 Forbidden, not", resp.Status)
+	}
+
+	// A request with an explicit "localhost:8384" Host header should pass
+
+	req, _ = http.NewRequest("GET", baseURL, nil)
+	req.Host = "localhost:8384"
+	resp, err = http.DefaultClient.Do(req)
+	if err != nil {
+		t.Fatal(err)
+	}
+	resp.Body.Close()
+	if resp.StatusCode != http.StatusOK {
+		t.Error("Explicit localhost:8384: expected 200 OK, not", resp.Status)
+	}
+
+	// A request with an explicit "localhost" Host header (no port) should pass
+
+	req, _ = http.NewRequest("GET", baseURL, nil)
+	req.Host = "localhost"
+	resp, err = http.DefaultClient.Do(req)
+	if err != nil {
+		t.Fatal(err)
+	}
+	resp.Body.Close()
+	if resp.StatusCode != http.StatusOK {
+		t.Error("Explicit localhost: expected 200 OK, not", resp.Status)
+	}
+
+	// A server with InsecureSkipHostCheck set behaves differently
+
+	cfg = new(mockedConfig)
+	cfg.gui.RawAddress = "127.0.0.1:0"
+	cfg.gui.InsecureSkipHostCheck = true
+	baseURL, err = startHTTP(cfg)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// A request with a suspicious Host header should be allowed
+
+	req, _ = http.NewRequest("GET", baseURL, nil)
+	req.Host = "example.com"
+	resp, err = http.DefaultClient.Do(req)
+	if err != nil {
+		t.Fatal(err)
+	}
+	resp.Body.Close()
+	if resp.StatusCode != http.StatusOK {
+		t.Error("Incorrect host header, check disabled: expected 200 OK, not", resp.Status)
+	}
+
+	// A server bound to a wildcard address also doesn't do the check
+
+	cfg = new(mockedConfig)
+	cfg.gui.RawAddress = "0.0.0.0:0"
+	cfg.gui.InsecureSkipHostCheck = true
+	baseURL, err = startHTTP(cfg)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// A request with a suspicious Host header should be allowed
+
+	req, _ = http.NewRequest("GET", baseURL, nil)
+	req.Host = "example.com"
+	resp, err = http.DefaultClient.Do(req)
+	if err != nil {
+		t.Fatal(err)
+	}
+	resp.Body.Close()
+	if resp.StatusCode != http.StatusOK {
+		t.Error("Incorrect host header, wildcard bound: expected 200 OK, not", resp.Status)
+	}
+
+	// This should all work over IPv6 as well
+
+	cfg = new(mockedConfig)
+	cfg.gui.RawAddress = "[::1]:0"
+	baseURL, err = startHTTP(cfg)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// A normal HTTP get to the localhost-bound service should succeed
+
+	resp, err = http.Get(baseURL)
+	if err != nil {
+		t.Fatal(err)
+	}
+	resp.Body.Close()
+	if resp.StatusCode != http.StatusOK {
+		t.Error("Regular HTTP get (IPv6): expected 200 OK, not", resp.Status)
+	}
+
+	// A request with a suspicious Host header should fail
+
+	req, _ = http.NewRequest("GET", baseURL, nil)
+	req.Host = "example.com"
+	resp, err = http.DefaultClient.Do(req)
+	if err != nil {
+		t.Fatal(err)
+	}
+	resp.Body.Close()
+	if resp.StatusCode != http.StatusForbidden {
+		t.Error("Suspicious Host header (IPv6): expected 403 Forbidden, not", resp.Status)
+	}
+
+	// A request with an explicit "localhost:8384" Host header should pass
+
+	req, _ = http.NewRequest("GET", baseURL, nil)
+	req.Host = "localhost:8384"
+	resp, err = http.DefaultClient.Do(req)
+	if err != nil {
+		t.Fatal(err)
+	}
+	resp.Body.Close()
+	if resp.StatusCode != http.StatusOK {
+		t.Error("Explicit localhost:8384 (IPv6): expected 200 OK, not", resp.Status)
+	}
+}
+
+func TestAddressIsLocalhost(t *testing.T) {
+	testcases := []struct {
+		address string
+		result  bool
+	}{
+		// These are all valid localhost addresses
+		{"localhost", true},
+		{"LOCALHOST", true},
+		{"::1", true},
+		{"127.0.0.1", true},
+		{"localhost:8080", true},
+		{"LOCALHOST:8000", true},
+		{"[::1]:8080", true},
+		{"127.0.0.1:8080", true},
+
+		// These are all non-localhost addresses
+		{"example.com", false},
+		{"example.com:8080", false},
+		{"192.0.2.10", false},
+		{"192.0.2.10:8080", false},
+		{"0.0.0.0", false},
+		{"0.0.0.0:8080", false},
+		{"::", false},
+		{"[::]:8080", false},
+		{":8080", false},
+	}
+
+	for _, tc := range testcases {
+		result := addressIsLocalhost(tc.address)
+		if result != tc.result {
+			t.Errorf("addressIsLocalhost(%q)=%v, expected %v", tc.address, result, tc.result)
+		}
+	}
+}
+
+func TestAccessControlAllowOriginHeader(t *testing.T) {
+	const testAPIKey = "foobarbaz"
+	cfg := new(mockedConfig)
+	cfg.gui.APIKey = testAPIKey
+	baseURL, err := startHTTP(cfg)
+	if err != nil {
+		t.Fatal(err)
+	}
+	cli := &http.Client{
+		Timeout: time.Second,
+	}
+
+	req, _ := http.NewRequest("GET", baseURL+"/rest/system/status", nil)
+	req.Header.Set("X-API-Key", testAPIKey)
+	resp, err := cli.Do(req)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	resp.Body.Close()
+	if resp.StatusCode != http.StatusOK {
+		t.Fatal("GET on /rest/system/status should succeed, not", resp.Status)
+	}
+	if resp.Header.Get("Access-Control-Allow-Origin") != "*" {
+		t.Fatal("GET on /rest/system/status should return a 'Access-Control-Allow-Origin: *' header")
+	}
+}
+
+func TestOptionsRequest(t *testing.T) {
+	const testAPIKey = "foobarbaz"
+	cfg := new(mockedConfig)
+	cfg.gui.APIKey = testAPIKey
+	baseURL, err := startHTTP(cfg)
+	if err != nil {
+		t.Fatal(err)
+	}
+	cli := &http.Client{
+		Timeout: time.Second,
+	}
+
+	req, _ := http.NewRequest("OPTIONS", baseURL+"/rest/system/status", nil)
+	resp, err := cli.Do(req)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	resp.Body.Close()
+	if resp.StatusCode != http.StatusNoContent {
+		t.Fatal("OPTIONS on /rest/system/status should succeed, not", resp.Status)
+	}
+	if resp.Header.Get("Access-Control-Allow-Origin") != "*" {
+		t.Fatal("OPTIONS on /rest/system/status should return a 'Access-Control-Allow-Origin: *' header")
+	}
+	if resp.Header.Get("Access-Control-Allow-Methods") != "GET, POST" {
+		t.Fatal("OPTIONS on /rest/system/status should return a 'Access-Control-Allow-Methods: GET, POST' header")
+	}
+	if resp.Header.Get("Access-Control-Allow-Headers") != "Content-Type, X-API-Key" {
+		t.Fatal("OPTIONS on /rest/system/status should return a 'Access-Control-Allow-Headers: Content-Type, X-API-KEY' header")
+	}
+}

cmd/syncthing/gui_unix.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 //+build !windows,!solaris
 

cmd/syncthing/gui_windows.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 //+build windows
 

cmd/syncthing/heapprof.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 

cmd/syncthing/locations.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 

cmd/syncthing/main.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 
@@ -12,6 +12,7 @@ import (
 	"errors"
 	"flag"
 	"fmt"
+	"io"
 	"io/ioutil"
 	"log"
 	"net"
@@ -41,11 +42,14 @@ import (
 	"github.com/syncthing/syncthing/lib/osutil"
 	"github.com/syncthing/syncthing/lib/protocol"
 	"github.com/syncthing/syncthing/lib/rand"
-	"github.com/syncthing/syncthing/lib/symlinks"
+	"github.com/syncthing/syncthing/lib/sha256"
 	"github.com/syncthing/syncthing/lib/tlsutil"
 	"github.com/syncthing/syncthing/lib/upgrade"
+	"github.com/syncthing/syncthing/lib/weakhash"
 
 	"github.com/thejerf/suture"
+
+	_ "net/http/pprof" // Need to import this to support STPROFILER.
 )
 
 var (
@@ -56,8 +60,10 @@ var (
 	BuildHost         = "unknown"
 	BuildUser         = "unknown"
 	IsRelease         bool
+	IsCandidate       bool
 	IsBeta            bool
 	LongVersion       string
+	BuildTags         []string
 	allowedVersionExp = regexp.MustCompile(`^v\d+\.\d+\.\d+(-[a-z0-9]+)*(\.\d+)*(\+\d+-g[0-9a-f]+)?(-[^\s]+)?$`)
 )
 
@@ -74,7 +80,7 @@ const (
 	tlsDefaultCommonName = "syncthing"
 	httpsRSABits         = 2048
 	bepRSABits           = 0 // 384 bit ECDSA used instead
-	pingEventInterval    = time.Minute
+	defaultEventTimeout  = time.Minute
 	maxSystemErrors      = 5
 	initialSystemLog     = 10
 	maxSystemLog         = 250
@@ -94,15 +100,26 @@ func init() {
 			l.Fatalf("Invalid version string %q;\n\tdoes not match regexp %v", Version, allowedVersionExp)
 		}
 	}
+}
 
-	// Check for a clean release build. A release is something like "v0.1.2",
-	// with an optional suffix of letters and dot separated numbers like
-	// "-beta3.47". If there's more stuff, like a plus sign and a commit hash
-	// and so on, then it's not a release. If there's a dash anywhere in
-	// there, it's some kind of beta or prerelease version.
+func setBuildMetadata() {
+	// Check for a clean release build. A release is something like
+	// "v0.1.2", with an optional suffix of letters and dot separated
+	// numbers like "-beta3.47". If there's more stuff, like a plus sign and
+	// a commit hash and so on, then it's not a release. If it has a dash in
+	// it, it's some sort of beta, release candidate or special build. If it
+	// has "-rc." in it, like "v0.14.35-rc.42", then it's a candidate build.
+	//
+	// So, every build that is not a stable release build has IsBeta = true.
+	// This is used to enable some extra debugging (the deadlock detector).
+	//
+	// Release candidate builds are also "betas" from this point of view and
+	// will have that debugging enabled. In addition, some features are
+	// forced for release candidates - auto upgrade, and usage reporting.
 
 	exp := regexp.MustCompile(`^v\d+\.\d+\.\d+(-[a-z]+[\d\.]+)?$`)
 	IsRelease = exp.MatchString(Version)
+	IsCandidate = strings.Contains(Version, "-rc.")
 	IsBeta = strings.Contains(Version, "-")
 
 	stamp, _ := strconv.Atoi(BuildStamp)
@@ -110,6 +127,10 @@ func init() {
 
 	date := BuildDate.UTC().Format("2006-01-02 15:04:05 MST")
 	LongVersion = fmt.Sprintf(`syncthing %s "%s" (%s %s-%s) %s@%s %s`, Version, Codename, runtime.Version(), runtime.GOOS, runtime.GOARCH, BuildUser, BuildHost, date)
+
+	if len(BuildTags) > 0 {
+		LongVersion = fmt.Sprintf("%s [%s]", LongVersion, strings.Join(BuildTags, ", "))
+	}
 }
 
 var (
@@ -137,11 +158,11 @@ show time only (2).
 Development Settings
 --------------------
 
-The following environment variables modify syncthing's behavior in ways that
+The following environment variables modify Syncthing's behavior in ways that
 are mostly useful for developers. Use with care.
 
  STNODEFAULTFOLDER Don't create a default folder when starting for the first
-                   time.  This variable will be ignored anytime after the first
+                   time. This variable will be ignored anytime after the first
                    run.
 
  STGUIASSETS       Directory to load GUI assets from. Overrides compiled in
@@ -150,8 +171,8 @@ are mostly useful for developers. Use with care.
  STTRACE           A comma separated string of facilities to trace. The valid
                    facility strings listed below.
 
- STPROFILER        Set to a listen address such as "127.0.0.1:9090" to start the
-                   profiler with HTTP access.
+ STPROFILER        Set to a listen address such as "127.0.0.1:9090" to start
+                   the profiler with HTTP access.
 
  STCPUPROFILE      Write a CPU profile to cpu-$pid.pprof on exit.
 
@@ -164,14 +185,33 @@ are mostly useful for developers. Use with care.
  STPERFSTATS       Write running performance statistics to perf-$pid.csv. Not
                    supported on Windows.
 
+ STDEADLOCK        Used for debugging internal deadlocks. Use only under
+                   direction of a developer.
+
+ STDEADLOCKTIMEOUT Used for debugging internal deadlocks; sets debug
+                   sensitivity. Use only under direction of a developer.
+
+ STDEADLOCKTHRESHOLD Used for debugging internal deadlocks; sets debug
+                     sensitivity.  Use only under direction of a developer.
+
+ STNORESTART       Equivalent to the -no-restart argument. Disable the
+                   Syncthing monitor process which handles restarts for some
+                   configuration changes, upgrades, crashes and also log file
+                   writing (stdout is still written).
+
  STNOUPGRADE       Disable automatic upgrades.
 
+ STHASHING         Select the SHA256 hashing package to use. Possible values
+                   are "standard" for the Go standard library implementation,
+                   "minio" for the github.com/minio/sha256-simd implementation,
+                   and blank (the default) for auto detection.
+
  GOMAXPROCS        Set the maximum number of CPU cores to use. Defaults to all
                    available CPU cores.
 
  GOGC              Percentage of heap growth at which to trigger GC. Default is
                    100. Lower numbers keep peak memory usage down, at the price
-                   of CPU usage (ie. performance).
+                   of CPU usage (i.e. performance).
 
 
 Debugging Facilities
@@ -184,14 +224,15 @@ The following are valid values for the STTRACE variable:
 
 // Environment options
 var (
-	noUpgrade       = os.Getenv("STNOUPGRADE") != ""
-	innerProcess    = os.Getenv("STNORESTART") != "" || os.Getenv("STMONITORED") != ""
-	noDefaultFolder = os.Getenv("STNODEFAULTFOLDER") != ""
+	noUpgradeFromEnv = os.Getenv("STNOUPGRADE") != ""
+	innerProcess     = os.Getenv("STNORESTART") != "" || os.Getenv("STMONITORED") != ""
+	noDefaultFolder  = os.Getenv("STNODEFAULTFOLDER") != ""
 )
 
 type RuntimeOptions struct {
 	confDir        string
-	reset          bool
+	resetDatabase  bool
+	resetDeltaIdxs bool
 	showVersion    bool
 	showPaths      bool
 	doUpgrade      bool
@@ -202,8 +243,10 @@ type RuntimeOptions struct {
 	hideConsole    bool
 	logFile        string
 	auditEnabled   bool
+	auditFile      string
 	verbose        bool
 	paused         bool
+	unpaused       bool
 	guiAddress     string
 	guiAPIKey      string
 	generateDir    string
@@ -250,8 +293,9 @@ func parseCommandLineOptions() RuntimeOptions {
 	flag.IntVar(&options.logFlags, "logflags", options.logFlags, "Select information in log line prefix (see below)")
 	flag.BoolVar(&options.noBrowser, "no-browser", false, "Do not start browser")
 	flag.BoolVar(&options.browserOnly, "browser-only", false, "Open GUI in browser")
-	flag.BoolVar(&options.noRestart, "no-restart", options.noRestart, "Do not restart; just exit")
-	flag.BoolVar(&options.reset, "reset", false, "Reset the database")
+	flag.BoolVar(&options.noRestart, "no-restart", options.noRestart, "Disable monitor process, managed restarts and log file writing")
+	flag.BoolVar(&options.resetDatabase, "reset-database", false, "Reset the database, forcing a full rescan and resync")
+	flag.BoolVar(&options.resetDeltaIdxs, "reset-deltas", false, "Reset delta index IDs, forcing a full index exchange")
 	flag.BoolVar(&options.doUpgrade, "upgrade", false, "Perform upgrade")
 	flag.BoolVar(&options.doUpgradeCheck, "upgrade-check", false, "Check for available upgrade")
 	flag.BoolVar(&options.showVersion, "version", false, "Show version")
@@ -259,8 +303,10 @@ func parseCommandLineOptions() RuntimeOptions {
 	flag.StringVar(&options.upgradeTo, "upgrade-to", options.upgradeTo, "Force upgrade directly from specified URL")
 	flag.BoolVar(&options.auditEnabled, "audit", false, "Write events to audit file")
 	flag.BoolVar(&options.verbose, "verbose", false, "Print verbose log output")
-	flag.BoolVar(&options.paused, "paused", false, "Start with all devices paused")
+	flag.BoolVar(&options.paused, "paused", false, "Start with all devices and folders paused")
+	flag.BoolVar(&options.unpaused, "unpaused", false, "Start with all devices and folders unpaused")
 	flag.StringVar(&options.logFile, "logfile", options.logFile, "Log file name (use \"-\" for stdout)")
+	flag.StringVar(&options.auditFile, "auditfile", options.auditFile, "Specify audit file (use \"-\" for stdout, \"--\" for stderr)")
 	if runtime.GOOS == "windows" {
 		// Allow user to hide the console window
 		flag.BoolVar(&options.hideConsole, "no-console", false, "Hide console window")
@@ -270,10 +316,17 @@ func parseCommandLineOptions() RuntimeOptions {
 	flag.Usage = usageFor(flag.CommandLine, usage, longUsage)
 	flag.Parse()
 
+	if len(flag.Args()) > 0 {
+		flag.Usage()
+		os.Exit(2)
+	}
+
 	return options
 }
 
 func main() {
+	setBuildMetadata()
+
 	options := parseCommandLineOptions()
 	l.SetFlags(options.logFlags)
 
@@ -286,12 +339,27 @@ func main() {
 		os.Setenv("STGUIAPIKEY", options.guiAPIKey)
 	}
 
+	// Check for options which are not compatible with each other. We have
+	// to check logfile before it's set to the default below - we only want
+	// to complain if they set -logfile explicitly, not if it's set to its
+	// default location
+	if options.noRestart && (options.logFile != "" && options.logFile != "-") {
+		l.Fatalln("-logfile may not be used with -no-restart or STNORESTART")
+	}
+
 	if options.hideConsole {
 		osutil.HideConsole()
 	}
 
 	if options.confDir != "" {
 		// Not set as default above because the string can be really long.
+		if !filepath.IsAbs(options.confDir) {
+			var err error
+			options.confDir, err = filepath.Abs(options.confDir)
+			if err != nil {
+				l.Fatalln(err)
+			}
+		}
 		baseDirs["config"] = options.confDir
 	}
 
@@ -354,12 +422,40 @@ func main() {
 		return
 	}
 
-	if options.reset {
+	if options.resetDatabase {
 		resetDB()
 		return
 	}
 
-	if options.noRestart {
+	// ---BEGIN TEMPORARY HACK---
+	//
+	// Remove once v0.14.21-v0.14.22 are rare enough. Those versions,
+	// essentially:
+	//
+	// 1. os.Setenv("STMONITORED", "yes")
+	// 2. os.Setenv("STNORESTART", "")
+	//
+	// where the intention was for 2 to cancel out 1 instead of setting
+	// STNORESTART to the empty value. We check for exactly this combination
+	// and pretend that neither was set. Looking through os.Environ lets us
+	// distinguish. Luckily, we weren't smart enough to use os.Unsetenv.
+
+	matches := 0
+	for _, str := range os.Environ() {
+		if str == "STNORESTART=" {
+			matches++
+		}
+		if str == "STMONITORED=yes" {
+			matches++
+		}
+	}
+	if matches == 2 {
+		innerProcess = false
+	}
+
+	// ---END TEMPORARY HACK---
+
+	if innerProcess || options.noRestart {
 		syncthingMain(options)
 	} else {
 		monitorMain(options)
@@ -439,8 +535,8 @@ func debugFacilities() string {
 
 func checkUpgrade() upgrade.Release {
 	cfg, _ := loadConfig()
-	releasesURL := cfg.Options().ReleasesURL
-	release, err := upgrade.LatestRelease(releasesURL, Version)
+	opts := cfg.Options()
+	release, err := upgrade.LatestRelease(opts.ReleasesURL, Version, opts.UpgradeToPreReleases)
 	if err != nil {
 		l.Fatalln("Upgrade:", err)
 	}
@@ -528,7 +624,7 @@ func syncthingMain(runtimeOptions RuntimeOptions) {
 	l.SetPrefix("[start] ")
 
 	if runtimeOptions.auditEnabled {
-		startAuditing(mainService)
+		startAuditing(mainService, runtimeOptions.auditFile)
 	}
 
 	if runtimeOptions.verbose {
@@ -541,7 +637,8 @@ func syncthingMain(runtimeOptions RuntimeOptions) {
 	// Event subscription for the API; must start early to catch the early
 	// events. The LocalChangeDetected event might overwhelm the event
 	// receiver in some situations so we will not subscribe to it here.
-	apiSub := events.NewBufferedSubscription(events.Default.Subscribe(events.AllEvents&^events.LocalChangeDetected), 1000)
+	apiSub := events.NewBufferedSubscription(events.Default.Subscribe(events.AllEvents&^events.LocalChangeDetected&^events.RemoteChangeDetected), 1000)
+	diskSub := events.NewBufferedSubscription(events.Default.Subscribe(events.LocalChangeDetected|events.RemoteChangeDetected), 1000)
 
 	if len(os.Getenv("GOMAXPROCS")) == 0 {
 		runtime.GOMAXPROCS(runtime.NumCPU())
@@ -552,7 +649,7 @@ func syncthingMain(runtimeOptions RuntimeOptions) {
 	// report the error if there is one.
 	osutil.MaximizeOpenFileLimit()
 
-	// Ensure that that we have a certificate and key.
+	// Ensure that we have a certificate and key.
 	cert, err := tls.LoadX509KeyPair(locations[locCertFile], locations[locKeyFile])
 	if err != nil {
 		l.Infof("Generating ECDSA key and certificate for %s...", tlsDefaultCommonName)
@@ -567,7 +664,13 @@ func syncthingMain(runtimeOptions RuntimeOptions) {
 
 	l.Infoln(LongVersion)
 	l.Infoln("My ID:", myID)
-	printHashRate()
+
+	sha256.SelectAlgo()
+	sha256.Report()
+	perfWithWeakHash := cpuBench(3, 150*time.Millisecond, true)
+	l.Infof("Hashing performance with weak hash is %.02f MB/s", perfWithWeakHash)
+	perfWithoutWeakHash := cpuBench(3, 150*time.Millisecond, false)
+	l.Infof("Hashing performance without weak hash is %.02f MB/s", perfWithoutWeakHash)
 
 	// Emit the Starting event, now that we know who we are.
 
@@ -604,6 +707,10 @@ func syncthingMain(runtimeOptions RuntimeOptions) {
 		InsecureSkipVerify:     true,
 		MinVersion:             tls.VersionTLS12,
 		CipherSuites: []uint16{
+			0xCCA8, // TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, Go 1.8
+			0xCCA9, // TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, Go 1.8
+			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
 			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
 			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
 			tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
@@ -613,13 +720,22 @@ func syncthingMain(runtimeOptions RuntimeOptions) {
 		},
 	}
 
-	// If the read or write rate should be limited, set up a rate limiter for it.
-	// This will be used on connections created in the connect and listen routines.
-
 	opts := cfg.Options()
 
-	if !opts.SymlinksEnabled {
-		symlinks.Supported = false
+	if opts.WeakHashSelectionMethod == config.WeakHashAuto {
+		if perfWithoutWeakHash*0.8 > perfWithWeakHash {
+			l.Infof("Weak hash disabled, as it has an unacceptable performance impact.")
+			weakhash.Enabled = false
+		} else {
+			l.Infof("Weak hash enabled, as it has an acceptable performance impact.")
+			weakhash.Enabled = true
+		}
+	} else if opts.WeakHashSelectionMethod == config.WeakHashNever {
+		l.Infof("Disabling weak hash")
+		weakhash.Enabled = false
+	} else if opts.WeakHashSelectionMethod == config.WeakHashAlways {
+		l.Infof("Enabling weak hash")
+		weakhash.Enabled = true
 	}
 
 	if (opts.MaxRecvKbps > 0 || opts.MaxSendKbps > 0) && !opts.LimitBandwidthInLan {
@@ -647,6 +763,11 @@ func syncthingMain(runtimeOptions RuntimeOptions) {
 		l.Fatalln("Cannot open database:", err, "- Is another copy of Syncthing already running?")
 	}
 
+	if runtimeOptions.resetDeltaIdxs {
+		l.Infoln("Reinitializing delta index IDs")
+		ldb.DropDeltaIndexIDs()
+	}
+
 	protectedFiles := []string{
 		locations[locDatabase],
 		locations[locConfigFile],
@@ -663,12 +784,16 @@ func syncthingMain(runtimeOptions RuntimeOptions) {
 		}
 	}
 
-	if cfg.Raw().OriginalVersion == 15 {
+	if cfg.RawCopy().OriginalVersion == 15 {
 		// The config version 15->16 migration is about handling ignores and
 		// delta indexes and requires that we drop existing indexes that
 		// have been incorrectly ignore filtered.
 		ldb.DropDeltaIndexIDs()
 	}
+	if cfg.RawCopy().OriginalVersion < 19 {
+		// Converts old symlink types to new in the entire database.
+		ldb.ConvertSymlinkTypes()
+	}
 
 	m := model.NewModel(cfg, myID, myDeviceName(cfg), "syncthing", Version, ldb, protectedFiles)
 
@@ -681,14 +806,17 @@ func syncthingMain(runtimeOptions RuntimeOptions) {
 		m.StartDeadlockDetector(20 * time.Minute)
 	}
 
-	if runtimeOptions.paused {
-		for device := range cfg.Devices() {
-			m.PauseDevice(device)
-		}
+	if runtimeOptions.unpaused {
+		setPauseState(cfg, false)
+	} else if runtimeOptions.paused {
+		setPauseState(cfg, true)
 	}
 
 	// Add and start folders
 	for _, folderCfg := range cfg.Folders() {
+		if folderCfg.Paused {
+			continue
+		}
 		m.AddFolder(folderCfg)
 		m.StartFolder(folderCfg.ID)
 	}
@@ -740,7 +868,7 @@ func syncthingMain(runtimeOptions RuntimeOptions) {
 
 	// GUI
 
-	setupGUI(mainService, cfg, m, apiSub, cachedDiscovery, connectionsService, errors, systemLog, runtimeOptions)
+	setupGUI(mainService, cfg, m, apiSub, diskSub, cachedDiscovery, connectionsService, errors, systemLog, runtimeOptions)
 
 	if runtimeOptions.cpuProfile {
 		f, err := os.Create(fmt.Sprintf("cpu-%d.pprof", os.Getpid()))
@@ -756,20 +884,26 @@ func syncthingMain(runtimeOptions RuntimeOptions) {
 		}
 	}
 
+	// Candidate builds always run with usage reporting.
+
+	if IsCandidate {
+		l.Infoln("Anonymous usage reporting is always enabled for candidate releases.")
+		opts.URAccepted = usageReportVersion
+		// Unique ID will be set and config saved below if necessary.
+	}
+
 	if opts.URAccepted > 0 && opts.URAccepted < usageReportVersion {
 		l.Infoln("Anonymous usage report has changed; revoking acceptance")
 		opts.URAccepted = 0
 		opts.URUniqueID = ""
 		cfg.SetOptions(opts)
 	}
-	if opts.URAccepted >= usageReportVersion {
-		if opts.URUniqueID == "" {
-			// Previously the ID was generated from the node ID. We now need
-			// to generate a new one.
-			opts.URUniqueID = rand.String(8)
-			cfg.SetOptions(opts)
-			cfg.Save()
-		}
+
+	if opts.URAccepted >= usageReportVersion && opts.URUniqueID == "" {
+		// Generate and save a new unique ID if it is missing.
+		opts.URUniqueID = rand.String(8)
+		cfg.SetOptions(opts)
+		cfg.Save()
 	}
 
 	// The usageReportingManager registers itself to listen to configuration
@@ -781,8 +915,21 @@ func syncthingMain(runtimeOptions RuntimeOptions) {
 		go standbyMonitor()
 	}
 
+	// Candidate builds should auto upgrade. Make sure the option is set,
+	// unless we are in a build where it's disabled or the STNOUPGRADE
+	// environment variable is set.
+
+	if IsCandidate && !upgrade.DisabledByCompilation && !noUpgradeFromEnv {
+		l.Infoln("Automatic upgrade is always enabled for candidate releases.")
+		if opts.AutoUpgradeIntervalH == 0 || opts.AutoUpgradeIntervalH > 24 {
+			opts.AutoUpgradeIntervalH = 12
+		}
+		// We don't tweak the user's choice of upgrading to pre-releases or
+		// not, as otherwise they cannot step off the candidate channel.
+	}
+
 	if opts.AutoUpgradeIntervalH > 0 {
-		if noUpgrade {
+		if noUpgradeFromEnv {
 			l.Infof("No automatic upgrades; STNOUPGRADE environment variable defined.")
 		} else {
 			go autoUpgrade(cfg)
@@ -792,7 +939,6 @@ func syncthingMain(runtimeOptions RuntimeOptions) {
 	events.Default.Log(events.StartupComplete, map[string]string{
 		"myID": myID.String(),
 	})
-	go generatePingEvents()
 
 	cleanConfigDirectory()
 
@@ -840,22 +986,6 @@ func setupSignalHandling() {
 	}()
 }
 
-// printHashRate prints the hashing performance in MB/s, formatting it with
-// appropriate precision for the value, i.e. 182 MB/s, 18 MB/s, 1.8 MB/s, 0.18
-// MB/s.
-func printHashRate() {
-	hashRate := cpuBench(3, 100*time.Millisecond)
-
-	decimals := 0
-	if hashRate < 1 {
-		decimals = 2
-	} else if hashRate < 10 {
-		decimals = 1
-	}
-
-	l.Infof("Single thread hash performance is ~%.*f MB/s", decimals, hashRate)
-}
-
 func loadConfig() (*config.Wrapper, error) {
 	cfgFile := locations[locConfigFile]
 	cfg, err := config.Load(cfgFile, myID)
@@ -878,7 +1008,7 @@ func loadOrCreateConfig() *config.Wrapper {
 		l.Fatalln("Config:", err)
 	}
 
-	if cfg.Raw().OriginalVersion != config.CurrentVersion {
+	if cfg.RawCopy().OriginalVersion != config.CurrentVersion {
 		err = archiveAndSaveConfig(cfg)
 		if err != nil {
 			l.Fatalln("Config archive:", err)
@@ -889,24 +1019,57 @@ func loadOrCreateConfig() *config.Wrapper {
 }
 
 func archiveAndSaveConfig(cfg *config.Wrapper) error {
-	// To prevent previous config from being cleaned up, quickly touch it too
-	now := time.Now()
-	_ = os.Chtimes(cfg.ConfigPath(), now, now) // May return error on Android etc; no worries
-
-	archivePath := cfg.ConfigPath() + fmt.Sprintf(".v%d", cfg.Raw().OriginalVersion)
+	// Copy the existing config to an archive copy
+	archivePath := cfg.ConfigPath() + fmt.Sprintf(".v%d", cfg.RawCopy().OriginalVersion)
 	l.Infoln("Archiving a copy of old config file format at:", archivePath)
-	if err := osutil.Rename(cfg.ConfigPath(), archivePath); err != nil {
+	if err := copyFile(cfg.ConfigPath(), archivePath); err != nil {
 		return err
 	}
 
+	// Do a regular atomic config sve
 	return cfg.Save()
 }
 
-func startAuditing(mainService *suture.Supervisor) {
-	auditFile := timestampedLoc(locAuditLog)
-	fd, err := os.OpenFile(auditFile, os.O_WRONLY|os.O_CREATE|os.O_EXCL, 0600)
+func copyFile(src, dst string) error {
+	bs, err := ioutil.ReadFile(src)
 	if err != nil {
-		l.Fatalln("Audit:", err)
+		return err
+	}
+
+	if err := ioutil.WriteFile(dst, bs, 0600); err != nil {
+		// Attempt to clean up
+		os.Remove(dst)
+		return err
+	}
+
+	return nil
+}
+
+func startAuditing(mainService *suture.Supervisor, auditFile string) {
+
+	var fd io.Writer
+	var err error
+	var auditDest string
+	var auditFlags int
+
+	if auditFile == "-" {
+		fd = os.Stdout
+		auditDest = "stdout"
+	} else if auditFile == "--" {
+		fd = os.Stderr
+		auditDest = "stderr"
+	} else {
+		if auditFile == "" {
+			auditFile = timestampedLoc(locAuditLog)
+			auditFlags = os.O_WRONLY | os.O_CREATE | os.O_EXCL
+		} else {
+			auditFlags = os.O_WRONLY | os.O_CREATE | os.O_APPEND
+		}
+		fd, err = os.OpenFile(auditFile, auditFlags, 0600)
+		if err != nil {
+			l.Fatalln("Audit:", err)
+		}
+		auditDest = auditFile
 	}
 
 	auditService := newAuditService(fd)
@@ -916,10 +1079,10 @@ func startAuditing(mainService *suture.Supervisor) {
 	// ensure we capture all events from the start.
 	auditService.WaitForStart()
 
-	l.Infoln("Audit log in", auditFile)
+	l.Infoln("Audit log in", auditDest)
 }
 
-func setupGUI(mainService *suture.Supervisor, cfg *config.Wrapper, m *model.Model, apiSub events.BufferedSubscription, discoverer discover.CachingMux, connectionsService *connections.Service, errors, systemLog logger.Recorder, runtimeOptions RuntimeOptions) {
+func setupGUI(mainService *suture.Supervisor, cfg *config.Wrapper, m *model.Model, apiSub events.BufferedSubscription, diskSub events.BufferedSubscription, discoverer discover.CachingMux, connectionsService *connections.Service, errors, systemLog logger.Recorder, runtimeOptions RuntimeOptions) {
 	guiCfg := cfg.GUI()
 
 	if !guiCfg.Enabled {
@@ -930,13 +1093,14 @@ func setupGUI(mainService *suture.Supervisor, cfg *config.Wrapper, m *model.Mode
 		l.Warnln("Insecure admin access is enabled.")
 	}
 
-	api := newAPIService(myID, cfg, locations[locHTTPSCertFile], locations[locHTTPSKeyFile], runtimeOptions.assetDir, m, apiSub, discoverer, connectionsService, errors, systemLog)
+	api := newAPIService(myID, cfg, locations[locHTTPSCertFile], locations[locHTTPSKeyFile], runtimeOptions.assetDir, m, apiSub, diskSub, discoverer, connectionsService, errors, systemLog)
 	cfg.Subscribe(api)
 	mainService.Add(api)
 
 	if cfg.Options().StartBrowser && !runtimeOptions.noBrowser && !runtimeOptions.stRestarting {
 		// Can potentially block if the utility we are invoking doesn't
 		// fork, and just execs, hence keep it in it's own routine.
+		<-api.startedOnce
 		go openURL(guiCfg.URL())
 	}
 }
@@ -946,9 +1110,8 @@ func defaultConfig(myName string) config.Configuration {
 
 	if !noDefaultFolder {
 		l.Infoln("Default folder created and/or linked to new config")
-		folderID := strings.ToLower(rand.String(5) + "-" + rand.String(5))
-		defaultFolder = config.NewFolderConfiguration(folderID, locations[locDefFolder])
-		defaultFolder.Label = "Default Folder (" + folderID + ")"
+		defaultFolder = config.NewFolderConfiguration("default", locations[locDefFolder])
+		defaultFolder.Label = "Default Folder"
 		defaultFolder.RescanIntervalS = 60
 		defaultFolder.MinDiskFreePct = 1
 		defaultFolder.Devices = []config.FolderDeviceConfiguration{{DeviceID: myID}}
@@ -989,13 +1152,6 @@ func defaultConfig(myName string) config.Configuration {
 	return newCfg
 }
 
-func generatePingEvents() {
-	for {
-		time.Sleep(pingEventInterval)
-		events.Default.Log(events.Ping, nil)
-	}
-}
-
 func resetDB() error {
 	return os.RemoveAll(locations[locDatabase])
 }
@@ -1053,7 +1209,7 @@ func getFreePort(host string, ports ...int) (int, error) {
 }
 
 func standbyMonitor() {
-	restartDelay := time.Duration(60 * time.Second)
+	restartDelay := 60 * time.Second
 	now := time.Now()
 	for {
 		time.Sleep(10 * time.Second)
@@ -1085,8 +1241,8 @@ func autoUpgrade(cfg *config.Wrapper) {
 			l.Infof("Connected to device %s with a newer version (current %q < remote %q). Checking for upgrades.", data["id"], Version, data["clientVersion"])
 		case <-timer.C:
 		}
-
-		rel, err := upgrade.LatestRelease(cfg.Options().ReleasesURL, Version)
+		opts := cfg.Options()
+		rel, err := upgrade.LatestRelease(opts.ReleasesURL, Version, opts.UpgradeToPreReleases)
 		if err == upgrade.ErrUpgradeUnsupported {
 			events.Default.Unsubscribe(sub)
 			return
@@ -1186,3 +1342,16 @@ func showPaths() {
 	fmt.Printf("GUI override directory:\n\t%s\n\n", locations[locGUIAssets])
 	fmt.Printf("Default sync folder directory:\n\t%s\n\n", locations[locDefFolder])
 }
+
+func setPauseState(cfg *config.Wrapper, paused bool) {
+	raw := cfg.RawCopy()
+	for i := range raw.Devices {
+		raw.Devices[i].Paused = paused
+	}
+	for i := range raw.Folders {
+		raw.Folders[i].Paused = paused
+	}
+	if err := cfg.Replace(raw); err != nil {
+		l.Fatalln("Cannot adjust paused state:", err)
+	}
+}

cmd/syncthing/main_test.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 

cmd/syncthing/memsize_darwin.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 

cmd/syncthing/memsize_linux.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 

cmd/syncthing/memsize_netbsd.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 

cmd/syncthing/memsize_solaris.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 // +build solaris
 

cmd/syncthing/memsize_unimpl.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 // +build freebsd openbsd dragonfly
 

cmd/syncthing/memsize_windows.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 

cmd/syncthing/mocked_config_test.go

@@ -2,13 +2,14 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 
 import (
 	"github.com/syncthing/syncthing/lib/config"
 	"github.com/syncthing/syncthing/lib/protocol"
+	"github.com/syncthing/syncthing/lib/util"
 )
 
 type mockedConfig struct {
@@ -23,8 +24,10 @@ func (c *mockedConfig) ListenAddresses() []string {
 	return nil
 }
 
-func (c *mockedConfig) Raw() config.Configuration {
-	return config.Configuration{}
+func (c *mockedConfig) RawCopy() config.Configuration {
+	cfg := config.Configuration{}
+	util.SetDefaults(&cfg.Options)
+	return cfg
 }
 
 func (c *mockedConfig) Options() config.OptionsConfiguration {
@@ -45,6 +48,14 @@ func (c *mockedConfig) Devices() map[protocol.DeviceID]config.DeviceConfiguratio
 	return nil
 }
 
+func (c *mockedConfig) SetDevice(config.DeviceConfiguration) error {
+	return nil
+}
+
+func (c *mockedConfig) SetDevices([]config.DeviceConfiguration) error {
+	return nil
+}
+
 func (c *mockedConfig) Save() error {
 	return nil
 }

cmd/syncthing/mocked_connections_test.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 

cmd/syncthing/mocked_discovery_test.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 

cmd/syncthing/mocked_events_test.go

@@ -2,14 +2,18 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 
-import "github.com/syncthing/syncthing/lib/events"
+import (
+	"time"
+
+	"github.com/syncthing/syncthing/lib/events"
+)
 
 type mockedEventSub struct{}
 
-func (s *mockedEventSub) Since(id int, into []events.Event) []events.Event {
+func (s *mockedEventSub) Since(id int, into []events.Event, timeout time.Duration) []events.Event {
 	select {}
 }

cmd/syncthing/mocked_logger_test.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 

cmd/syncthing/mocked_model_test.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 
@@ -31,8 +31,8 @@ func (m *mockedModel) NeedFolderFiles(folder string, page, perpage int) ([]db.Fi
 	return nil, nil, nil, 0
 }
 
-func (m *mockedModel) NeedSize(folder string) (nfiles int, bytes int64) {
-	return 0, 0
+func (m *mockedModel) NeedSize(folder string) db.Counts {
+	return db.Counts{}
 }
 
 func (m *mockedModel) ConnectionStats() map[string]interface{} {
@@ -95,12 +95,12 @@ func (m *mockedModel) ConnectedTo(deviceID protocol.DeviceID) bool {
 	return false
 }
 
-func (m *mockedModel) GlobalSize(folder string) (nfiles, deleted int, bytes int64) {
-	return 0, 0, 0
+func (m *mockedModel) GlobalSize(folder string) db.Counts {
+	return db.Counts{}
 }
 
-func (m *mockedModel) LocalSize(folder string) (nfiles, deleted int, bytes int64) {
-	return 0, 0, 0
+func (m *mockedModel) LocalSize(folder string) db.Counts {
+	return db.Counts{}
 }
 
 func (m *mockedModel) CurrentSequence(folder string) (int64, bool) {

cmd/syncthing/monitor.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 
@@ -35,8 +35,6 @@ const (
 )
 
 func monitorMain(runtimeOptions RuntimeOptions) {
-	os.Setenv("STNORESTART", "yes")
-	os.Setenv("STMONITORED", "yes")
 	l.SetPrefix("[monitor] ")
 
 	var dst io.Writer = os.Stdout
@@ -70,6 +68,8 @@ func monitorMain(runtimeOptions RuntimeOptions) {
 	sigHup := syscall.Signal(1)
 	signal.Notify(restartSign, sigHup)
 
+	childEnv := childEnv()
+	first := true
 	for {
 		if t := time.Since(restarts[0]); t < loopThreshold {
 			l.Warnf("%d restarts in %v; not retrying further", countRestarts, t)
@@ -80,6 +80,7 @@ func monitorMain(runtimeOptions RuntimeOptions) {
 		restarts[len(restarts)-1] = time.Now()
 
 		cmd := exec.Command(args[0], args[1:]...)
+		cmd.Env = childEnv
 
 		stderr, err := cmd.StderrPipe()
 		if err != nil {
@@ -97,10 +98,6 @@ func monitorMain(runtimeOptions RuntimeOptions) {
 			l.Fatalln(err)
 		}
 
-		// Let the next child process know that this is not the first time
-		// it's starting up.
-		os.Setenv("STRESTART", "yes")
-
 		stdoutMut.Lock()
 		stdoutFirstLines = make([]string, 0, 10)
 		stdoutLastLines = make([]string, 0, 50)
@@ -150,7 +147,6 @@ func monitorMain(runtimeOptions RuntimeOptions) {
 						// Restart the monitor process to release the .old
 						// binary as part of the upgrade process.
 						l.Infoln("Restarting monitor...")
-						os.Setenv("STNORESTART", "")
 						if err = restartMonitor(args); err != nil {
 							l.Warnln("Restart:", err)
 						}
@@ -162,6 +158,13 @@ func monitorMain(runtimeOptions RuntimeOptions) {
 
 		l.Infoln("Syncthing exited:", err)
 		time.Sleep(1 * time.Second)
+
+		if first {
+			// Let the next child process know that this is not the first time
+			// it's starting up.
+			childEnv = append(childEnv, "STRESTART=yes")
+			first = false
+		}
 	}
 }
 
@@ -178,6 +181,22 @@ func copyStderr(stderr io.Reader, dst io.Writer) {
 		if panicFd == nil {
 			dst.Write([]byte(line))
 
+			if strings.Contains(line, "SIGILL") {
+				l.Warnln(`
+*******************************************************************************
+* Crash due to illegal instruction detected. This is most likely due to a CPU *
+* incompatibility with the high performance hashing package. Switching to the *
+* standard hashing package instead. Please report this issue at:              *
+*                                                                             *
+*   https://github.com/syncthing/syncthing/issues                             *
+*                                                                             *
+* Include the details of your CPU.                                            *
+*******************************************************************************
+`)
+				os.Setenv("STHASHING", "standard")
+				return
+			}
+
 			if strings.HasPrefix(line, "panic:") || strings.HasPrefix(line, "fatal error:") {
 				panicFd, err = os.Create(timestampedLoc(locPanicLog))
 				if err != nil {
@@ -186,8 +205,24 @@ func copyStderr(stderr io.Reader, dst io.Writer) {
 				}
 
 				l.Warnf("Panic detected, writing to \"%s\"", panicFd.Name())
-				l.Warnln("Please check for existing issues with similar panic message at https://github.com/syncthing/syncthing/issues/")
-				l.Warnln("If no issue with similar panic message exists, please create a new issue with the panic log attached")
+				if strings.Contains(line, "leveldb") && strings.Contains(line, "corrupt") {
+					l.Warnln(`
+*********************************************************************************
+* Crash due to corrupt database.                                                *
+*                                                                               *
+* This crash usually occurs due to one of the following reasons:                *
+*  - Syncthing being stopped abruptly (killed/loss of power)                    *
+*  - Bad hardware (memory/disk issues)                                          *
+*  - Software that affects disk writes (SSD caching software and simillar)      *
+*                                                                               *
+* Please see the following URL for instructions on how to recover:              *
+*   https://docs.syncthing.net/users/faq.html#my-syncthing-database-is-corrupt  *
+*********************************************************************************
+`)
+				} else {
+					l.Warnln("Please check for existing issues with similar panic message at https://github.com/syncthing/syncthing/issues/")
+					l.Warnln("If no issue with similar panic message exists, please create a new issue with the panic log attached")
+				}
 
 				stdoutMut.Lock()
 				for _, line := range stdoutFirstLines {
@@ -378,3 +413,19 @@ func (f *autoclosedFile) closerLoop() {
 		}
 	}
 }
+
+// Returns the desired child environment, properly filtered and added to.
+func childEnv() []string {
+	var env []string
+	for _, str := range os.Environ() {
+		if strings.HasPrefix("STNORESTART=", str) {
+			continue
+		}
+		if strings.HasPrefix("STMONITORED=", str) {
+			continue
+		}
+		env = append(env, str)
+	}
+	env = append(env, "STMONITORED=yes")
+	return env
+}

cmd/syncthing/openurl_unix.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 // +build !windows
 

cmd/syncthing/openurl_windows.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 // +build windows
 

cmd/syncthing/perfstats_unix.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 // +build !solaris,!windows
 

cmd/syncthing/summaryservice.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 
@@ -169,7 +169,7 @@ func (c *folderSummaryService) foldersToHandle() []string {
 	c.lastEventReqMut.Lock()
 	last := c.lastEventReq
 	c.lastEventReqMut.Unlock()
-	if time.Since(last) > pingEventInterval {
+	if time.Since(last) > defaultEventTimeout {
 		return nil
 	}
 

cmd/syncthing/traceback.go

@@ -0,0 +1,16 @@
+// Copyright (C) 2016 The Syncthing Authors.
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this file,
+// You can obtain one at https://mozilla.org/MPL/2.0/.
+
+//+build go1.7
+
+package main
+
+import "runtime/debug"
+
+func init() {
+	// We want all (our) goroutines in panic traces.
+	debug.SetTraceback("all")
+}

cmd/syncthing/usage.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 

cmd/syncthing/usage_report.go

@@ -2,14 +2,13 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 
 import (
 	"bytes"
 	"crypto/rand"
-	"crypto/sha256"
 	"crypto/tls"
 	"encoding/json"
 	"fmt"
@@ -23,6 +22,7 @@ import (
 	"github.com/syncthing/syncthing/lib/dialer"
 	"github.com/syncthing/syncthing/lib/model"
 	"github.com/syncthing/syncthing/lib/protocol"
+	"github.com/syncthing/syncthing/lib/scanner"
 	"github.com/syncthing/syncthing/lib/upgrade"
 	"github.com/thejerf/suture"
 )
@@ -45,7 +45,7 @@ func newUsageReportingManager(cfg *config.Wrapper, m *model.Model) *usageReporti
 	}
 
 	// Start UR if it's enabled.
-	mgr.CommitConfiguration(config.Configuration{}, cfg.Raw())
+	mgr.CommitConfiguration(config.Configuration{}, cfg.RawCopy())
 
 	// Listen to future config changes so that we can start and stop as
 	// appropriate.
@@ -81,9 +81,10 @@ func (m *usageReportingManager) String() string {
 // reportData returns the data to be sent in a usage report. It's used in
 // various places, so not part of the usageReportingManager object.
 func reportData(cfg configIntf, m modelIntf) map[string]interface{} {
+	opts := cfg.Options()
 	res := make(map[string]interface{})
 	res["urVersion"] = usageReportVersion
-	res["uniqueID"] = cfg.Options().URUniqueID
+	res["uniqueID"] = opts.URUniqueID
 	res["version"] = Version
 	res["longVersion"] = LongVersion
 	res["platform"] = runtime.GOOS + "-" + runtime.GOARCH
@@ -93,14 +94,14 @@ func reportData(cfg configIntf, m modelIntf) map[string]interface{} {
 	var totFiles, maxFiles int
 	var totBytes, maxBytes int64
 	for folderID := range cfg.Folders() {
-		files, _, bytes := m.GlobalSize(folderID)
-		totFiles += files
-		totBytes += bytes
-		if files > maxFiles {
-			maxFiles = files
+		global := m.GlobalSize(folderID)
+		totFiles += global.Files
+		totBytes += global.Bytes
+		if global.Files > maxFiles {
+			maxFiles = global.Files
 		}
-		if bytes > maxBytes {
-			maxBytes = bytes
+		if global.Bytes > maxBytes {
+			maxBytes = global.Bytes
 		}
 	}
 
@@ -112,7 +113,8 @@ func reportData(cfg configIntf, m modelIntf) map[string]interface{} {
 	var mem runtime.MemStats
 	runtime.ReadMemStats(&mem)
 	res["memoryUsageMiB"] = (mem.Sys - mem.HeapReleased) / 1024 / 1024
-	res["sha256Perf"] = cpuBench(5, 125*time.Millisecond)
+	res["sha256Perf"] = cpuBench(5, 125*time.Millisecond, false)
+	res["hashPerf"] = cpuBench(5, 125*time.Millisecond, true)
 
 	bytes, err := memorySize()
 	if err == nil {
@@ -134,7 +136,7 @@ func reportData(cfg configIntf, m modelIntf) map[string]interface{} {
 	for _, cfg := range cfg.Folders() {
 		rescanIntvs = append(rescanIntvs, cfg.RescanIntervalS)
 
-		if cfg.Type == config.FolderTypeReadOnly {
+		if cfg.Type == config.FolderTypeSendOnly {
 			folderUses["readonly"]++
 		}
 		if cfg.IgnorePerms {
@@ -188,7 +190,7 @@ func reportData(cfg configIntf, m modelIntf) map[string]interface{} {
 	res["deviceUses"] = deviceUses
 
 	defaultAnnounceServersDNS, defaultAnnounceServersIP, otherAnnounceServers := 0, 0, 0
-	for _, addr := range cfg.Options().GlobalAnnServers {
+	for _, addr := range opts.GlobalAnnServers {
 		if addr == "default" || addr == "default-v4" || addr == "default-v6" {
 			defaultAnnounceServersDNS++
 		} else {
@@ -196,8 +198,8 @@ func reportData(cfg configIntf, m modelIntf) map[string]interface{} {
 		}
 	}
 	res["announce"] = map[string]interface{}{
-		"globalEnabled":     cfg.Options().GlobalAnnEnabled,
-		"localEnabled":      cfg.Options().LocalAnnEnabled,
+		"globalEnabled":     opts.GlobalAnnEnabled,
+		"localEnabled":      opts.LocalAnnEnabled,
 		"defaultServersDNS": defaultAnnounceServersDNS,
 		"defaultServersIP":  defaultAnnounceServersIP,
 		"otherServers":      otherAnnounceServers,
@@ -218,10 +220,11 @@ func reportData(cfg configIntf, m modelIntf) map[string]interface{} {
 		"otherServers":   otherRelayServers,
 	}
 
-	res["usesRateLimit"] = cfg.Options().MaxRecvKbps > 0 || cfg.Options().MaxSendKbps > 0
+	res["usesRateLimit"] = opts.MaxRecvKbps > 0 || opts.MaxSendKbps > 0
 
-	res["upgradeAllowedManual"] = !(upgrade.DisabledByCompilation || noUpgrade)
-	res["upgradeAllowedAuto"] = !(upgrade.DisabledByCompilation || noUpgrade) && cfg.Options().AutoUpgradeIntervalH > 0
+	res["upgradeAllowedManual"] = !(upgrade.DisabledByCompilation || noUpgradeFromEnv)
+	res["upgradeAllowedAuto"] = !(upgrade.DisabledByCompilation || noUpgradeFromEnv) && opts.AutoUpgradeIntervalH > 0
+	res["upgradeAllowedPre"] = !(upgrade.DisabledByCompilation || noUpgradeFromEnv) && opts.AutoUpgradeIntervalH > 0 && opts.UpgradeToPreReleases
 
 	return res
 }
@@ -284,29 +287,31 @@ func (s *usageReportingService) Stop() {
 }
 
 // cpuBench returns CPU performance as a measure of single threaded SHA-256 MiB/s
-func cpuBench(iterations int, duration time.Duration) float64 {
+func cpuBench(iterations int, duration time.Duration, useWeakHash bool) float64 {
+	dataSize := 16 * protocol.BlockSize
+	bs := make([]byte, dataSize)
+	rand.Reader.Read(bs)
+
 	var perf float64
 	for i := 0; i < iterations; i++ {
-		if v := cpuBenchOnce(duration); v > perf {
+		if v := cpuBenchOnce(duration, useWeakHash, bs); v > perf {
 			perf = v
 		}
 	}
+	blocksResult = nil
 	return perf
 }
 
-func cpuBenchOnce(duration time.Duration) float64 {
-	chunkSize := 100 * 1 << 10
-	h := sha256.New()
-	bs := make([]byte, chunkSize)
-	rand.Reader.Read(bs)
+var blocksResult []protocol.BlockInfo // so the result is not optimized away
 
+func cpuBenchOnce(duration time.Duration, useWeakHash bool, bs []byte) float64 {
 	t0 := time.Now()
 	b := 0
 	for time.Since(t0) < duration {
-		h.Write(bs)
-		b += chunkSize
+		r := bytes.NewReader(bs)
+		blocksResult, _ = scanner.Blocks(r, protocol.BlockSize, int64(len(bs)), nil, useWeakHash)
+		b += len(bs)
 	}
-	h.Sum(nil)
 	d := time.Since(t0)
 	return float64(int(float64(b)/d.Seconds()/(1<<20)*100)) / 100
 }

cmd/syncthing/verboseservice.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 package main
 
@@ -66,7 +66,7 @@ func (s *verboseService) WaitForStart() {
 
 func (s *verboseService) formatEvent(ev events.Event) string {
 	switch ev.Type {
-	case events.Ping, events.DownloadProgress, events.LocalIndexUpdated:
+	case events.DownloadProgress, events.LocalIndexUpdated:
 		// Skip
 		return ""
 
@@ -94,9 +94,12 @@ func (s *verboseService) formatEvent(ev events.Event) string {
 
 	case events.LocalChangeDetected:
 		data := ev.Data.(map[string]string)
-		// Local change detected in folder "foo": modified file /Users/jb/whatever
 		return fmt.Sprintf("Local change detected in folder %q: %s %s %s", data["folder"], data["action"], data["type"], data["path"])
 
+	case events.RemoteChangeDetected:
+		data := ev.Data.(map[string]string)
+		return fmt.Sprintf("Remote change detected in folder %q: %s %s %s", data["folder"], data["action"], data["type"], data["path"])
+
 	case events.RemoteIndexUpdated:
 		data := ev.Data.(map[string]interface{})
 		return fmt.Sprintf("Device %v sent an index update for %q with %d items", data["device"], data["folder"], data["items"])
@@ -151,7 +154,7 @@ func (s *verboseService) formatEvent(ev events.Event) string {
 		if total > 0 {
 			pct = 100 * current / total
 		}
-		return fmt.Sprintf("Scanning folder %q, %d%% done (%.01f MB/s)", folder, pct, rate)
+		return fmt.Sprintf("Scanning folder %q, %d%% done (%.01f MiB/s)", folder, pct, rate)
 
 	case events.DevicePaused:
 		data := ev.Data.(map[string]string)
@@ -163,6 +166,18 @@ func (s *verboseService) formatEvent(ev events.Event) string {
 		device := data["device"]
 		return fmt.Sprintf("Device %v was resumed", device)
 
+	case events.FolderPaused:
+		data := ev.Data.(map[string]string)
+		id := data["id"]
+		label := data["label"]
+		return fmt.Sprintf("Folder %v (%v) was paused", id, label)
+
+	case events.FolderResumed:
+		data := ev.Data.(map[string]string)
+		id := data["id"]
+		label := data["label"]
+		return fmt.Sprintf("Folder %v (%v) was resumed", id, label)
+
 	case events.ListenAddressesChanged:
 		data := ev.Data.(map[string]interface{})
 		address := data["address"]

cmd/todos/main.go

@@ -2,7 +2,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 // +build ignore
 

debtpl/common/changelog

@@ -1,5 +0,0 @@
-{{.name}} ({{.version}}); urgency=medium
-
-  * Packaging of {{.version}}.
-
- -- Syncthing Release Management <release@syncthing.net>  {{.date}}

debtpl/common/compat

@@ -1 +0,0 @@
-9

debtpl/syncthing/control

@@ -1,16 +0,0 @@
-Package: syncthing
-Version: {{.version}}
-Priority: optional
-Section: net
-Architecture: {{.arch}}
-Depends: libc6, procps
-Homepage: https://syncthing.net/
-Maintainer: Syncthing Release Management <release@syncthing.net>
-Description: Open Source Continuous File Synchronization
- Syncthing is an application that lets you synchronize your files across
- multiple devices. This means the creation, modification or deletion of files
- on one machine will automatically be replicated to your other devices. We
- believe your data is your data alone and you deserve to choose where it is
- stored. Therefore Syncthing does not upload your data to the cloud but
- exchanges your data across your machines as soon as they are online at the
- same time.

debtpl/syncthing/postinst

@@ -1,6 +0,0 @@
-#!/bin/bash
-set -euo pipefail
-
-if [[ ${1:-} == configure ]]; then
-	pkill -HUP -x syncthing || true
-fi

etc/firewall-ufw/README.md

@@ -0,0 +1,31 @@
+Uncomplicated FireWall application preset
+===================
+Installation
+-----------
+**Please note:** When you installed syncthing using the official deb package, you can skip the copying.
+
+Copy the file `syncthing` to your ufw applications directory usually located at `/etc/ufw/applications.d/` (root permissions required).
+
+In a terminal run
+```
+sudo ufw app update syncthing
+sudo ufw app update syncthing-gui
+```
+to load the presets.
+To allow the syncthing ports, run
+```
+sudo ufw allow syncthing
+```
+If you want to access the web gui from anywhere (not only from localhost), you can also allow the gui port.
+This is step is **not** necessary for a "normal" installation!
+```
+sudo ufw allow syncthing-gui
+```
+
+
+Verification
+----------
+You can verify the opened ports by running
+```
+sudo ufw status verbose
+```

etc/firewall-ufw/syncthing

@@ -0,0 +1,9 @@
+[syncthing]
+title=Syncthing
+description=Syncthing file synchronisation
+ports=22000/tcp|21027/udp
+
+[syncthing-gui]
+title=Syncthing-GUI
+description=Syncthing web gui
+ports=8384/tcp

etc/linux-systemd/README.md

@@ -3,6 +3,6 @@
 This directory contains configuration files for running Syncthing under the
 "systemd" service manager on Linux both under either a systemd system service or
 systemd user service. For further documentation take a look at the [systemd
-section][1] on http://docs.syncthing.net.
+section][1] on https://docs.syncthing.net.
 
-[1]: http://docs.syncthing.net/users/autostart.html#systemd
+[1]: https://docs.syncthing.net/users/autostart.html#systemd

etc/linux-systemd/system/syncthing-resume.service

@@ -1,11 +1,11 @@
 [Unit]
 Description=Restart Syncthing after resume
 Documentation=man:syncthing(1)
-After=suspend.target
+After=sleep.target
 
 [Service]
 Type=oneshot
-ExecStart=/usr/bin/pkill -HUP -x syncthing
+ExecStart=-/usr/bin/pkill -HUP -x syncthing
 
 [Install]
-WantedBy=suspend.target
+WantedBy=sleep.target

etc/linux-systemd/user/syncthing.service

@@ -1,7 +1,6 @@
 [Unit]
 Description=Syncthing - Open Source Continuous File Synchronization
 Documentation=man:syncthing(1)
-After=network.target
 Wants=syncthing-inotify.service
 
 [Service]

etc/linux-upstart/README.md

@@ -11,6 +11,6 @@ To manualy start syncthing via Upstart when using the system configuration use:
     sudo initctl start syncthing
 ```
 
-For further documentation see [http://docs.syncthing.net/users/autostart.html][1].
+For further documentation see [https://docs.syncthing.net/users/autostart.html][1].
 
-[1]: http://docs.syncthing.net/users/autostart.html#Upstart
+[1]: https://docs.syncthing.net/users/autostart.html#Upstart

gui/black/assets/css/theme.css

@@ -0,0 +1,245 @@
+/**
+
+Black theme
+
+Author: alessandro.g89
+Source: https://userstyles.org/styles/122502/syncthing-dark
+
+**/
+
+body {
+    color: #aaa !important;
+    background-color: black !important;
+}
+
+a:hover,a:focus,a.focus{
+    outline: none !important;
+}
+
+
+/* navbar */
+.navbar {
+    background-color: #333 !important;
+    border-color: #333 !important;
+    border-width: 2px !important;
+}
+
+.navbar-text, .dropdown>a, .dropdown-menu>li>a, .hidden-xs>a, .navbar-link {
+    color: #aaa !important;
+}
+
+.dropdown-menu {
+    border-color: #333 !important;
+    border-width: 2px !important;
+    background-color: #222 !important;
+}
+
+.dropdown-menu>li>a:hover, .dropdown-menu>li>a:focus {
+    color: #fff !important;
+    background-color: #333 !important;
+}
+
+.open>.dropdown-toggle, .dropdown-toggle:hover {
+    border-color: #333 !important;
+    background-color: #222 !important;
+}
+
+.divider {
+    background-color: #333 !important;
+    height: 2px !important;
+}
+
+li.hidden-xs:hover, .navbar-link:hover, .navbar-link:focus {
+    outline: none !important;
+    border-color: #333 !important;
+    background-color: #222 !important;
+}
+
+.dropdown-menu>.active>a {
+    color: #fff !important;
+    background-color: #217dbb !important;
+}
+
+
+/* main panel */
+.panel {
+    background-color: #111 !important;
+    border-width: 2px !important;
+}
+
+.panel-default {
+    border-color: #222 !important;
+}
+
+.panel-default > .panel-heading {
+    color: #aaa !important;
+    border-color: #222 !important;
+    background-color: #222 !important;
+}
+.panel-warning > .panel-heading {
+    color: #222 !important;
+}
+
+.panel-progress {
+    background: #3498db;
+}
+
+.panel-footer {
+    background-color: #111 !important;
+    border-width: 0 !important;
+}
+
+.table-striped>tbody>tr:nth-of-type(odd) {
+    background-color: #181818 !important;
+}
+
+.panel-group .panel-heading+.panel-collapse>.panel-body, .panel-group .panel-heading+.panel-collapse>.list-group {
+    border-top: 1px solid #222 !important;
+}
+
+.identicon rect {
+    fill: #aaa;
+}
+
+.panel-warning .identicon rect {
+    fill: #222;
+}
+
+.panel-heading:hover, .panel-heading:focus {
+    text-decoration: none;
+}
+
+
+/* buttons */
+.btn {
+    border-radius: 3px !important;
+    border-width: 0px !important;
+}
+
+.btn:hover, .btn:focus, .btn.focus {
+    outline: none !important;
+}
+.btn-default {
+    color: #aaa !important;
+    background-color: #333 !important;
+}
+
+.btn-default:hover, .btn-default:focus, .btn-default.focus {
+    color: #fff !important;
+    background-color: #484848 !important;
+}
+
+.btn-primary {
+    background-color: #217dbb !important;
+}
+
+.btn-primary:hover, .btn-primary:focus, .btn-primary.focus {
+    background-color: #3498db !important;
+}
+
+.btn-warning {
+    background-color: #c29d0b !important;
+}
+
+.btn-warning:hover, .btn-warning:focus, .btn-warning.focus {
+    background-color: #f1c40f !important;
+}
+
+.btn-danger {
+    background-color: #d62c1a !important;
+}
+
+.btn-danger:hover, .btn-danger:focus, .btn-danger.focus {
+    background-color: #e74c3c !important;
+}
+
+
+/* modal dialogs */
+.modal-header {
+    border-bottom-color: #222 !important;
+}
+
+.modal-header:not(.alert) {
+    background-color: #222;
+}
+
+.alert-info {
+    color: #222 !important;
+}
+
+.alert-warning {
+    color: #222 !important;
+}
+
+.alert-danger {
+    color: #222 !important;
+    background-color: #d62c1a !important;
+}
+
+.modal-content {
+    border-color: #666 !important;
+    border-width: 2px !important;
+    background-color: #111 !important;
+}
+
+.modal-footer {
+    border-color: #111 !important;
+    background-color: #111 !important;
+}
+
+.help-block {
+    color: #aaa !important;
+}
+
+.form-control {
+    color: #aaa !important;
+    border-color: #444 !important;
+    background-color: black !important;
+}
+
+code.ng-binding{
+    color: #f99 !important;
+    background-color: #444 !important;
+}
+
+.well, .form-control[readonly="readonly"], .popover { /* read-only fields*/
+    color: #666 !important;
+    border-color: #444 !important;
+    background-color: #111 !important;
+}
+
+/* buttons for pagination */
+.pagination>li>a, .pagination>li>span {
+    background-color: #333 !important;
+    border-color: #484848 !important;
+}
+
+.pagination>li>a:hover, .pagination>li>a:focus, .pagination>li>a.focus {
+    background-color: #484848 !important;
+}
+
+
+/* progress bars */
+.progress-bar {
+    background-color: #217dbb !important;
+}
+
+.progress-bar-success {
+    background-color: #0A8522 !important;
+}
+
+.progress-bar-info {
+    background-color: #9b59b6 !important;
+}
+
+.progress-bar-warning {
+    background-color: #c29d0b !important;
+}
+
+.progress-bar-danger {
+    background-color: #d62c1a !important;
+}
+
+.progress .frontal {
+    color: #222;
+}

gui/dark/assets/css/theme.css

@@ -5,11 +5,13 @@ Dark theme
 Author: alessandro.g89
 Source: https://userstyles.org/styles/122502/syncthing-dark
 
+Modified by: fti7
+
 **/
 
 body {
     color: #aaa !important;
-    background-color: black !important;
+    background-color: #272727 !important;
 }
 
 a:hover,a:focus,a.focus{
@@ -20,8 +22,10 @@ a:hover,a:focus,a.focus{
 /* navbar */
 .navbar {
     background-color: #333 !important;
-    border-color: #333 !important;
-    border-width: 2px !important;
+    border-color: #424242 !important;
+    border-top-width: 1px !important;
+    border-bottom-width: 1px !important;
+
 }
 
 .navbar-text, .dropdown>a, .dropdown-menu>li>a, .hidden-xs>a, .navbar-link {
@@ -29,7 +33,7 @@ a:hover,a:focus,a.focus{
 }
 
 .dropdown-menu {
-    border-color: #333 !important;
+    border-color: #424242 !important;
     border-width: 2px !important;
     background-color: #222 !important;
 }
@@ -40,7 +44,7 @@ a:hover,a:focus,a.focus{
 }
 
 .open>.dropdown-toggle, .dropdown-toggle:hover {
-    border-color: #333 !important;
+    border-color: #424242 !important;
     background-color: #222 !important;
 }
 
@@ -51,7 +55,7 @@ a:hover,a:focus,a.focus{
 
 li.hidden-xs:hover, .navbar-link:hover, .navbar-link:focus {
     outline: none !important;
-    border-color: #333 !important;
+    border-color: #424242 !important;
     background-color: #222 !important;
 }
 
@@ -63,18 +67,18 @@ li.hidden-xs:hover, .navbar-link:hover, .navbar-link:focus {
 
 /* main panel */
 .panel {
-    background-color: #111 !important;
+    background-color: #323232 !important;
     border-width: 2px !important;
 }
 
 .panel-default {
-    border-color: #222 !important;
+    border-color: #424242 !important;
 }
 
 .panel-default > .panel-heading {
     color: #aaa !important;
     border-color: #222 !important;
-    background-color: #222 !important;
+    background-color: #3B3B3B !important;
 }
 .panel-warning > .panel-heading {
     color: #222 !important;
@@ -85,16 +89,16 @@ li.hidden-xs:hover, .navbar-link:hover, .navbar-link:focus {
 }
 
 .panel-footer {
-    background-color: #111 !important;
+    background-color: #2D2D2D !important;
     border-width: 0 !important;
 }
 
 .table-striped>tbody>tr:nth-of-type(odd) {
-    background-color: #181818 !important;
+    background-color: #2E2E2E !important;
 }
 
 .panel-group .panel-heading+.panel-collapse>.panel-body, .panel-group .panel-heading+.panel-collapse>.list-group {
-    border-top: 1px solid #222 !important;
+    border-top: 1px solid #424242 !important;
 }
 
 .identicon rect {
@@ -156,11 +160,11 @@ li.hidden-xs:hover, .navbar-link:hover, .navbar-link:focus {
 
 /* modal dialogs */
 .modal-header {
-    border-bottom-color: #222 !important;
+    border-bottom-color: #424242 !important;
 }
 
 .modal-header:not(.alert) {
-    background-color: #222;
+    background-color: #3B3B3B;
 }
 
 .alert-info {
@@ -179,12 +183,12 @@ li.hidden-xs:hover, .navbar-link:hover, .navbar-link:focus {
 .modal-content {
     border-color: #666 !important;
     border-width: 2px !important;
-    background-color: #111 !important;
+    background-color: #272727 !important;
 }
 
 .modal-footer {
-    border-color: #111 !important;
-    background-color: #111 !important;
+    border-color: #303030 !important;
+    background-color: #2D2D2D !important;
 }
 
 .help-block {
@@ -193,8 +197,8 @@ li.hidden-xs:hover, .navbar-link:hover, .navbar-link:focus {
 
 .form-control {
     color: #aaa !important;
-    border-color: #444 !important;
-    background-color: black !important;
+    border-color: #424242 !important;
+    background-color: #3B3B3B !important;
 }
 
 code.ng-binding{
@@ -204,8 +208,8 @@ code.ng-binding{
 
 .well, .form-control[readonly="readonly"], .popover { /* read-only fields*/
     color: #666 !important;
-    border-color: #444 !important;
-    background-color: #111 !important;
+    border-color: #424242 !important;
+    background-color: #3B3B3B !important;
 }
 
 /* buttons for pagination */
@@ -243,3 +247,12 @@ code.ng-binding{
 .progress .frontal {
     color: #222;
 }
+
+.text-info {
+    color: #9a6dc0;
+}
+
+.text-primary {
+    color: #3fa9f0;
+}
+

gui/default/assets/css/overrides.css

@@ -3,7 +3,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 */
 
@@ -103,6 +103,12 @@ ul+h5 {
 table.table-condensed {
     table-layout: fixed;
 }
+
+table.table-dynamic {
+    word-wrap: break-word;
+    word-break: break-all;
+}
+
 table.table-condensed td {
     overflow: hidden;
     text-overflow: ellipsis;
@@ -249,6 +255,10 @@ ul.three-columns li, ul.two-columns li {
     text-indent: -0.5em;
 }
 
+.navbar-fixed-bottom {
+    z-index: 980;
+}
+
 /** Footer nav on small devices **/
 @media (max-width: 1199px) {
     /* Stay at the end of the page, with space reserved for the footer
@@ -329,4 +339,4 @@ ul.three-columns li, ul.two-columns li {
     .navbar-fixed-bottom li {
          width: 100%;
     }
-}
+}

gui/default/assets/css/theme.css

@@ -3,7 +3,7 @@
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
+// You can obtain one at https://mozilla.org/MPL/2.0/.
 
 */
 

gui/default/assets/lang/lang-bg.json

@@ -4,6 +4,7 @@
     "A new major version may not be compatible with previous versions.": "Нова основна версия, която може да не е съвмеситима с предишни версии.",
     "API Key": "API Ключ",
     "About": "За програмата",
+    "Action": "Действие",
     "Actions": "Меню",
     "Add": "Добави",
     "Add Device": "Добави устройство",
@@ -18,9 +19,11 @@
     "All Data": "Всички данни",
     "Allow Anonymous Usage Reporting?": "Разреши анонимно докладване за употребата на програмата?",
     "Alphabetic": "Азбучен ред",
+    "An external command handles the versioning. It has to remove the file from the shared folder.": "Друга команда се занимава с версиите. Тази команда трябва да премахне файла от синхронизираната папка.",
     "An external command handles the versioning. It has to remove the file from the synced folder.": "Друга команда се занимава с версиите. Тази команда трябва да премахни файла от синхронизираната папка.",
     "Anonymous Usage Reporting": "Анонимен доклад",
     "Any devices configured on an introducer device will be added to this device as well.": "Устройства настроени да представят други устройства също ще бъдат добавени към това устройство.",
+    "Automatic upgrade now offers the choice between stable releases and release candidates.": "Автоматичното обновяване вече предлага избор между стабилни версии и кандидат версии.",
     "Automatic upgrades": "Автоматично обновяване",
     "Be careful!": "Внимание!",
     "Bugs": "Бъгове",
@@ -31,49 +34,52 @@
     "Command": "Команда",
     "Comment, when used at the start of a line": "Коментар, използван в началото на реда",
     "Compression": "Компресиране",
+    "Configured": "Настроен",
     "Connection Error": "Грешка при свързването",
     "Connection Type": "Вид връзка",
     "Copied from elsewhere": "Копиране от някъде другаде",
     "Copied from original": "Копиран от оригинала",
     "Copyright © 2014-2016 the following Contributors:": "Всички правата запазени © 2014-2016 Сътрудници:",
-    "Copyright © 2015 the following Contributors:": "Всички правата запазени © 2015 Сътрудници:",
+    "Copyright © 2014-2017 the following Contributors:": "Всички правата запазени © 2014-2017. Сътрудници:",
     "Danger!": "Опасност!",
-    "Delete": "Изтрий",
     "Deleted": "Изтрито",
+    "Device": "Устройство",
     "Device \"{%name%}\" ({%device%} at {%address%}) wants to connect. Add new device?": "Устройство \"{{name}}\" ({{device}}) на {{address}} желае да се свърже. Добави ново устройство?",
     "Device ID": "Идентификатор на устройство",
     "Device Identification": "Идентификатор на устройство",
     "Device Name": "Име на устройството",
-    "Device {%device%} ({%address%}) wants to connect. Add new device?": "Устройство {{device}} ({{address}}) желае да се свърже. Добави ново устройство?",
     "Devices": "Устройства",
     "Disconnected": "Не е свързано",
+    "Discovered": "Открит",
     "Discovery": "Откриване",
+    "Discovery Failures": "Грешка в откриването",
     "Documentation": "Документация",
     "Download Rate": "Скорост на сваляне",
     "Downloaded": "Изтеглен",
     "Downloading": "Изтегляне",
     "Edit": "Промени",
-    "Edit Device": "Промени устройство",
-    "Edit Folder": "Промени папка",
+    "Edit Device": "Промяна на устройството",
+    "Edit Folder": "Промяна на папката",
     "Editing": "Променяне",
     "Enable NAT traversal": "Разреши NAT traversal",
     "Enable Relaying": "Разреши препращане",
-    "Enable UPnP": "Включи UPnP",
     "Enter comma separated  (\"tcp://ip:port\", \"tcp://host:port\") addresses or \"dynamic\" to perform automatic discovery of the address.": "Въведете адреси разделени със запетая (\"tcp://ip:port\", \"tcp://host:port\") или \"dynamic\", за да автоматично откриване на наличните адреси.",
     "Enter ignore patterns, one per line.": "Добави шаблони за игнориране, по един на ред.",
     "Error": "Грешка",
     "External File Versioning": "Външно управление на версиите",
     "Failed Items": "Неуспешни",
+    "Failure to connect to IPv6 servers is expected if there is no IPv6 connectivity.": "Неуспешна връзка към IPv6 сървъри може да се очаква ако няма IPv6 свързаност.",
     "File Pull Order": "Ред на сваляне",
     "File Versioning": "Версии на файловете",
     "File permission bits are ignored when looking for changes. Use on FAT file systems.": "Битовете за права за достъп ще бъдат игнорирани, когато се проверява за промени. Ползвайте за файлови системи тип FAT.",
+    "Files are moved to .stversions directory when replaced or deleted by Syncthing.": "Файловете биват преместени в .stversions папка, когато са заменен или изтрити от Syncthing.",
     "Files are moved to .stversions folder when replaced or deleted by Syncthing.": "Файловете биват преместени в .stversions папка, когато са заменен или изтрити от Syncthing.",
+    "Files are moved to date stamped versions in a .stversions directory when replaced or deleted by Syncthing.": "Когато syncthing замени или изтрие файл той се премества в  .stversions и преименува с набавени дата и час.",
     "Files are moved to date stamped versions in a .stversions folder when replaced or deleted by Syncthing.": "Когато syncthing замени или изтрие файл той се премества в  .stversions и преименува с набавени дата и час.",
     "Files are protected from changes made on other devices, but changes made on this device will be sent to the rest of the cluster.": "Защитава файловете от промени направени на други устройства, но промените направени на това устройство ще бъдат синхронизирани с останалите устройства.",
     "Folder": "Папка",
     "Folder ID": "Идентификатор на папката",
     "Folder Label": "Етикет на папката",
-    "Folder Master": "Главна папка",
     "Folder Path": "Път до папката",
     "Folder Type": "Вид папка",
     "Folders": "Папки",
@@ -81,9 +87,10 @@
     "GUI Authentication Password": "Парола за интерфейса",
     "GUI Authentication User": "Потребителско име за интерфейса",
     "GUI Listen Addresses": "Адрес за свързване с потребителския интерфейс",
+    "GUI Theme": "Тема за потребителския интефейс",
     "Generate": "Генерирай",
+    "Global Changes": "Глобални промени",
     "Global Discovery": "Глобално откриване",
-    "Global Discovery Server": "Сървър за глобално откриване",
     "Global Discovery Servers": "Сървъри за глобално откриване",
     "Global State": "Глобално състояние",
     "Help": "Помощ",
@@ -93,6 +100,7 @@
     "Ignore Permissions": "Игнорирай правата за достъп",
     "Incoming Rate Limit (KiB/s)": "Лимит на скоростта за сваляне (KiB/s)",
     "Incorrect configuration may damage your folder contents and render Syncthing inoperable.": "Неправилни настройки могат да повредят файловете и да попречат на синхронизирането.",
+    "Introduced By": "Предложен от",
     "Introducer": "Може да предлага други устройства",
     "Inversion of the given condition (i.e. do not exclude)": "Обратното на даденото условие (пр. не изключвай)",
     "Keep Versions": "Пази версии",
@@ -101,6 +109,8 @@
     "Last Scan": "Последно сканиран",
     "Last seen": "Последно видяно",
     "Later": "По-късно",
+    "Latest Change": "Последна промяна",
+    "Learn more": "Научете повече",
     "Listeners": "Синхронизиращи устройства",
     "Local Discovery": "Локално откриване",
     "Local State": "Локално състояние",
@@ -118,6 +128,7 @@
     "Newest First": "Първо най-новите",
     "No": "Не",
     "No File Versioning": "Без версии",
+    "No upgrades": "Няма обновления",
     "Normal": "Нормален",
     "Notice": "Известие",
     "OK": "ОК",
@@ -125,13 +136,16 @@
     "Oldest First": "Първо най-старите",
     "Optional descriptive label for the folder. Can be different on each device.": "Допълнително разяснеие за етикета на папката. Може да бъде различно всяко устройство.",
     "Options": "Настройки",
-    "Out of Sync": "Несинхронизирана",
+    "Out of Sync": "Несинхронизирано",
     "Out of Sync Items": "Несинхронизирани елементи",
     "Outgoing Rate Limit (KiB/s)": "Лимит на скорост за качване (KiB/s)",
     "Override Changes": "Наложи локалните промени",
+    "Path": "Път",
     "Path to the folder on the local computer. Will be created if it does not exist. The tilde character (~) can be used as a shortcut for": "Път до папката на това устройство. Ако не съществува ще бъде създадена. Символът тилда (~) може да бъде използван като заместител на",
+    "Path where versions should be stored (leave empty for the default .stversions directory in the shared folder).": "Пътят, където версиите да бъдат складирани(оставете празно за папката .stversions).",
     "Path where versions should be stored (leave empty for the default .stversions folder in the folder).": "Пътят, където версиите да бъдат складирани(остави празно за папката .stversions).",
     "Pause": "Пауза",
+    "Pause All": "Пауза на висчко",
     "Paused": "На пауза",
     "Please consult the release notes before performing a major upgrade.": "Моля прочети бележките по обновяването преди да започнеш.",
     "Please set a GUI Authentication User and Password in the Settings dialog.": "Моля задайте потребителско име и парола за потребителския интерфейс в секцията Настройки.",
@@ -141,26 +155,28 @@
     "Quick guide to supported patterns": "Бърз наръчник към поддържаните шаблони",
     "RAM Utilization": "Използван RAM",
     "Random": "Произволен",
-    "Relay Servers": "Препращащи сървъри",
-    "Relayed via": "Препратено през",
-    "Relays": "Препращачи",
+    "Reduced by ignore patterns": "Намалено посредством шаблон за игнориране",
     "Release Notes": "Бележки по обновяването",
+    "Release candidates contain the latest features and fixes. They are similar to the traditional bi-weekly Syncthing releases.": "Кандидат версиите съдържат най-новата функционалност и поправки. Те са близки до традиционните дву-седмични Synchthing обновления.",
     "Remote Devices": "Чужди устройства",
     "Remove": "Премахни",
     "Required identifier for the folder. Must be the same on all cluster devices.": "Задължителен идентификатор за тази папка. Трябва да бъде един и същ на всички устройства.",
     "Rescan": "Сканирай",
-    "Rescan All": "Сканирай всички",
+    "Rescan All": "Обнови всички",
     "Rescan Interval": "Интервал за повторно сканиране",
     "Restart": "Рестартирай",
     "Restart Needed": "Изисква се рестартиране",
     "Restarting": "Рестартиране",
     "Resume": "Пусни",
+    "Resume All": "Пускане на всичко",
     "Reused": "Повторно използван",
     "Save": "Запази",
     "Scan Time Remaining": "Оставащо време за сканиране",
     "Scanning": "Сканиране",
     "Select the devices to share this folder with.": "Изберете устройствата, с които да споделите папката.",
     "Select the folders to share with this device.": "Изберете папките за споделяне с това устройство.",
+    "Send & Receive": "Изпращане & получаване",
+    "Send Only": "Само изпращане",
     "Settings": "Настройки",
     "Share": "Сподели",
     "Share Folder": "Сподели папка",
@@ -168,7 +184,6 @@
     "Share With Devices": "Споделяне с устройства",
     "Share this folder?": "Сподели тази папка?",
     "Shared With": "Споделена с",
-    "Short identifier for the folder. Must be the same on all cluster devices.": "Идентификаторът на папката трябва да бъде еднакъв на всички устройства.",
     "Show ID": "Покажи идентификатора",
     "Show QR": "Покажи QR",
     "Shown instead of Device ID in the cluster status. Will be advertised to other devices as an optional default name.": "Покажи вместо идентификатор на устройството в статус на клъстъра. Ще бъде предлагано на други комютри като име по подразбиране.",
@@ -179,10 +194,13 @@
     "Single level wildcard (matches within a directory only)": "Маска на едно ниво (покрива само в папка)",
     "Smallest First": "Първо най-малките",
     "Source Code": "Сорс код",
+    "Stable releases and release candidates": "Стабилни версии и кандидати за стабилни версии",
+    "Stable releases are delayed by about two weeks. During this time they go through testing as release candidates.": "Стабилните версии са забавени с две седмици. През това време те преминават през тестване като бъдат кандидат версии.",
+    "Stable releases only": "Само стабилни версии",
     "Staggered File Versioning": "Наслагващи се версии",
     "Start Browser": "Стартирай браузъра",
     "Statistics": "Статистика",
-    "Stopped": "Без синхронизиране",
+    "Stopped": "Не се синхронизира",
     "Support": "Помощ",
     "Sync Protocol Listen Addresses": "Адрес за слушане на синхронизиращия протокол",
     "Syncing": "Синхронизиране",
@@ -194,16 +212,13 @@
     "Syncthing seems to be experiencing a problem processing your request. Please refresh the page or restart Syncthing if the problem persists.": "Syncthing има проблем при обработването на заявката. Моля, презаредете браузъра или рестартирайте Syncthing ако проблемът продължи.",
     "The Syncthing admin interface is configured to allow remote access without a password.": "Администраторския панел на Syncthing е настроен да приема дистанционни връзки без парола.",
     "The aggregated statistics are publicly available at the URL below.": "Сумарната статистика е публично достъпна на посочения по-долу адрес.",
-    "The aggregated statistics are publicly available at {%url%}.": "Сумарната статистика е публично достъпна на {{url}}.",
     "The configuration has been saved but not activated. Syncthing must restart to activate the new configuration.": "Конфигурацията е запазена, но не е активирана. Syncthing трябва да рестартира, за да се активира новата конфигурация.",
     "The device ID cannot be blank.": "Полето идентификатор на устройство не може да бъде празно.",
     "The device ID to enter here can be found in the \"Actions > Show ID\" dialog on the other device. Spaces and dashes are optional (ignored).": "Идентификатор на устройство за въвеждане тук, може да бъде намерен в \"Промени > Покажи идентификатора\" на другото устройство. Интервалите и тиретата са пожелание (биват прескачани).",
-    "The device ID to enter here can be found in the \"Edit > Show ID\" dialog on the other device. Spaces and dashes are optional (ignored).": "Идентификатор на устройство за въвеждане тук, може да бъде намерен в \"Промени > Покажи идентификатора\". Интервалите и тиретата са пожелание (биват прескачани).",
     "The encrypted usage report is sent daily. It is used to track common platforms, folder sizes and app versions. If the reported data set is changed you will be prompted with this dialog again.": "Криптираният доклад се изпраща ежедневно. Използва се, за отичане на ползваните платформи, размер на папки и версии на приложението. Ако събираните данни се променят, ще бъдете информиран с подобен на този диалог.",
     "The entered device ID does not look valid. It should be a 52 or 56 character string consisting of letters and numbers, with spaces and dashes being optional.": "Въведеният идентификатор на устройство не е валиден. Трябва да бъде 52 или 56 символа и да се състои от букви и цифри, като интервалите и тиретата са пожелание.",
     "The first command line parameter is the folder path and the second parameter is the relative path in the folder.": "Първият параметър за командата е пътя до папката, а вторият е релативния път в самата папка.",
     "The folder ID cannot be blank.": "Полето идентификатор на папка не може да бъде празно.",
-    "The folder ID must be a short identifier (64 characters or less) consisting of letters, numbers and the dot (.), dash (-) and underscode (_) characters only.": "Идентификаторът на папка трябва да бъде къс (64 символа или по-малко) състоящ се само от букви, цифри, точка (.), тире (-) и подчерта (_).",
     "The folder ID must be unique.": "Идентификаторът на папката тряба да бъде уникален.",
     "The folder path cannot be blank.": "Пътят до папката не може да бъде празен.",
     "The following intervals are used: for the first hour a version is kept every 30 seconds, for the first day a version is kept every hour, for the first 30 days a version is kept every day, until the maximum age a version is kept every week.": "Използва се следния интервал: за първия час се пази версия всеки 30 секунди, за първия ден се пази версия всеки час, за първите 30 дена се пази версия всеки ден, до максимума се пази една версия всяка седмица.",
@@ -222,30 +237,39 @@
     "This Device": "Вашето устройство",
     "This can easily give hackers access to read and change any files on your computer.": "Това дава лесен достъп на хакери да разглеждат и променят всякакви файлове на компютъра Ви.",
     "This is a major version upgrade.": "Това е нова основна версия.",
+    "Time": "Време",
     "Trash Can File Versioning": "Само на файловете в кошчето",
+    "Type": "Тип",
     "Unknown": "Неясно",
     "Unshared": "Несподелена",
     "Unused": "Неизползван",
-    "Up to Date": "Синхронизирана",
+    "Up to Date": "Синхронизирано",
     "Updated": "Обновено",
     "Upgrade": "Обнови",
     "Upgrade To {%version%}": "Обновен до {{version}}",
     "Upgrading": "Обновяване",
     "Upload Rate": "Скорост на качване",
     "Uptime": "Работи от",
+    "Usage reporting is always enabled for candidate releases.": "Докладът за ползването е винаги включен за кандидат нови версии.",
     "Use HTTPS for GUI": "Използвай HTTPS за потребителския интерфейс",
     "Version": "Версия",
     "Versions Path": "Път до версиите",
     "Versions are automatically deleted if they are older than the maximum age or exceed the number of files allowed in an interval.": "Версиите биват изтривани автоматично, когато са по-стари от максималната възраст или надминават броя файлове разрешени в даден интервал.",
+    "Warning, this path is a parent directory of an existing folder \"{%otherFolder%}\".": "Предупреждение, този път е по-горна директория на съществуващата папка \"{{otherFolder}}\".",
+    "Warning, this path is a parent directory of an existing folder \"{%otherFolderLabel%}\" ({%otherFolder%}).": "Предупреждение, този път е по-горна директория на съществуващата папка \"{{otherFolderLabel}}\" ({{otherFolder}}).",
     "Warning, this path is a subdirectory of an existing folder \"{%otherFolder%}\".": "Внимание, това е вътрешна папка на вече съществуваща папка \"{{otherFolder}}\".",
+    "Warning, this path is a subdirectory of an existing folder \"{%otherFolderLabel%}\" ({%otherFolder%}).": "Предупреждение, този път е под-директория на съществуващата папка \"{{otherFolderLabel}}\" ({{otherFolder}}).",
     "When adding a new device, keep in mind that this device must be added on the other side too.": "Когато добавяш ново устройство помни, че твоето устройство също трябва да бъде добавено от другата страна.",
     "When adding a new folder, keep in mind that the Folder ID is used to tie folders together between devices. They are case sensitive and must match exactly between all devices.": "Когато добавяш нов идентификатор на папка помни, че той се използва за свързване на папките на различни устройства. Главни/малки букви са от значение и трябва да са еднакви на всички устройства.",
     "Yes": "Да",
+    "You can change your choice at any time in the Settings dialog.": "Може да промените решението си по всяко време в прозореца Настройки.",
+    "You can read more about the two release channels at the link below.": "Може да научите допълнително за двата канала на версии, следвайки връзката по-долу.",
     "You must keep at least one version.": "Трябва да пазиш поне една версия.",
     "days": "дни",
+    "directories": "директории",
+    "files": "файла",
     "full documentation": "пълна документация",
     "items": "елемента",
     "{%device%} wants to share folder \"{%folder%}\".": "{{device}} желае да сподели папка \"{{folder}}\".",
-    "{%device%} wants to share folder \"{%folderLabel%}\" ({%folder%}).": "{{device}} желае е да сподели папка \"{{folderLabel}}\" ({{folder}}).",
     "{%device%} wants to share folder \"{%folderlabel%}\" ({%folder%}).": "{{device}} желае да сподели папка \"{{folderlabel}}\" ({{folder}})."
 }