Merge branch 'release/2.7.0'

.github/dependabot.yml

@@ -19,6 +19,7 @@ updates:
           - "org.apache.maven.plugins:*"
           - "org.jacoco:jacoco-maven-plugin"
           - "org.owasp:dependency-check-maven"
+          - "me.fabriciorby:maven-surefire-junit5-tree-reporter"
       java-production-dependencies:
         patterns:
           - "*"
@@ -30,6 +31,7 @@ updates:
           - "org.mockito:*"
           - "org.hamcrest:*"
           - "com.google.jimfs:jimfs"
+          - "me.fabriciorby:maven-surefire-junit5-tree-reporter"
 
 
   - package-ecosystem: "github-actions"

.github/workflows/build.yml

@@ -1,6 +1,8 @@
 name: Build
 on:
-  [push]
+  push:
+  pull_request_target:
+    types: [labeled]
 jobs:
   build:
     name: Build and Test
@@ -12,7 +14,7 @@ jobs:
            show-progress: false
       - uses: actions/setup-java@v4
         with:
-          java-version: 17
+          java-version: 21
           distribution: 'temurin'
           cache: 'maven'
       - name: Cache SonarCloud packages
@@ -42,8 +44,8 @@ jobs:
           path: target/*.jar
       - name: Create release
         if: startsWith(github.ref, 'refs/tags/')
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@v2
         with:
           token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
           generate_release_notes: true
-          prerelease: true
+          prerelease: true

.github/workflows/codeql-analysis.yml

@@ -22,7 +22,7 @@ jobs:
         show-progress: false
     - uses: actions/setup-java@v4
       with:
-        java-version: 17
+        java-version: 21
         distribution: 'temurin'
         cache: 'maven'
     - name: Initialize CodeQL

.github/workflows/dependency-check.yml

@@ -14,7 +14,7 @@ jobs:
     with:
       runner-os: 'ubuntu-latest'
       java-distribution: 'temurin'
-      java-version: 17
+      java-version: 21
     secrets:
       nvd-api-key: ${{ secrets.NVD_API_KEY }}
       slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}

.github/workflows/publish-central.yml

@@ -16,14 +16,12 @@ jobs:
           show-progress: false
       - uses: actions/setup-java@v4
         with:
-          java-version: 17
+          java-version: 21
           distribution: 'temurin'
           cache: 'maven'
           server-id: ossrh # Value of the distributionManagement/repository/id field of the pom.xml
           server-username: MAVEN_USERNAME # env variable for username in deploy
           server-password: MAVEN_PASSWORD # env variable for token in deploy
-          gpg-private-key: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
-          gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
       - name: Enforce project version ${{ github.event.inputs.tag }}
         run: mvn versions:set -B -DnewVersion=${{ github.event.inputs.tag }}
       - name: Deploy
@@ -36,4 +34,5 @@ jobs:
             --add-opens=java.desktop/java.awt.font=ALL-UNNAMED
           MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
           MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
-          MAVEN_GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
+          MAVEN_GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
+          MAVEN_GPG_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} # Value of the GPG private key to import

.github/workflows/publish-github.yml

@@ -12,18 +12,17 @@ jobs:
           show-progress: false
       - uses: actions/setup-java@v4
         with:
-          java-version: 17
+          java-version: 21
           distribution: 'temurin'
           cache: 'maven'
-          gpg-private-key: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
-          gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
       - name: Enforce project version ${{ github.event.release.tag_name }}
         run: mvn versions:set -B -DnewVersion=${{ github.event.release.tag_name }}
       - name: Deploy
         run: mvn deploy -B -DskipTests -Psign,deploy-github --no-transfer-progress
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           MAVEN_GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
+          MAVEN_GPG_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
       - name: Slack Notification
         uses: rtCamp/action-slack-notify@v2
         env:

README.md

@@ -6,6 +6,7 @@
 [![Known Vulnerabilities](https://snyk.io/test/github/cryptomator/cryptofs/badge.svg)](https://snyk.io/test/github/cryptomator/cryptofs)
 
 **CryptoFS:** Implementation of the [Cryptomator](https://github.com/cryptomator/cryptomator) encryption scheme.
+For more info about the encryption scheme, read the [docs](https://docs.cryptomator.org/en/latest/security/vault/).
 
 ## Features
 
@@ -98,7 +99,7 @@ For more details on how to use the constructed `FileSystem`, you may consult the
 
 ### Dependencies
 
-* Java 17
+* Java 21
 * Maven 3
 
 ### Run Maven

pom.xml

@@ -2,7 +2,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.cryptomator</groupId>
 	<artifactId>cryptofs</artifactId>
-	<version>2.6.9</version>
+	<version>2.7.0</version>
 	<name>Cryptomator Crypto Filesystem</name>
 	<description>This library provides the Java filesystem provider used by Cryptomator.</description>
 	<url>https://github.com/cryptomator/cryptofs</url>
@@ -15,27 +15,27 @@
 
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-		<maven.compiler.release>17</maven.compiler.release>
+		<maven.compiler.release>21</maven.compiler.release>
 
 		<!-- dependencies -->
-		<cryptolib.version>2.1.2</cryptolib.version>
+		<cryptolib.version>2.2.0</cryptolib.version>
 		<jwt.version>4.4.0</jwt.version>
-		<dagger.version>2.49</dagger.version>
-		<guava.version>32.1.3-jre</guava.version>
+		<dagger.version>2.51.1</dagger.version>
+		<guava.version>33.2.1-jre</guava.version>
 		<caffeine.version>3.1.8</caffeine.version>
-		<slf4j.version>2.0.12</slf4j.version>
+		<slf4j.version>2.0.13</slf4j.version>
 
 		<!-- test dependencies -->
-		<junit.jupiter.version>5.10.2</junit.jupiter.version>
-		<mockito.version>5.2.0</mockito.version>
-		<hamcrest.version>2.2</hamcrest.version>
+		<junit.jupiter.version>5.10.3</junit.jupiter.version>
+		<mockito.version>5.12.0</mockito.version>
+		<hamcrest.version>3.0</hamcrest.version>
 		<jimfs.version>1.3.0</jimfs.version>
 
 		<!-- build plugin dependencies -->
-		<dependency-check.version>9.0.9</dependency-check.version>
-		<junit-tree-reporter.version>1.2.1</junit-tree-reporter.version>
-		<jacoco.version>0.8.11</jacoco.version>
-		<nexus-staging.version>1.6.13</nexus-staging.version>
+		<dependency-check.version>10.0.3</dependency-check.version>
+		<junit-tree-reporter.version>1.3.0</junit-tree-reporter.version>
+		<jacoco.version>0.8.12</jacoco.version>
+		<nexus-staging.version>1.7.0</nexus-staging.version>
 	</properties>
 
 	<licenses>
@@ -114,7 +114,7 @@
 		</dependency>
 		<dependency>
 			<groupId>org.mockito</groupId>
-			<artifactId>mockito-inline</artifactId>
+			<artifactId>mockito-core</artifactId>
 			<version>${mockito.version}</version>
 			<scope>test</scope>
 		</dependency>
@@ -143,7 +143,7 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-compiler-plugin</artifactId>
-				<version>3.12.1</version>
+				<version>3.13.0</version>
 				<configuration>
 					<showWarnings>true</showWarnings>
 					<annotationProcessorPaths>
@@ -158,7 +158,7 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-surefire-plugin</artifactId>
-				<version>3.2.5</version>
+				<version>3.3.1</version>
 				<dependencies>
 					<dependency>
 						<groupId>me.fabriciorby</groupId>
@@ -181,11 +181,11 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-jar-plugin</artifactId>
-				<version>3.3.0</version>
+				<version>3.4.2</version>
 			</plugin>
 			<plugin>
 				<artifactId>maven-source-plugin</artifactId>
-				<version>3.3.0</version>
+				<version>3.3.1</version>
 				<executions>
 					<execution>
 						<id>attach-sources</id>
@@ -197,7 +197,7 @@
 			</plugin>
 			<plugin>
 				<artifactId>maven-javadoc-plugin</artifactId>
-				<version>3.6.3</version>
+				<version>3.8.0</version>
 				<executions>
 					<execution>
 						<id>attach-javadocs</id>
@@ -252,7 +252,7 @@
 							<skipTestScope>true</skipTestScope>
 							<detail>true</detail>
 							<suppressionFile>suppression.xml</suppressionFile>
-							<nvdApiKey>${env.NVD_API_KEY}</nvdApiKey>
+							<nvdApiKeyEnvironmentVariable>NVD_API_KEY</nvdApiKeyEnvironmentVariable>
 						</configuration>
 						<executions>
 							<execution>
@@ -300,7 +300,7 @@
 				<plugins>
 					<plugin>
 						<artifactId>maven-gpg-plugin</artifactId>
-						<version>3.1.0</version>
+						<version>3.2.4</version>
 						<executions>
 							<execution>
 								<id>sign-artifacts</id>
@@ -309,10 +309,7 @@
 									<goal>sign</goal>
 								</goals>
 								<configuration>
-									<gpgArguments>
-										<arg>--pinentry-mode</arg>
-										<arg>loopback</arg>
-									</gpgArguments>
+									<signer>bc</signer>
 								</configuration>
 							</execution>
 						</executions>

src/main/java/module-info.java

@@ -19,6 +19,7 @@
 	// https://github.com/javax-inject/javax-inject/issues/33
 	// May be provided by another lib during runtime
 	requires static javax.inject;
+	requires java.compiler;
 
 	exports org.cryptomator.cryptofs;
 	exports org.cryptomator.cryptofs.common;

src/main/java/org/cryptomator/cryptofs/attr/CryptoBasicFileAttributeView.java

@@ -48,10 +48,10 @@ public BasicFileAttributes readAttributes() throws IOException {
 	@Override
 	public void setTimes(FileTime lastModifiedTime, FileTime lastAccessTime, FileTime createTime) throws IOException {
 		readonlyFlag.assertWritable();
-		getCiphertextAttributeView(BasicFileAttributeView.class).setTimes(lastModifiedTime, lastAccessTime, createTime);
 		if (lastModifiedTime != null) {
 			getOpenCryptoFile().ifPresent(file -> file.setLastModifiedTime(lastModifiedTime));
 		}
+		getCiphertextAttributeView(BasicFileAttributeView.class).setTimes(lastModifiedTime, lastAccessTime, createTime);
 	}
 
 }

src/main/java/org/cryptomator/cryptofs/ch/ChannelCloseListener.java

@@ -1,11 +1,9 @@
 package org.cryptomator.cryptofs.ch;
 
 
-import java.io.IOException;
-
 @FunctionalInterface
 public interface ChannelCloseListener {
 
-	void closed(CleartextFileChannel channel) throws IOException;
+	void closed(CleartextFileChannel channel);
 
 }

src/main/java/org/cryptomator/cryptofs/ch/CleartextFileChannel.java

@@ -29,6 +29,8 @@
 import java.nio.file.attribute.BasicFileAttributeView;
 import java.nio.file.attribute.FileTime;
 import java.time.Instant;
+import java.util.Iterator;
+import java.util.List;
 import java.util.concurrent.atomic.AtomicLong;
 import java.util.concurrent.atomic.AtomicReference;
 import java.util.concurrent.locks.ReadWriteLock;
@@ -233,7 +235,8 @@ private void forceInternal(boolean metaData) throws IOException {
 	 *
 	 * @throws IOException
 	 */
-	private void flush() throws IOException {
+	@VisibleForTesting
+	void flush() throws IOException {
 		if (isWritable()) {
 			writeHeaderIfNeeded();
 			chunkCache.flush();
@@ -322,20 +325,38 @@ long beginOfChunk(long cleartextPos) {
 
 	@Override
 	protected void implCloseChannel() throws IOException {
+		var closeActions = List.<CloseAction>of(this::flush, //
+				super::implCloseChannel, //
+				() -> closeListener.closed(this), //
+				ciphertextFileChannel::close, //
+				this::tryPersistLastModified);
+		tryAll(closeActions.iterator());
+	}
+
+	private void tryPersistLastModified() {
 		try {
-			flush();
-			ciphertextFileChannel.force(true);
+			persistLastModified();
+		} catch (NoSuchFileException nsfe) {
+			//no-op, see https://github.com/cryptomator/cryptofs/issues/169
+		} catch (IOException e) {
+			LOG.warn("Failed to persist last modified timestamp for encrypted file: {}", e.getMessage());
+		}
+	}
+
+	private void tryAll(Iterator<CloseAction> actions) throws IOException {
+		if (actions.hasNext()) {
 			try {
-				persistLastModified();
-			} catch (NoSuchFileException nsfe) {
-				//no-op, see https://github.com/cryptomator/cryptofs/issues/169
-			} catch (IOException e) {
-				//only best effort attempt
-				LOG.warn("Failed to persist last modified timestamp for encrypted file: {}", e.getMessage());
+				actions.next().run();
+			} finally {
+				tryAll(actions);
 			}
-		} finally {
-			super.implCloseChannel();
-			closeListener.closed(this);
 		}
 	}
+
+	@FunctionalInterface
+	private interface CloseAction {
+
+		void run() throws IOException;
+	}
+
 }

src/main/java/org/cryptomator/cryptofs/fh/ChunkIO.java

@@ -52,21 +52,11 @@ int write(ByteBuffer src, long position) throws IOException {
 	}
 
 	private FileChannel getReadableChannel() {
-		Iterator<FileChannel> iter = readableChannels.iterator();
-		if (iter.hasNext()) {
-			return iter.next();
-		} else {
-			throw new NonReadableChannelException();
-		}
+		return readableChannels.stream().findFirst().orElseThrow(NonReadableChannelException::new);
 	}
 
 	private FileChannel getWritableChannel() {
-		Iterator<FileChannel> iter = writableChannels.iterator();
-		if (iter.hasNext()) {
-			return iter.next();
-		} else {
-			throw new NonWritableChannelException();
-		}
+		return writableChannels.stream().findFirst().orElseThrow(NonWritableChannelException::new);
 	}
 
 }