* main: (32 commits)
cmd/syncthing: Implement generate as a subcommand with optional API credential setting (fixes#8021) (#8043)
lib/model: Correct "reverting folder" log entry
lib/model: Correct handling of fakefs cache
gui, lib: Fix tracking deleted locally-changed on encrypted (fixes#7715) (#7726)
lib/config: Move the bcrypt password hashing to GUIConfiguration (#8028)
lib/syncthing: Clean up / refactor LoadOrGenerateCertificate() utility function. (#8025)
lib/api: http.Request.BasicAuth instead of custom code (#8039)
Normalize CLI options to always use two dashes. (#8037)
gui: Display identicons for discovered device IDs. (#8022)
cmd/syncthing/cli: indexDumpSize doesn't need a heap (#8024)
lib/model: Optimize jobQueue performance and memory use (#8023)
lib/model: Limit the number of default hashers on Android (ref #2220)
lib/model: Set mod. time after writing trailer in shortcut (ref #7992)
lib/protocol: Simplify codeToError, errorToCode
lib/protocol: Eliminate nativeModel on Unix
gui: Add direct link to Ignore Patterns from folder panel (fixes#4293) (#7993)
gui: Translate theme names in settings (#8006)
lib/model: Pull when a new connection is established (fixes#8012) (#8013)
gui, man, authors: Update docs, translations, and contributors
gui, man, authors: Update docs, translations, and contributors
...
LoadOrGenerateCertificate() takes two file path arguments, but then
uses the locations package to determine the actual path. Fix that
with a minimally invasive change, by using the arguments instead.
Factor out GenerateCertificate().
The only caller of this function is cmd/syncthing, which passes the
same values, so this is technically a no-op.
* lib/tlsutil: Make storing generated certificate optional. Avoid
temporary cert and key files in tests, keep cert in memory.
Establish a connection over both TCP and QUIC and transmit a simple
message over it. Presumably this should weed out panics and crap from
the QUIC package at test time...
This adds a new config AllowedNetworks per device, which when set should
contain a list of network prefixes (192.168.0.0/126 etc) that are
allowed for the given device. The connection service will not attempt
connections to addresses outside of the given networks and incoming
connections will be rejected as well.
I've added the config to the normal device editor and shown it (when
set) in the device summary on the main screen.
There's a unit test for the IsAllowedNetwork method, I've done some
manual sanity testing on top of that.
GitHub-Pull-Request: https://github.com/syncthing/syncthing/pull/4073
The test for the error string is fragile, and the error string changed
in Go 1.8 so the relevant part is no longer a prefix. This covers it
with a test though, so it should be fine in the future as well.
GitHub-Pull-Request: https://github.com/syncthing/syncthing/pull/3818