trusted receive-only receives encrypted files from untrusted device

agyarjanos · February 27, 2025, 8:43pm

I have a folder shared between one untrusted and three trusted devices. It works very well, which is great.

But this only seems to work for a single folder on the untrusted device. I’ve seen this several times, using v1.29.2 on all devices. I’ll create a (second) folder on device A as send-only and share it with an untrusted machine U. Then I’ll add a second receive-only folder on a third (trusted) device T, and accept sharing initiated from both of the other devices. Or if I sync between two trusted devices first, then share with an untrusted device later, the same issue arises.

All seems well for a while–meaning minutes or hours–and then at some point encrypted versions of files from U will start showing up on T. Using the GUI on T will not purge local modifications. The only “fix” seems to be to stop T from sharing with U. Which does work, as T is then able to purge local modifications. Are untrusted folders not intended to be shared with multiple devices? Or only a single folder from a given device can do this?

Ideally I’d add the fourth trusted device to this web, but I never get that far.

Possibly relevant: I am using quic4 for all connections to U, as it’s on another continent and I get better performance with UDP than TCP with the lag (about 250ms).

Logs from T include many entries like this, which seem inappropriate:

2025-02-27 13:55:12 Puller (folder “devonhome” (5forz-ghxex), item “A.syncthing-enc/0H/DDP8PEQ68E4A1HU1V9O1OTNK2EMOU32FF8FF2R1J3EPSGCGOCCKB41ECFBVJ8QJAP2S3OHF39B9BK376V9U4BVREN06POPUQ90O55PFJR6R5LQ3BUUANEC2SEPHLAIEO2PIICI8LOAAVD196T9ANQLI07P49KU608UDLMNN9UUCDNPCBF8A6TR59PJ68FVDBP4FTJ”): syncing: no connected device has the required version of this file

and when attempting to purge local mods:

2025-02-27 13:55:16 Puller (folder “devonhome” (5forz-ghxex), item “9.syncthing-enc”): syncing: delete dir: remove /home/vlad/Sync/devonhome/9.syncthing-enc: directory not empty

agyarjanos · February 27, 2025, 8:49pm

Forgot to mention: the folder on device A is send-only. So it’s one send-only, one receive-only, and one receive-encrypted.

agyarjanos · February 27, 2025, 9:40pm

holy crud. unencrypted files showed up on the untrusted machines too (multiple trials; I just hadn’t looked for that before). so it’s as if both T and U were set to send/receive. Neither was.

agyarjanos · February 27, 2025, 11:20pm

Okay. I found a workaround. I’d tried pretty much all possible versions of sharing/unsharing and deleting files, and --reset-deltas, and all the other standard stuff. I’d get the global state doubling, tripling, whatever, everywhere but on the “send only” device. It was pretty broken. So here’s what I did:

Deleted all files on the untrusted machine (necessary? Dunno).
Created a folder on the untrusted machine with the same folder id I was using elsewhere. It finally showed 0 files/folders (earlier the db had apparently persisted info that was neither accurate nor helpful in spite of folder removal, and re-scanning did not help…maybe a separate issue, but not good).
Shared from both trusted devices
Profit!

So I don’t know what happened here, but it happened several times and my new rule is to create a folder on the untrusted device with the appropriate folder id before trying to share anything.

If this blows up, I’ll let you know. Otherwise, maybe this will help someone.

agyarjanos · February 28, 2025, 11:38am

This workaround has now worked for several folders shared between multiple devices. Something weird happens when sharing a folder to an untrusted device and also to trusted devices–I don’t know what it is. But creating an empty folder with the right ID first seems to resolve everything. YMMV; I think it’s interesting. And now Syncthing actually works for all the things I want to do.