Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Mac OS X support #15

Closed
rfjakob opened this issue Jan 4, 2016 · 121 comments
Closed

Mac OS X support #15

rfjakob opened this issue Jan 4, 2016 · 121 comments

Comments

@rfjakob
Copy link
Owner

rfjakob commented Jan 4, 2016

Go support Mac OS X, as does the FUSE library we use, go-fuse.

gocrypts may actually work out of the box on OSX, but there probably are small issues that have to be sorted out.

At the very least, gocryptfs has to be tested on OSX. As I do not have a Mac to test on, this would be an opportunity for somebody from the Mac community to step up. Please comment here if you are interested.

@hasit
Copy link

hasit commented Jan 6, 2016

I am interested in helping on this as much as I can. I will try to run it and comment back with what I find.

@rfjakob
Copy link
Owner Author

rfjakob commented Jan 6, 2016

Hi @hasit, great to hear that!

@netheril96
Copy link

One thing it might have omitted is encryption of extended attributes. OS X makes extensive usage of extended attributes. For example, when you download a file with Google Chrome or Safari, the file will be marked with its original URL. When I tried EncFS before, the encrypted file always had the same extended attributes as the decrypted one, and thereby the plaintext could be easily obtained. I suspect the encryption of extended attribute will never cross the mind of regular Linux folk.

@rfjakob
Copy link
Owner Author

rfjakob commented Jan 6, 2016 via email

@spaghetti2514
Copy link

Attempting to install on OS X 10.11.2 with go get github.com/rfjakob/gocryptfs, I get the following

# github.com/rfjakob/gocryptfs/cryptfs
.go/src/github.com/rfjakob/gocryptfs/cryptfs/openssl_aead.go:35: undefined: openssl.NewGCMEncryptionCipherCtx
.go/src/github.com/rfjakob/gocryptfs/cryptfs/openssl_aead.go:76: undefined: openssl.NewGCMDecryptionCipherCtx
# github.com/hanwen/go-fuse/fuse/nodefs
.go/src/github.com/hanwen/go-fuse/fuse/nodefs/files_darwin.go:5: imported and not used: "time"
.go/src/github.com/hanwen/go-fuse/fuse/nodefs/syscall.go:11: undefined: syscall.SYS_UTIMENSAT

@rfjakob
Copy link
Owner Author

rfjakob commented Jan 7, 2016 via email

@spaghetti2514
Copy link

@rfjakob OpenSSL 1.0.2e 3 Dec 2015

@spaghetti2514
Copy link

I should point out that this probably has more to do with
https://github.com/spacemonkeygo/openssl/blob/master/ciphers_gcm.go#L15
than my openssl version

Removing the ",!darwin" part of that line eliminates those two errors for me

@rfjakob
Copy link
Owner Author

rfjakob commented Jan 7, 2016

I guess the "!darwin" is because openssl was too old in an earlier OSX
version. But 1.0.2e is very recent, can you file a bug against
spacemonkeygo/openssl?

On Thu, Jan 7, 2016 at 1:34 AM, spaghetti2514 notifications@github.com
wrote:

I should point out that this probably has more to do with
https://github.com/spacemonkeygo/openssl/blob/master/ciphers_gcm.go#L15
than my openssl version

Removing the ",!darwin" part of that line eliminates those two errors for
me


Reply to this email directly or view it on GitHub
#15 (comment).

@spaghetti2514
Copy link

1.0.2e is very recent because I installed it very recently. It is not the native OS X openssl because the native OS X openssl no longer exists. Apple deprecated the use of openssl a long time ago in favor of their own crypto libs, and finally stopped shipping openssl completely in 10.11. OS X users that still build things against openssl tend to install it from homebrew, an unofficial package manager for OS X.

I am unsure if excluding OS X in the build process should be considered a bug, since the only reason it works for me is that I'm building openssl myself via homebrew.
On the other hand, there is no longer an official openssl shipped with OS X at all, so maybe that should be assumed.
Still want me to open a bug report?

@rfjakob
Copy link
Owner Author

rfjakob commented Jan 7, 2016 via email

@spaghetti2514
Copy link

I have filed a ticket.

What other two issues are you referring to? just the unused time import and SYS_UTIMENSAT problems in go-fuse?

I think we'll run into other problems after that, as commenting some of that out to try to get farther along in the build reveals other build errors, but I can't be certain that they're not being caused by the way I'm stepping around previous errors.
Would you like me to wait until you've properly fixed the SYS_UTIMENSAT issue before checking for other errors?

@rfjakob
Copy link
Owner Author

rfjakob commented Jan 7, 2016

Yes, just the two in go-fuse. Commenting them out should be fine. Later
build problems are probably real, what do you get?
On Jan 7, 2016 02:23, "spaghetti2514" notifications@github.com wrote:

I have filed a ticket.

What other two issues are you referring to? just the unused time import
and SYS_UTIMENSAT problems in go-fuse?

I think we'll run into other problems after that, as commenting some of
that out to try to get farther along in the build reveals other build
errors, but I can't be certain that they're not being caused by the way I'm
stepping around previous errors.
Would you like me to wait until you've properly fixed the SYS_UTIMENSAT
issue before checking for other errors?


Reply to this email directly or view it on GitHub
#15 (comment).

@spaghetti2514
Copy link

After bypassing SYS_UTIMENSAT in syscall.go I get

# github.com/hanwen/go-fuse/fuse/pathfs
.go/src/github.com/hanwen/go-fuse/fuse/pathfs/loopback.go:140: undefined: sysUtimensat
.go/src/github.com/hanwen/go-fuse/fuse/pathfs/loopback.go:140: undefined: _AT_SYMLINK_NOFOLLOW

After commenting out line 140 in loopback.go and changing the return err to return 0, I get

# github.com/rfjakob/gocryptfs/pathfs_frontend
.go/src/github.com/rfjakob/gocryptfs/pathfs_frontend/file.go:213: undefined: syscall.Fallocate

After replacing line 213 in file.go with err = syscall.EINTR, the build succeeds.

@rfjakob
Copy link
Owner Author

rfjakob commented Jan 7, 2016

Ok, I hope I have fixed all of this, but I do not have a Mac to test on. @spaghetti2514 , can you

  1. "git pull" in gocryptfs
  2. Replace hanwen/go-fuse with my branch that has the OSX build fix: https://github.com/rfjakob/go-fuse . I will get it upstream once you confirm it fixes the issue (and works).

@spaghetti2514
Copy link

@rfjakob

go-fuse/fuse/nodefs/files_darwin.go:74: cannot use int64(t.Nanosecond() / 1000) (type int64) as type int32 in assignment

Edit: bypassing that leads to

go-fuse/fuse/pathfs/loopback_darwin.go:44: syntax error: unexpected name, expecting )

@rfjakob
Copy link
Owner Author

rfjakob commented Jan 8, 2016

Thanks, should be fixed, please pull go-fuse.

@spaghetti2514
Copy link

# github.com/rfjakob/go-fuse/fuse/pathfs
.go/src/github.com/rfjakob/go-fuse/fuse/pathfs/loopback_darwin.go:33: undefined: time in time.Time
.go/src/github.com/rfjakob/go-fuse/fuse/pathfs/loopback_darwin.go:42: undefined: time in time.Time
.go/src/github.com/rfjakob/go-fuse/fuse/pathfs/loopback_darwin.go:56: undefined: f in f.lock
.go/src/github.com/rfjakob/go-fuse/fuse/pathfs/loopback_darwin.go:58: undefined: f in f.lock

@spaghetti2514
Copy link

Other various things

go-fuse/fuse/pathfs/loopback_darwin.go:35: cannot use int64(t.Nanosecond() / 1000) (type int64) as type int32 in assignment
gocryptfs/pathfs_frontend/compat_darwin.go:3: imported and not used: "syscall"
gocryptfs/pathfs_frontend/compat_darwin.go:13: missing return at end of function

@rfjakob
Copy link
Owner Author

rfjakob commented Jan 9, 2016

Ok, I need a cross compiler ;)
I will get back to you once I have it building.

@rfjakob
Copy link
Owner Author

rfjakob commented Jan 9, 2016

Turns out that for cross compilation to work, I would need the C header files from OSX, because go-fuse uses cgo. And to get those, I'd have to extract them from XCode on a running OSX machine. OMG.

@spaghetti2514 : The things you have reported should be fixed, please pull. If you still have the patience, I think we are done soon.

@hasit
Copy link

hasit commented Jan 9, 2016

I can confirm the same error. Following is the output I get on my MacBook Pro (Retina, 13-inch, Late 2013) OSX El Capitan version 10.11.2 .

# github.com/hanwen/go-fuse/fuse/nodefs
go/src/github.com/hanwen/go-fuse/fuse/nodefs/files_darwin.go:5: imported and not used: "time"
go/src/github.com/hanwen/go-fuse/fuse/nodefs/syscall.go:11: undefined: syscall.SYS_UTIMENSAT
# github.com/spacemonkeygo/openssl
go/src/github.com/spacemonkeygo/openssl/bio.go:21:10: fatal error: 'openssl/bio.h' file not found
#include <openssl/bio.h>
         ^
1 error generated.

@rfjakob
Copy link
Owner Author

rfjakob commented Jan 9, 2016 via email

@spaghetti2514
Copy link

@rfjakob Build succeeds with latest changes

@rfjakob
Copy link
Owner Author

rfjakob commented Jan 9, 2016

Great. Pushed to upstream as hanwen/go-fuse#89 .

./test.bash ?

@spaghetti2514
Copy link

ok      github.com/rfjakob/gocryptfs/cryptfs    1.886s
gocryptfs v0.7.1; on-disk format 2
remove /tmp/gocryptfs_main_test//TestExampleFsV04: resource busy
FAIL    github.com/rfjakob/gocryptfs/integration_tests  0.055s

Edit: That was caused by running the script twice when the first one failed to unmount any of the temporary filesystems. After unmounting the filesystems in /tmp and trying again I got

ok      github.com/rfjakob/gocryptfs/cryptfs    1.828s
gocryptfs v0.7.1; on-disk format 2
--- FAIL: TestExampleFSv04 (0.96s)
    example_filesystems_test.go:21: open /tmp/gocryptfs_main_test/TestExampleFsV04/status.txt: no such file or directory
--- FAIL: TestExampleFSv05 (0.14s)
    example_filesystems_test.go:21: open /tmp/gocryptfs_main_test/TestExampleFsV05/status.txt: no such file or directory
--- FAIL: TestExampleFSv06 (0.12s)
    example_filesystems_test.go:21: open /tmp/gocryptfs_main_test/TestExampleFsV06/status.txt: no such file or directory
--- FAIL: TestExampleFSv06PlaintextNames (0.10s)
    example_filesystems_test.go:21: open /tmp/gocryptfs_main_test/TestExampleFsV06PlaintextNames/status.txt: no such file or directory
exec: "fusermount": executable file not found in $PATH
exit status 10
FAIL    github.com/rfjakob/gocryptfs/integration_tests  3.267s

fusermount is linux-specific by the way. Normal umount works fine for fuse filesystems on OS X

@spaghetti2514
Copy link

@rfjakob The OS X issue at spacemonkeygo/openssl has not been addressed at all in months.
Would you consider forking it, making the small change yourself, and having gocryptfs depend on your fork instead? Considering how infrequently changes are made to the repo, it shouldn't be much effort at all for you to "maintain" and would allow you to address issues like this much more efficiently.

@teras
Copy link

teras commented Dec 19, 2017

@alexanderharm I got this message when I use the application:
2017-12-19 16-32-50

@alexanderharm
Copy link

alexanderharm commented Dec 19, 2017

@teras: When did you get this message? I believe this is related to the installation of osxfuse since Benjamin Fleischer is one of the authors: https://osxfuse.github.io/.

If you feel more comfortable you can also download and install osxfuse from this website and then install only gocryptfs via brew.

@teras
Copy link

teras commented Dec 19, 2017

Everything went smooth up to the time I typed
gocryptfs cipher plain
(from the demo instructions on the site).

The second time I typed them, no message was displayed, only failing:
fuse.NewServer failed: exit status 1
Maybe you should run: /Library/Filesystems/osxfuse.fs/Contents/Resources/load_osxfuse

Now, I tried what you said. Indeed the installer asked me to open Settings - I did so but there was no option to allow anything.
Since I am using OSX High Sierra, maybe they changed something there?

@alexanderharm
Copy link

@teras: Normally it should work. Did you brew cask uninstall osxfuse before? Do you have the FUSE preference pane?

@alexanderharm
Copy link

@teras: Under Security & Privacyyou need to tick the option Allow apps downloaded from: App Store and identified developers. It sounds like you are using App Store only.

@teras
Copy link

teras commented Dec 19, 2017

@alexanderharm Indeed this is the case. It seems to work now. Thank you

@alexanderharm
Copy link

As of today there is a Homebrew formula for gocryptfs.

Install brew and type brew install gocryptfs.

@agarbato
Copy link

Just updated my macos to Catalina and gocryptfs does not work anymore :-(
gocryptfs installed with brew. Used to work before the update.

➜ ~ gocryptfs src dest
Password:
Decrypting master key
fuse.NewServer failed: exit status 2
Maybe you should run: /Library/Filesystems/osxfuse.fs/Contents/Resources/load_osxfuse

@agarbato
Copy link

I got it fixed after installing osxfuse.
I guess the update deleted it?
brew cask install osxfuse

@ijoseph
Copy link

ijoseph commented Mar 3, 2020

Seconding @agarbato . Stopped working when I updated to Catalina.brew install gocryptfs didn't do anything (even when I forced a reinstall). However, brew cask install osxfuse fixed it.

@Jumanjii
Copy link

For those that already had fuse installed before, doing brew reinstall osxfuse solved the issue in my case.

@cocoonkid
Copy link

cocoonkid commented Apr 14, 2021

brew install gocryptfs
Error: gocryptfs has been disabled because it requires FUSE!

But I have macFUSE installed 4.10 @ BigSour.

What could the issue be?

@JayBrown
Copy link

macFUSE is closed source, and therefore Homebrew is blocking all formulae that depend on it.

@alexanderharm
Copy link

alexanderharm commented Apr 14, 2021

This could be fixed, see e. g. https://github.com/borgbackup/homebrew-tap/blob/master/Formula/borgbackup-fuse.rb, no?

Unfortunately this requires maintaining your own tap. So if you create a repo named homebrew-gocryptfs I could submit a pr.

@cocoonkid
Copy link

@JayBrown thank you for the explanation.

@rfjakob
Copy link
Owner Author

rfjakob commented Apr 18, 2021

Excuse my ignorance, but doesn't homebrew also include lots of closed-source stuff like Microsoft Office?

@cocoonkid
Copy link

@rfjakob yes as casks. most recent command e.g. brew install --cask <appname>

@rfjakob
Copy link
Owner Author

rfjakob commented May 3, 2021

Ok. I see that macfuse is available as a cask: https://formulae.brew.sh/cask/macfuse
So if gocryptfs becomes a cask that would solve the problem?

@JayBrown
Copy link

JayBrown commented May 3, 2021

Yes, that would probably work. But I assume you would need to pre-build gocryptfs for macOS then… as a Universal 2 binary for arm64 & x86_64.

@litori
Copy link

litori commented May 4, 2021

Anyway we can get gocryptfs to work with Macfuse 4.1 for the M1? We have no way to use the old osxfuse since Big Sur does not support it.

@dsuievalov
Copy link

@litori

  1. Install Macfuse
  2. Install go
  3. Download / Clone this repository
  4. Run bash ./build-without-openssl.bash which will produce the gocryptfs binary without openssl libs support (bad performance on M1);
  5. Add ${HOME}/go/bin/gocryptfs to your PATH variable: PATH="${PATH}:${HOME}/go/bin/gocryptfs"

More details in a correspondence - #556

@MarcelBochtler
Copy link
Contributor

MarcelBochtler commented Jun 19, 2021

gocryptfs can now also be installed using MacPorts.
It installs macfuse and macports (by default without openssl) for you.

sudo port install gocryptfs

This should work out of the box for Intel as well as for M1 Macs.

@AlexBasile123
Copy link

M1 has an issue w/ pandoc dependency. Please advise.

% sudo port install gocryptfs
Password:
---> Computing dependencies for gocryptfs
Error: Cannot install gocryptfs for the arch 'arm64' because
Error: its dependency pandoc only supports the arch 'x86_64'.
Error: Follow https://guide.macports.org/#project.tickets if you believe there is a bug.
Error: Processing of port gocryptfs failed

@rfjakob
Copy link
Owner Author

rfjakob commented Nov 21, 2021

pandoc is only needed to generate the man page, gocryptfs itself does not need it

@MarcelBochtler
Copy link
Contributor

M1 has an issue w/ pandoc dependency. Please advise.

Hi @AlexBasile123, unfortunately pandoc does not provide an arm64 release yet (See: jgm/pandoc#6960)
I'll look into the gocryptfs port to remove the dependency for M1 Macs for now.

@MarcelBochtler
Copy link
Contributor

Fixed the build for M1 Macs.
See: macports/macports-ports#13069

@AlexBasile123
Copy link

pandoc is only needed to generate the man page, gocryptfs itself does not need it

Thanks @rfjakob for quick feedback!

@AlexBasile123
Copy link

Thanks @MarcelBochtler for getting the fix out so quickly! The change is working on M1 now

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests