gocryptfs on macOS BigSur, Apple M1 #556
Comments
|
I would like to add the following thoughts:
thanks ! |
|
Issue being discussed here issue 15 |
|
I suggest the following: (1) Uninstall osxfuse. You must have macfuse 4.x for this to work on M1. |
|
Anyone have instructions on getting it to work with Macfuse on the M1? |
Disclaimer: Didn't test this on a M1 Macbook. But it should work. |
|
Thanks! got it to work on the m1. Greatly appreciated |
M1 MacBook Air with Big Sur gets the following output:
|
|
@Ashaman- just try giving pkgconfig the proper paths and building again. this worked for me: |
|
You can also just run and skip the optional dependency on openssl. I think it does not give you a speed advantage on the Apple M1, but maybe someone who built with openssl can post their |
|
Ah, thanks for the info @rfjakob. edit/update: |
|
Wow! Added to https://github.com/rfjakob/gocryptfs/wiki/CPU-Benchmarks#apple-m1-launch-q42020 , thanks! Looks like
I suggest to always compile with on the Apple M1. Using OpenSSL makes no sense here. |
|
(3) is fixed now via 1d2ac1e |
I followed these steps on an Intel MacBook and now my gocryptfs is entirely broken. I installed the latest version of macFUSE (4.1.2), cloned the gocryptfs repository, checked out the latest stable tag (v2.0.1), built gocryptfs and mounted an encrypted directory. Bad mistake. Now the system.log gets spammed with "go-fuse: using reserved ID 1 for inode number" and then the mounted folder disappears and becomes unaccessible. When I look at the encrypted folder, I see a lot of files with 0 Bytes in size. When I delete these files from the encrypted folder, the error message disappears for some time, until it arises again after mounting and opening a directory. I also cannot mount the file system as read-only anymore, as this results now in the error message Running the suggested line does nothing. Now my entire setup is broken and gocryptfs does not work anymore. How can I mitigate this? Edit: I also tried older versions of macFUSE, right now I have FUSE 3.11.2, but to no avail. Edit2: I just discovered, that it happens whenever there's a write access to the mounted volume. When I open the volume in the Finder app, it tries to create a file called .DS_Store and fails. The same happens when I use the Terminal and |
|
So, I started debugging a bit and got the following: So I started git bisect with v1.8.0 as good and v2.0.1 as bad.
The problem was, that a few commits between the tagged ones mentioned above did not compile, and a few others did not let me mount the directory (error message: "fs.Mount failed: operation not permitted") so I cannot say whether it was the same error, but: Everything up to 3b61244 works as expected. I'm not sure whether this is enough information. Maybe I should open a new issue? |
|
Could you test if the loopback example works? Just run "go build" here and you get the loopback binary: https://github.com/hanwen/go-fuse/tree/master/example/loopback I wonder if the go-fuse v2 library is broken on macos |
That works just fine. I also discovered that everything works if I just create and initialize a new directory, and then mount that. The "go-fuse: using reserved ID 1 for inode number" message only shows up for directories that already existed in the past. Up until yesterday I used gocryptfs from homebrew (1.8.0), but it didn't receive updates anymore, so I followed this thread. Then I uninstalled Boxcryptor and FUSE 3.11, installed macFUSE 4, cloned the gocryptfs-repository and then the problems started (apparently only with the legacy directories). Maybe I need to reinstall macOS. -.- |
|
Reinstalling macOS won't be necessary I hope :) (1) Before the (2) Can you show a |
Unfortunately there are no error messages or panics in the system.log. I have I mount the directory and directly execute Result from gocryptfs
🤦 I just realized, that these are the files that I created with I repeated the above, but instead of Output from the command: Output from gocryptfs Afterwards, I have two new, encrypted but empty, files in the outer volume: Both are empty, the one with the shorter name is expected to be, though. |
|
Ok, thanks, looks like I broke file creation on macos. |
|
Well, people who still use Homebrew are still at version 1.8.0 and FUSE 3.11, a combination that seems to work fine. I wonder how these M1 people get it done with the latest version and macFUSE 4? 🤔 Can this be caused by this old version of FUSE? |
|
My guess at the moment is that gocryptfs v2.x is completely broken on macos (with all macfuse versions). However, macfuse should have no influence at all on compiling, what error do you get? |
That is not correct. I'm using it installed via macports on my Intel MBP from 2019 using macfuse version 4.1.2. Edit: Before adding it to macports, I was compiling it manually and this was also working (gocryptfs 2.x). |
I don't remember the specific message; Maybe that was something else and I stopped too soon. I'll test macFUSE 4 again, but for that I must first uninstall FUSE 3.11 and I need the drive right now. |
Maybe I should just reinstall my OS. :D |
|
I tested with macFUSE 4.1.2. With With macFUSE 4 the file was move to With So I'll just stick with gocryptfs 1.8.0 and FUSE 3.11 for a while. Interestingly this only happens with my legacy directory, but not with newly created ones, no matter whether I create them with gocryptfs v1.8.0 or v2.0.1. Maybe one of the files in that directory has this bad inode id and the old versions don't care about this? |
This is very strange. Do old and new have their encrypted directories on the same filesystem? |
Ah, now we're getting closer. The legacy directory that has this problem lives on an external SSD, which is formatted with exFAT. On the file system itself, I now have a file with inode 1: According to macOS's 'Disk Utility', the exFAT file system is healthy. I have some Linux machine at work. I'll check again there and will report again. |
|
Wow, the macos exfat driver actually reports inode number 1. But why doesn't gocryptfs.conf or gocryptfs.diriv get 1? Or do they, for a second, and then it changes to something higher? |
I have no idea.
Can I somehow test for that? I haven't had access to a Linux machine yet, so I couldn't test for it. I'll set up some virtualbox later that day and check how an up to date Linux handles this. |
|
I would just try and see what says on exfat. What linux does on exfat is also interesting, but i can test myself easily. In any case, macos does use inode number 1 and there is nothing inherently wrong with that, so i will add a workaround in gocryptfs (probably next week) |
|
PS: could you open a new ticket just for the inode 1 issue so I can reference it in the commit later? |
ghost
mentioned this issue
|
I bumped into this problem after updating to OSX 11.5.1 |
|
Ran on MacBook Pro (14-inch, 2021) M1 Pro with 16GB $ gocryptfs -speed
gocryptfs v2.2.1; go-fuse [vendored]; 2021-10-20 go1.18 darwin/arm64
cpu: unknown; with AES acceleration
AES-GCM-256-OpenSSL 2893.19 MB/s
AES-GCM-256-Go 5112.39 MB/s (selected in auto mode)
AES-SIV-512-Go 520.46 MB/s
XChaCha20-Poly1305-OpenSSL 1424.34 MB/s (selected in auto mode)
XChaCha20-Poly1305-Go 824.12 MB/s |
|
https://www.codejam.info/2024/04/gocryptfs-macos-macfuse.html This work on M3 just follow. |
Hi,
I am trying to run 'gocryptfs' on my 2020 MacBook Air, M1 processor. Latest version of BigSur.
I changed the Security Policy to allow kernel extension.
Setup:
OSXFuse:
gocryptfs
I was able to initialize a new encrypted folder with
gocryptfs -init /Users/corelanc0d3r/CTestSo far so good.
When trying to mount the encrypted folder, I get this:
Any suggestions on getting it to work?
(Note: I was able to get it to work on a 2019 MacBook Pro, Intel processor, also running BigSur)
How can I help getting you the info you need to troubleshoot the problem?
thanks !
The text was updated successfully, but these errors were encountered: