Application freezes after forced lock (M1 Mac, Big Sur, WebDAV)

[MalEbenSo]

Please agree to the following

• [X] I have searched existing issues for duplicates
• [X] I agree to follow this project's Code of Conduct

Summary

When trying to quit Cryptomator while there are open files on the volume, Cryptomator will hang i. e. become unresponsive.

What software is involved?

• Operating System: macOS Big Sur 11.6
• Cryptomator: 1.5.19 (dmg-2838.133)
• Mount method: WebDAV

Volume Type

WebDAV

Steps to Reproduce

1. Mount a volume via WebDAV.
2. Open a file in the volume, e. g. a PDF document in Preview. I have found that just an open Finder window also triggers the problem.
3. Quit Cryptomator.
4. Cryptomator asks whether it should unmount and lock the volume.

Expected Behavior

Cryptomator returns an error message that unmounting and locking has failed because of open files. Ideally Cryptomator would also list the relevant files and / or apps. In any case the user can close open files and then try again.

Actual Behavior

Cryptomator hangs, i. e. becomes unresponsive. No error message. No quitting. No retry possible.

In fact it can mess up the WebDAV side so badly, that the machine in total misbehaves, gets sluggish. In this state a restart of the OS is not possible without force quitting apps / processes or force restarting.

Reproducibility

Always

Relevant Log Output

No response

Anything else?

Diligently make sure, that there are no open files on the volume and no Finder windows / tabs before quitting Cryptomator and / or unmounting the volume, locking the vault.

[overheadhunter]

Cryptomator returns an error message that unmounting and locking has failed because of open files.

Indeed, this is the expected behaviour. At least when using FUSE, however when using WebDAV, we let the OS do the unmount by triggering these commands and have little information as to why it failed.

Cryptomator hangs, i. e. becomes unresponsive.

This worries me the most. Becoming unresponsive indicates that the UI thread hangs, despite unmount is done in a background task.

Does the vault in question transition to the "work in progress" icon, before it hangs?

In fact it can mess up the WebDAV side so badly, that the machine in total misbehaves, gets sluggish. In this state a restart of the OS is not possible without force quitting apps / processes or force restarting.

Yeah, Apple screwed up WebDAV on M1... It gets even worse, as can be seen in #1419.

[MalEbenSo]

I see this:

So, yes, there is a "work in progress" indicator.

[MalEbenSo]

Is there a known workaround for this hanging state?

Like: "Kill process xyz from Activity Monitor and things should be fine."

webdavfs_agent will respond to a quit request. But that does not make a difference for Cryptomator, it seems.

Cryptomator itself will only respond to a force-quit command. And after that it will not launch "fully" until a restart of the machine. (Maybe because webdavfs_agent is missing? 😬)

By "fully" I mean, that something is launching, because a restart is prevented by Cryptomator. But Cryptomator is not doing its job. Killing that process will allow the restart to progress further, but even then a regular restart hanging. Only a forced restart will do.

[octigha]

Yes, I had this problem too, I used the preview to view the images, then I tried to lock the vault and I got an alert that the vault file was being used. After 2 attempts the finder froze and I had to restart my computer.

The sad thing is that when I try macfuse, I don't receive any hint about the extension even though I have lowered the system security.

I tried to reinstall fuse, but, nothing worked.

[agostonbarna]

Have a similar issue in Monterey 12.0.1 with an M1 Mac mini. Even if I close Preview and Finder, Cryptomator will just hang indefinietly, and it will also make other processes (gpg-agent) and the shutdown/reboot hang. Seems to only happen if I open the webdav mounted Cryptomator dir at least once in Finder. Closing/killing Cryptomator and Finder won't help. Need to forcefully shutdown/reboot the system with the power button. I'm pretty sure these issue are triggered by Cryptomator as I didn't have any of these before using Cryptomator on the Mac and I could reproduce it 3 out of 3 times after opening Cryptomator + Finder. I also upgraded Cryptomator today to the latest version, but still having this issue.

[MalEbenSo]

Using Monterey 12.1 and Cryptomator 1.6.4 a quit-and-lock command will now lock and unmount the Cryptomator-drive (if there is no open Finder-tab).

Cryptomator keeps running. A second quit-and-lock command will quit Cryptomator.

The same version of Cryptomator running on Monterey 12.0.x (x=1?) would not unmount the drive. Force quitting Cryptomator would not fix things. Network connections would get flaky. Restart would fail unless it was forced / crashed.

So a change in Monterey has improved things.

[nihil2040]

Using Big Sur 11.6.2 and Monterey 12.1, and 12.2 beta 1 --the behavior is the same. Cryptomator will not gracefully lock the vault. And yes, a second quit-and-lock will quit Cryptomator, but then Finder becomes completely unresponsive, eventually causing the whole system to hang / beach ball. Only way to recover is to force power off the mac.

Using Cryptomator 1.6.5.

I've sent in Feedback / bug reports to Apple against Big Sur and Monterrey.

[infeo]

Workaround: Install macFUSE and select FUSE in the general preferences, tab virtual drive.

[nihil2040]

As Apple is moving away from kernel extensions, and one would have to lower the security of your mac to install this--Is this ^infeo^ really a viable work-around? Apple publicly discourages the use of kernel extensions and develops more and more APIs to have programs run in user space rather than kernel space. This transition is not new news.

[infeo]

really a viable work-around?

It is for now. In the longterm we would like to switch to a built-in solution (Apples FileProvider Extension). But we are not there yet and the builtin WebDAV implementation is quite buggy, so it is a viable option.

[MalEbenSo]

I have now swallowed the pill and installed MacFUSE. It feels bittersweet: It‘s great to be able to unmount and quit without hassles. But disabling key elements of Apple‘s security measures and going down a deprecated path leaves a bad feeling.

Is there a time estimate for using FileProvider Extensions?

[JokerQyou]

But disabling key elements of Apple‘s security measures and going down a deprecated path leaves a bad feeling.

The author of osxfuse said that file system kernel extension has not been officially deprecated (although kernel extensions at large are going to be deprecated). Also if I remembered it right, installing kernel extensions does not interfere with Apple Pay or other services that requiring secure elements.

The downside is when Apple releases an OS upgrade, some kernel extensions might stop working if you don't upgrade them first.

[nihil2040]

I believe @MalEbenSo to be correct. And it leaves many with a 'bad feeling'. A bad feeling that this is not the type of experience that one typically has when using macOS, nor is it what Apple intends with the security posture of their new hardware.

Is this work-around (by installing MacFuse) a good option for most users? No, it isn't. An average, non-technical person isn't going to understand what they need to do in order to get this work-around to work. What's a 'kernel extension'? Mac users expect to install the disk image into their Applications folder and use it. And when they can't, they will remove it and find another solution to their problem.

So +1 to @MalEbenSo. I believe that defending a deprecated solution that 'might stop working if you don't upgrade them first', isn't providing the best experience for the average user. I'd love to jump in and help the Cryptomator devs transition to the FileProvider API's as they've done on iOS, but dev work isn't my specialty. However, I am happy to help them test betas-- until Cryptomator starts using these new API's, this software is unusable for me.

[Kaiyangshi-Ito]

Meanwhile Cryptomator 2 works perfectly fine on M1 iPad Pro -- not a developer myself, but is it possible to create something similar on M1 Macs?

[MalEbenSo]

My key issue on the user experience:

• It requires to generally disable a default safety setting that helps ensure a clean OS.
• The user must provide special high privileges to the application.
• For all that the Mac has to be re-booted several times including start-up in a special mode.

This seems not in proportion to the desired affect, to mount and unmount an encrypted disk image.

I understand @infeo as stocktaking:

• WebDAV is easy but broken. The problem seems to lie on Apple's side. And who knows about their priorities.
• The solution is FileProvider Extension. But that's not ready.

So the recommendation of MacFUSE is the go-to workaround for now. Not good, but maybe (for some) better than constantly hanging the network and eventually the machine. After all the headaches, it was for me, despite its downsides..

Hence my question: Is there a time estimate for using FileProvider Extensions?

[MalEbenSo]

Meanwhile Cryptomator 2 works perfectly fine on M1 iPad Pro -- not a developer myself, but is it possible to create something similar on M1 Macs?

Out of interest I have installed Cryptomator 2 on my M1 Mac. First impressions after a quick test:

• It runs.
• Dark mode from system settings not respected. No way to set it manually.
• UI working, e. g. going through folders and sorting.
• File access working incl. handover from Cryptomat to Mac application, e. g. opening rtf in TextEdit.
• Drag and drop not working w/o error message.
• Upload file not working with error message.

[tobihagemann]

Wait, Cryptomator 2 for iOS shouldn't run on macOS. We noticed that the File Provider Extension for iOS doesn't magically work on macOS, that's why it's not available for macOS. Is it possible that you tested Cryptomator 1.x?

This issue is getting off-topic but I'd like to confirm that we're going to look into the File Provider integration on macOS. Unfortunately, it's not the same as on iOS but they're hopefully similarities that we can benefit from.

Please head over to #1590 regarding File Provider.

[infeo]

Is there a time estimate for using FileProvider Extensions? Currently not.

It is on our roadmap and we are working towards it, but no ETA. We will let you (the users and the community) know, when there is significant progress.

[infeo]

Cryptomator 1.7.0 supports the new volume type FUSE-T, which is easier to install than MacFuse and more stable than WebDAV. It is the recommendation for M1 Macs.