search

hanwen / go-fuse

FUSE bindings for Go
Other
1.97k stars 313 forks source link

how to use go-fuse #519

Open kingfly629 opened 4 weeks ago

kingfly629 commented 4 weeks ago

usually ,libfuse monitor the modification of files in the mount-point dir, and then encrypt the original files。 I want to directly encrypt/decrypt the original files when I write/read the original files, what should i I do with fuse???

marius-enlock commented 3 weeks ago

To answer in short: you can get inspiration from this project that uses go-fuse and encrypts/decrypts the original files when you write/ read them: https://github.com/rfjakob/gocryptfs/

The long answer: Building a filesystem is hard - you first need to understand how filesystems work, after you need to implement the interfaces from this docs page: https://pkg.go.dev/github.com/hanwen/go-fuse/v2@v2.5.1/fs That get called on each system call on your mounted folder.

You can structure your code in terms of two data structures: Directories and Files

Both of them need to implement Getattr

Your root node that gets mounted can be modeled as just a Directory.

For directories you need the: Statfs, Lookup (makes your filesystem discoverable), Readdir, Mkdir, Create (creates files), Unlink (removes files), Rmdir, Rename (to perform renames, and moves)

For files you need the: Open, Release, Write, Read, Flush, Fsync

Depending on your platform you can read on how they should behave by accessing the man page - as they are system calls on your mounted folder.

About the encryption/ decryption part. I suggest you start with the passthrough example, then you can venture into using a stream cipher in your Write method to perform the encryption and the same stream cipher in the Read method to perform the decryption.

If you want to take it a step further and use authenticated encryption you will need to work with data blocks when writing to the underlying folder and in your Getattr method for the file, you need to convert the total file size from the cipher text (stored on disk) to the plain text that is readable.

I hope this helps, and good luck!

kingfly629 commented 3 weeks ago

hey, marius-enlock! thank you for your reply. as i know, libfuse only support decrypt/encrypt files in original dir when read/write the files in mountpoint dir. On the contrary, I just want to decrypt/encrypt the files in original dir when i directly read/write them. i don't want to operate the files in mountpoint dir anyway.

rfjakob commented 3 weeks ago

Did you try out gocryptfs? It does what describe. The files in the mountpoint are not real files.

On Thu, 6 Jun 2024, 11:14 kingfly629, @.***> wrote:

hey, marius-enlock! thank you for your reply. as i know, libfuse only support decrypt/encrypt files in original dir when read/write the files in mountpoint dir. On the contrary, I just want to decrypt/encrypt the files in original dir when i directly read/write them. i don't want to operate the files in mountpoint dir anyway.

— Reply to this email directly, view it on GitHub https://github.com/hanwen/go-fuse/issues/519#issuecomment-2151798677, or unsubscribe https://github.com/notifications/unsubscribe-auth/AACGA774SVCYPVJEAVHYZPDZGAR7XAVCNFSM6AAAAABI2ORRI2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNJRG44TQNRXG4 . You are receiving this because you are subscribed to this thread.Message ID: @.***>

rfjakob commented 3 weeks ago

If you don't want a mountpoint, then fuse and go-fuse is not right for you.

On Thu, 6 Jun 2024, 11:14 kingfly629, @.***> wrote:

hey, marius-enlock! thank you for your reply. as i know, libfuse only support decrypt/encrypt files in original dir when read/write the files in mountpoint dir. On the contrary, I just want to decrypt/encrypt the files in original dir when i directly read/write them. i don't want to operate the files in mountpoint dir anyway.

— Reply to this email directly, view it on GitHub https://github.com/hanwen/go-fuse/issues/519#issuecomment-2151798677, or unsubscribe https://github.com/notifications/unsubscribe-auth/AACGA774SVCYPVJEAVHYZPDZGAR7XAVCNFSM6AAAAABI2ORRI2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNJRG44TQNRXG4 . You are receiving this because you are subscribed to this thread.Message ID: @.***>

marius-enlock commented 3 weeks ago

I just want to decrypt/encrypt the files in original dir when i directly read/write them.

Silly question, how are you going to access them?

If you access them from only your program that reads/writes data to them, then you can do the encryption/ decryption on your application. You do not need go-fuse.

If you want them to be accesible by any generic application, you can achieve this using FUSE and having a virtual mountpoint.

kingfly629 commented 3 weeks ago

I try gocryptfs out just a moment ago.maybe the -reverse satisfy my requirements. I will test it tomorrow.

I want them to be accesible by any generic application, at the same time, I want files decrypt/encrypt automatically when any application access the files in original dirsector.

---Original--- From: @.> Date: Thu, Jun 6, 2024 18:43 PM To: @.>; Cc: @.**@.>; Subject: Re: [hanwen/go-fuse] how to use go-fuse (Issue #519)

I just want to decrypt/encrypt the files in original dir when i directly read/write them. Silly question, how are you going to access them?

If you access them from only your program that reads/writes data to them, then you can do the encryption/ decryption on your application.

If you want them to be accesible by any generic application, you can achieve this using FUSE and having a virtual mountpoint.

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>

kingfly629 commented 3 weeks ago

@rfjakob @marius-enlock You are right, fuse may not meet my needs. I want to implement transparent encryption and decryption for file read/write on Linux, which automatically decrypts/encrypts files when I read/write them. Is there any other good solution?

marius-enlock commented 3 weeks ago

I think you need to go to the kernel space to achieve this - I do not think it is recommended. I have 0 experience with this programming space. Maybe you can find some insight in a forum dedicated to linux kernel programming.

rfjakob commented 3 weeks ago

How about https://github.com/minio/sio ?

On Tue, 11 Jun 2024, 08:29 kingfly629, @.***> wrote:

@rfjakob https://github.com/rfjakob @marius-enlock https://github.com/marius-enlock You are right, fuse may not meet my needs. I want to implement transparent encryption and decryption for file read/write on Linux, which automatically decrypts/encrypts files when I read/write them. Is there any other good solution?

— Reply to this email directly, view it on GitHub https://github.com/hanwen/go-fuse/issues/519#issuecomment-2159898512, or unsubscribe https://github.com/notifications/unsubscribe-auth/AACGA72YNCHNGCAG6TMYV43ZG2KNFAVCNFSM6AAAAABI2ORRI2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNJZHA4TQNJRGI . You are receiving this because you were mentioned.Message ID: @.***>