Closed glitsj16 closed 4 years ago
Does other FUSE filesystem, such as sshfs
, work on your ArchLinux?
Does other FUSE filesystem, such as sshfs, work on your ArchLinux?
Yes, SSHFS works just fine on Arch Linux. Creating a new securefs filesystem and mounting it results in the same error. Here's the output of the info subcommand:
$ securefs info /home/glitsj16/.007/.stash_sfs/
Config file path: /home/glitsj16/.007/.stash_sfs//.securefs.json
Filesystem format version: 1
Is full or lite format: full
Is underlying directory flattened: true
Is multiple mounts allowed: false
Is timestamp stored within the fs: false
Content block size: 4096 bytes
Content IV size: 256 bits
Password derivation algorithm: PBKDF2-HMAC-SHA256
Password derivation iterations: 214016
Per file key generation algorithm: HMAC-SHA256
Content cipher: AES-256-GCM
Can you try building with clang++
instead?
@netheril96 Building with clang++ resulted in the exact same issue. I think it is a fuse issue on linux kernel 5.4
. I don't have anything hard to support that claim yet, but I've seen reports on mount troubles with the 5.4 elsewhere. What I can confirm is that on the Arch Linux linux-zen kernel (currently at 5.13) securefs works as expected. That's why it worked on my Ubuntu 16.04 LTS machine, on which I run kernel 4.15.0-70-generic. With 5.4.0-1.1-liquorix-amd64 I see the same failure on Ubuntu too. Changed the description accordingly to avoid confusion. Will do some more digging and report back here. Thanks for your response.
@netheril96 Here are 2 strace logs (redacted the securefs password). Did you get securefs working as expected on a linux kernel 5.4? If so I would be very interested to learn what version works for you. Hopefully this is a fixable issue, because on my main Arch Linux systems the 5.13 kernel that worked just got updated to 5.4 as well and that broke securefs entirely.
Update: securefs should be fixed in kernel 5.4.2 via this commit. When that gets released I'll do some more testing.
Glad to know it’s not my fault.
The problem is still there with 5.4.2.
Command i use to unlock securefs volume and its output is below:
[ink@mtz ~]$ "/usr/bin/securefs" mount "$CIPHER_FOLDER" "$MOUNT_PATH" -o ro,fsname=securefs@"/home/ink/.vaults/securefs",subtype=securefs
Password:
Filesystem mounted successfully
fuse: reading device: Invalid argument
Filesystem unmounted successfully
[ink@mtz ~]$
The above attempt fails but produces below entry in "/proc/self/mountinfo"
39 33 0:31 / $MOUNT_PATH ro,nosuid,nodev,relatime - fuse.securefs securefs@/$CIPHER_PATH ro,user_id=500,group_id=500
The mount point is not accessible and it fails with the following error
[ink@mtz ~]$ stat $MOUNT_POINT
stat: cannot stat 'xxx': Transport endpoint is not connected
[ink@mtz ~]$
Cryfs, gocryptfs and encfs works fine.
Tested with securefs version 0.8.3 and kernel version 5.4.2 on PCLinuxOS.
[ink@mtz ~]$ uname -a
Linux mtz 5.4.2-pclos1 #1 SMP Wed Dec 4 17:46:38 CST 2019 x86_64 x86_64 x86_64 GNU/Linux
[ink@mtz ~]$ securefs v
securefs 0.8.3
Crypto++ 7
libfuse 29
Hardware features available:
SSE2: true
SSE3: true
SSE4.1: true
SSE4.2: true
AES-NI: true
CLMUL: true
SHA: false
[ink@mtz ~]$
How do I install a Linux 5.4.2 for testing? What distribution do you recommend I install on a VM to reproduce this bug?
Confirming that the issue is indeed still present on linux 5.4.2.
@netheril96 The linux 5.4.2 kernel was officially released only a few days ago, so my guess is you won't find a ready-made VM that carries that easily. But if you use something like Virtualbox (what hypervisor are you using/comfortable with?) you can install a recent Ubuntu OS and manually get the 5.4.2 kernel .deb packages from https://kernel.ubuntu.com/~kernel-ppa/mainline/. I'm not very good with VM's though (due to not having access to a capable machine), so @mhogomchungu might have better advice.
Linux 5.4.2 is now on Arch. You can grab the latest cli vm image from here, update (pacman -Syu
), install dependencies (pacman -S
).
Same thing happening over here , running on 5.4.1 Kernel
Problem still present on 5.4.5
I don't really know how to handle ArchLinux.
The strace logs look confusing. On 5.3.13 there is no reference to fusermount
, while on 5.4 there is. Maybe the error is in the userland? What is the version of FUSE library when it breaks?
FUSE3 version on Arch is 3.9.0.
@netheril96 You might find some inspiration from gocryptfs when trying to debug/fix this.
there was some discussion about a similar issue on the arch forums, which eventually pointed at this commit being the culprit. maybe that helps?
there was some discussion about a similar issue on the arch forums, which eventually pointed at this commit being the culprit. maybe that helps?
Judging from the symptoms (EINVAL
), this is a likely cause. However, I never explicit set read buffer size, which should have been handled by libfuse
already.
Linux 5.4.2 is now on Arch. You can grab the latest cli vm image from here, update (
pacman -Syu
), install dependencies (pacman -S
).
if arch is out of your league (boy, do i feel you), you might want to give manjaro a try. it is arch based and just got the 5.4.6 update (which didn't fix it, unfortunately), but provides frontends for the stuff relevant here: installing packages and switching kernel versions. the latter is hidden in the settings, under "Manjaro Settings Manager" -> "Kernel". if you want to stick to CLI, have a look at mhwd-kernel
instead.
Can confirm it works, thank you!
After building securefs from git master, this is what I see on Arch Linux:
The same command works fine on Ubuntu 16.04 LTS. See OS info and build log below. If there's anything else I can provide, feel free to ask.
OS: Arch Linux $ pacman -Q cmake fuse-common fuse2 fuse3 gcc-libs cmake 3.16.0-1 fuse-common 3.8.0-1 fuse2 2.9.9-3 fuse3 3.8.0-1 gcc-libs 9.2.0-4