search

rfjakob / gocryptfs

Encrypted overlay filesystem written in Go
https://nuetzlich.net/gocryptfs/
MIT License
3.39k stars 242 forks source link

Error mounting via fstab under Debian 12.5 #832

Open noe-noenoe opened 4 months ago

noe-noenoe commented 4 months ago

Dear all,

I have an issue mounting my gocryptfs volume via fstab under Debian 12.5 and I trust that someone can help me:

When I manually mount the gocryptfs volume, everything works fine:

gocryptfs --passfile=/path/to/password /mnt/cipher/ /mnt/plain/

But the following entry in /etc/fstab does not work:

/mnt/cipher /mnt/plain fuse./usr/local/bin/gocryptfs rw,nofail,auto,x-systemd.idle-timeout=10,x-systemd.automount,allow_other,passfile=/path/to/password 0 0

Error message when attempting to mount manually is:

mount: /mnt/plain: wrong fs type, bad option, bad superblock on /mnt/cipher, missing codepage or helper program, or other error. dmesg(1) may have more information after failed mount system call.

(gocryptfs is in /usr/local/bin/gocryptfs.)

dmesg shows:

fuse: Unknown parameter 'passfile'

(If I add quiet to the fstab line, the same with 'quiet'.)

Newly initialising the volume did not help at all.

OS is Debian 12.5. However, when using Ubuntu 22.04.4 LTS, everything works fine. According to https://manpages.debian.org/bookworm/gocryptfs/gocryptfs.1.en.html, it should work under Debian, too.

Any ideas? Thanks in advance!

rfjakob commented 3 months ago

Sooo...

Ubuntu 22.04 has gocryptfs v1.8, https://packages.ubuntu.com/jammy/gocryptfs ;

Debian 12 has gocryptfs 2.3, https://packages.debian.org/bookworm/gocryptfs and probably also a much newer kernel. Can you post your uname -a?

rfjakob commented 3 months ago

By the way, I did not know about x-systemd.idle-timeout. Very nice!

rfjakob commented 3 months ago

This works fine on Fedora:

/mnt/cipher /mnt/plain  fuse./home/jakob/go/bin/gocryptfs rw,nofail,auto,x-systemd.idle-timeout=10,x-systemd.automount,allow_other,passfile=/mnt/cipher.passfile 0 0
$ sudo mount -av
/                        : ignored
/boot                    : already mounted
/boot/efi                : already mounted
swap                     : ignored
passfile: reading from file "/mnt/cipher.passfile"
Decrypting master key
The option "-allow_other" is set. Make sure the file permissions protect your data from unwanted access.
Filesystem mounted and ready.
mount: (hint) your fstab has been modified, but systemd still uses
       the old version; use 'systemctl daemon-reload' to reload.
/mnt/plain               : successfully mounted
noe-noenoe commented 3 months ago

Thanks for checking this!

Debian 12 has gocryptfs 2.3, https://packages.debian.org/bookworm/gocryptfs and probably also a much newer kernel. Can you post your uname -a?

Linux [redacted] 6.1.0-18-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.76-1 (2024-02-01) x86_64 GNU/Linux

Unfortunately, the fstab entry that works on Fedora does not work for me on Debian. I have no clue...

caferen commented 3 months ago

I'm having the same problem on Arch. Either with the same entry on /etc/fstab or with a mount unit.

$ uname -a
Linux archlinux 6.8.1-zen1-1-zen #1 ZEN SMP PREEMPT_DYNAMIC Sat, 16 Mar 2024 17:15:23 +0000 x86_64 GNU/Linux
$ gocryptfs --version
gocryptfs v2.4.0; go-fuse [vendored]; 2023-06-15 go1.20.5 linux/amd64
rfjakob commented 3 months ago

Do you have the command "mount.fuse" installed?

On Sun, 24 Mar 2024, 23:19 caferen, @.***> wrote:

I'm having the same problem on Arch. Either with the same entry on /etc/fstab or with a mount unit.

$ uname -a Linux archlinux 6.8.1-zen1-1-zen #1 ZEN SMP PREEMPT_DYNAMIC Sat, 16 Mar 2024 17:15:23 +0000 x86_64 GNU/Linux $ gocryptfs --version gocryptfs v2.4.0; go-fuse [vendored]; 2023-06-15 go1.20.5 linux/amd64

— Reply to this email directly, view it on GitHub https://github.com/rfjakob/gocryptfs/issues/832#issuecomment-2016965864, or unsubscribe https://github.com/notifications/unsubscribe-auth/AACGA76KZHEBSZ7D2N4V2CTYZ5GOPAVCNFSM6AAAAABEO4PGPSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMJWHE3DKOBWGQ . You are receiving this because you commented.Message ID: @.***>

caferen commented 3 months ago

Yes. 

$ which mount.fuse
/usr/bin/mount.fuse

$ pacman -F mount.fuse
extra/fuse2 2.9.9-4 [installed]
    usr/bin/mount.fuse
caferen commented 3 months ago

I realized fuse2 was an orphaned package and the Arch package depends on fuse3. Forcefully uninstalling fuse3 solved the problem. Is this a packaging issue?

rfjakob commented 1 month ago

On a fresh Debian 12 (this one: https://app.vagrantup.com/roboxes/boxes/debian12), just installing gocryptfs via apt install gocryptfs, and this fstab line:

/mnt/cipher /mnt/plain  fuse.gocryptfs nofail,passfile=/mnt/passfile 0 0

I get this:

# mount -v /mnt/plain
mount: /mnt/plain: wrong fs type, bad option, bad superblock on /mnt/cipher, missing codepage or helper program, or other error.
       dmesg(1) may have more information after failed mount system call.

dmesg shows:

[24425.600314] fuse: Unknown parameter 'passfile'

but this is a red herring!

The actual problem is this:

# mount.fuse
-bash: mount.fuse: command not found

And this is the fix:

# apt install fuse

# mount -v /mnt/plain
passfile: reading from file "/mnt/passfile"
Decrypting master key
Filesystem mounted and ready.