I was able to build and run cryfs with some modifications. But due to perfused wanting to create a trace file in /var/run, it fails to mount as non root user which makes it very hard or impractical to use.
I followed steps like the following: $ doas pkgin in gcc cmake pkg-config fuse python312 openmp $ doas ln -s /usr/pkg/bin/python3.12 /usr/pkg/bin/python3 $ python3 -m pip install --user pipx $ python3 -m pipx ensurepath Success! Added /home/usernamehere/.local/bin to the PATH environment variable. ...Alternatively, you can source your shell's config file with e.g. 'source ~/.bashrc'. ... $ source ~/.bashrc $ pipx install conan~=2.7.0 $ pipx ensurepath $ conan profile detect Open ~/.conan2/settings.yml, duplicate the "FreeBSD:" line as "NetBSD:" so that conan doesn't complain NetBSD being unsupported. 1.0.1 is latest as per <https://github.com/cryfs/cryfs/releases> , so: $ ftp https://github.com/cryfs/cryfs/archive/refs/tags/1.0.1.tar.gz $ tar -xvf 1.0.1.tar.gz $ cd cryfs-1.0.1 Then apply these changes: diff --git a/conanfile.py b/conanfile.py index cbd320c..999cb85 100644 --- a/conanfile.py +++ b/conanfile.py @@ -9,9 +9,9 @@ class CryFSConan(ConanFile): name = "cryfs" version = "na" settings = "os", "compiler", "build_type", "arch" - tool_requires = "cmake/3.25.3" + #tool_requires = "cmake/3.25.3" # commented to use system cmake generators = ["CMakeToolchain", "CMakeDeps"] - package_folder = "/usr" + package_folder = "/usr/local" # to keep /usr clean options = { "build_tests": [True, False], "update_checks": [True, False], @@ -151,6 +151,9 @@ class CryFSConan(ConanFile): "CMAKE_EXPORT_COMPILE_COMMANDS": self.options.export_compile_commands, "USE_IWYU": self.options.use_iwyu, "CLANG_TIDY_WARNINGS_AS_ERRORS": self.options.clang_tidy_warnings_as_errors, + # NetBSD + "INSTALL_RPATH": "/usr/pkg/lib;/usr/local/lib;/usr/lib", + "CMAKE_INSTALL_RPATH_USE_LINK_PATH": "ON", } if self.options.use_ccache: cmake_vars["CMAKE_C_COMPILER_LAUNCHER"] = "ccache" diff --git a/src/cpp-utils/CMakeLists.txt b/src/cpp-utils/CMakeLists.txt index ecfdb53..84041d1 100644 --- a/src/cpp-utils/CMakeLists.txt +++ b/src/cpp-utils/CMakeLists.txt @@ -62,7 +62,7 @@ add_library(${PROJECT_NAME} STATIC ${SOURCES}) if(MSVC) target_link_libraries(${PROJECT_NAME} PUBLIC DbgHelp) -elseif (APPLE) +elseif (APPLE OR CMAKE_HOST_SYSTEM_NAME STREQUAL NetBSD) target_compile_definitions(${PROJECT_NAME} PRIVATE BOOST_STACKTRACE_GNU_SOURCE_NOT_REQUIRED) endif() diff --git a/src/cpp-utils/system/get_total_memory.cpp b/src/cpp-utils/system/get_total_memory.cpp index 2347d65..4dc82d8 100644 --- a/src/cpp-utils/system/get_total_memory.cpp +++ b/src/cpp-utils/system/get_total_memory.cpp @@ -21,7 +21,7 @@ namespace cpputils { } } -#elif defined(__linux__) || defined(__FreeBSD__) +#elif defined(__linux__) || defined(__FreeBSD__) || defined(__NetBSD__) #include <unistd.h> diff --git a/src/cpp-utils/thread/debugging_nonwindows.cpp b/src/cpp-utils/thread/debugging_nonwindows.cpp index c32eda2..155e380 100644 --- a/src/cpp-utils/thread/debugging_nonwindows.cpp +++ b/src/cpp-utils/thread/debugging_nonwindows.cpp @@ -28,7 +28,11 @@ void set_thread_name(const char* name) { #if defined(__APPLE__) const int result = pthread_setname_np(name_.c_str()); #else +# if defined(__NetBSD__) + const int result = pthread_setname_np(pthread_self(), name_.c_str(), (void*)strlen(name_.c_str())); +# else const int result = pthread_setname_np(pthread_self(), name_.c_str()); +# endif #endif if (0 != result) { throw std::runtime_error("Error setting thread name with pthread_setname_np. Code: " + std::to_string(result)); I didn't submit a PR to the project. But if anyone wants to, feel free to do so. pthread_setname_np line shows a -Wold-style-cast warning. If anyone knows any better solutions please suggest. To build and install: $ conan build . -s build_type=Release -s compiler.cppstd=17 --build=missing -o "&:update_checks=False" $ doas make -C build/Release install $ which cryfs /usr/local/bin/cryfs To test I did: $ cd /tmp ## PERFUSE_BUFSIZE is to solve "perfuse_open: setsockopt SO_SNDBUF to ## 2162688 failed: No buffer space available" error. ## Source: https://www.unitedbsd.com/d/483-ntfs-3g-fuse-error-on-os108-netbsd-91 $ doas env PERFUSE_BUFSIZE=$((132 * 1024)) cryfs secret plain Entering y, y, y, then passphrase twice does work: $ mount | grep secret cryfs@/tmp/secret on /tmp/plain type puffs|perfuse|fuse.cryfs (nodev, nosuid) But writing to mountpoint does not work as non root user: $ touch plain/test.txt touch: plain/test.txt: Permission denied $ doas chown -R $(id -un):$(id -gn) plain $ touch plain/test.txt touch: plain/test.txt: Permission denied I tried running cryfs with "-o allow_other" and these as potential fixes but they didn't work: $ groups users wheel operator $ doas sysctl -w vfs.generic.usermount=1 $ doas chmod g+rw /dev/puffs When I run cryfs using non root user it fails: $ doas umount "/tmp/plain" $ doas rm -rf {plain,secret} $ env PERFUSE_BUFSIZE=$((132 * 1024)) cryfs secret plain ... Mounting filesystem. To unmount, call: $ cryfs-unmount "/tmp/plain" could not open "/var/run/perfused%s.trace": Permission denied Is there any way to disable the behavior of perfused creating trace files? perfused(8) man page mentions SIGUSR1: > SIGUSR1 > Toggle FUSE operation dump on and off. When toggling off, the > trace is is stored in /var/run/perfuse-xxx.trace (xxx is the > filesystem mount point). But I don't know how to use it. I found no docs on how to use it in this scenario. Btw, the file prefix seems to be "perfused-", not "perfuse-" as man page says. I guess it might be a typo. "is is" also seems like another. I found a workaround though. But it's impractical (details below). I noticed when I tried it with root priv before, it created a file: $ ls /var/run/perfused* /var/run/perfused-tmp-plain.trace So I tried the following and it worked with non root user: $ doas touch /var/run/perfused-tmp-plain.trace # just as a step $ doas chmod g+rw /var/run/perfused-tmp-plain.trace $ env PERFUSE_BUFSIZE=$((132 * 1024)) cryfs secret plain ... Mounting filesystem. To unmount, call: $ cryfs-unmount "/tmp/plain" $ mount | grep secret cryfs@/tmp/secret on /tmp/plain type puffs|perfuse|fuse.cryfs (nodev, nosuid, mounted by user) $ touch plain/test.txt touch: plain/test.txt: Permission denied $ doas chown -R $(id -un):$(id -gn) plain $ touch plain/test.txt $ echo test > plain/test.txt $ cat plain/test.txt test This is not exactly a solution. The trace file name changes based on mount directory path. So I'd have to do this every time I try a new mount point, which is impractical. Another solution I'm thinking about is adding group write permission to /var/run (doas chmod g+rw /var/run ?). But it feels unnecessary, since I don't need a trace file. EncFS works fine without creating trace file, so I would want it to work as well without it. Is there a solution to this problem? Can it be disabled from cryfs source code?
