encfs fails with new boost update

Arm-the-Homeless · 2010-03-04 21:58:41

I downgraded openssl but all it does is when it mounts, the folder is empty.

Last edited by Arm-the-Homeless (2010-03-04 22:10:37)

ninian · 2010-03-04 22:02:14

Arm-the-Homeless wrote:

Downgrade, stop using encfs, upgrade?

But encfs seems to be unique in its ease of encrypting on the fly!
It's a brilliant solution to the problem of data on laptops which could be stolen, etc. Much less hassle than encrypting every file in sight or having to set up fixed TrueCrypt volumes.
If there's a decent alternative, please educate me ...

crobe · 2010-03-04 22:18:27

If I read that you guys are encrypting your home drives with encfs, I would rather use some dm-crypt and LUKS... I use encfs for a remote backup file system for single files, I love the transparent encryption, too.

Arm-the-Homeless · 2010-03-04 23:33:56

I use encfs for just a few files, not $HOME.

MTsoul · 2010-03-05 07:18:37

How secure is encfs, actually?

I have a encrypted folder, with about 10 configuration files that contain passwords. I use a Git repository to archive them, and it's on a publicly available site. If someone was serious in cracking it, is it feasible?

SanskritFritz · 2010-03-05 09:10:23

After experiencing the same problems, downgrading openssl was the solution, thank you.

kosmiciatakuja · 2010-03-05 10:07:02

Actually I had to *upgrade* openssl to version openssl-0.9.8m-2 (it got released like yesterday), encfs didn't want to mount the directory with -1 version. Still, akonadi is giving me trouble about the old boost...

It looks like this should affect many people, I hope upstream is working on this bug.

SanskritFritz · 2010-03-05 12:03:41

Upgrading to openssl 0.9.8m-2 solved my problem, encfs is working as expected. thanks devs!

ninian · 2010-03-05 18:47:35

Sorry, but I'm not clear on this.
Does the problem with boost>1.41 still persist even though openssl-0.9.8m-2 is now working with encfs?

Answered myself: Oh yes, it does!

Last edited by ninian (2010-03-05 22:28:20)

catseye · 2010-03-06 19:41:57

I have spent the entire afternoon scrutinizing the source code differences between Boost 1.41.0 and 1.42.0 and I have hit a spot that I think is the source of our problem. But before I make a fool of myself by claiming "success" inappropriately (and report this upstream) I want to ask everyone out here who has encountered this problem

$ encfs ~/folder ~/mountpt
00:45:54 (FileUtils.cpp:375) Archive exception: stream error
00:45:54 (FileUtils.cpp:326) Found config file /home/user/folder/.encfs6.xml, but failed to load

and who is able to do so to recompile Boost 1.42.0 with the following patch applied, then recompile "encfs" and then check whether it will allow him again to access his encrypted directories and files. I have only my own system to test this on but with this patch "encfs" is looking bright again (at least at this moment).

--- boost_1_42_0/boost/archive/basic_archive.hpp.orig   2009-12-05 07:32:01.000000000 +0100
+++ boost_1_42_0/boost/archive/basic_archive.hpp        2010-03-06 19:15:48.804171887 +0100
@@ -37,10 +37,10 @@
 } /* boost */                                     \
 /**/
 
-BOOST_ARCHIVE_STRONG_TYPEDEF(uint_least16_t, version_type)
-BOOST_ARCHIVE_STRONG_TYPEDEF(int_least16_t, class_id_type)
-BOOST_ARCHIVE_STRONG_TYPEDEF(int_least16_t, class_id_optional_type)
-BOOST_ARCHIVE_STRONG_TYPEDEF(int_least16_t, class_id_reference_type)
+BOOST_ARCHIVE_STRONG_TYPEDEF(uint_least32_t, version_type)
+BOOST_ARCHIVE_STRONG_TYPEDEF(int_least32_t, class_id_type)
+BOOST_ARCHIVE_STRONG_TYPEDEF(int_least32_t, class_id_optional_type)
+BOOST_ARCHIVE_STRONG_TYPEDEF(int_least32_t, class_id_reference_type)
 BOOST_ARCHIVE_STRONG_TYPEDEF(uint_least32_t, object_id_type)
 BOOST_ARCHIVE_STRONG_TYPEDEF(uint_least32_t, object_reference_type)

By the way: I have not checked whether this patch will cause any problems with other programs that depend on Boost; any experience is appreciated.

corevisual · 2010-03-06 22:02:39

Thank you for digging deeper into this, catseye! Your changes appear to work for me, with all packages up to date. (x86_64, boost 1.42.0+patch, openssl 0.9.8m-2, encfs 1.5-9 recompiled)

I'm only using one other program that depends on boost, easystroke 0.5.3-1 from AUR, but cursorily it appears to be working (recompiled) as well.

Thanks again for your afternoon. Let's hope you've indeed squashed this without any new dependent issues.

Lars Stokholm · 2010-03-07 05:48:06

Thank you, catseye. Excellent work! I have nothing else that depends on Boost, but your fix seems pretty sane and safe. It also fixes the version in .encfs6.xml (should be version="20080816", not version="26800"). Note: If you created the container with the broken version of EncFS, you have to fix this manually.

catseye · 2010-03-07 08:16:46

It also fixes the version in .encfs6.xml (should be version="20080816", not version="26800").

While my patch seems to make things work again I still can't shake off that feeling that it cures the symptom, but not the real problem. And I'm afraid there's more trouble ahead: a few hours ago a change (1) has been committed to the Boost source code repository that will restrict those "version" attributes to 8 bits, making both "20080816" and "26800" illegal values that will abort compilation of "encfs" with a failed assertion. Maybe it's time to dive even deeper into Boost to find out what's really going on there.

(1) https://svn.boost.org/trac/boost/change … ersion.hpp

Lars Stokholm · 2010-03-07 16:28:06

Perhaps you're going about it the wrong way then. Maybe EncFS just needs to realize that something has changed in Boost? This patch seems to "solve" things and might/should work for the svn version of Boost (although I haven't tested). It probably breaks some versioning principles in EncFS, but if version numbers are going to be stored in 8 bit, those principles will be broken anyway.

--- encfs-1.5.orig/encfs/FileUtils.cpp    2008-09-10 07:53:58.000000000 +0200
+++ encfs-1.5/encfs/FileUtils.cpp    2010-03-07 17:02:22.226113619 +0100
@@ -96,7 +96,7 @@
 
 // 20080813 was really made on 20080413 -- typo on date..
 //const int V6SubVersion = 20080813; // switch to v6/XML, add allowHoles option
-const int V6SubVersion = 20080816; // add salt and iteration count
+const int V6SubVersion = 15; // add salt and iteration count
 
 struct ConfigInfo
 {
@@ -184,7 +184,7 @@
             cfg.assignKeyData(key, encodedSize);
             delete[] key;
 
-            if(version >= 20080816)
+            if(version >= 15)
             {
                 int saltLen;
                 ar >> make_nvp("saltLen", saltLen);

.encfs6.xml needs to be "corrected" manually to version="15". I'll make the EncFS developer aware of this discussion.

Last edited by Lars Stokholm (2010-03-07 20:57:02)

catseye · 2010-03-08 06:55:04

Lars Stokholm wrote:

Perhaps you're going about it the wrong way then. Maybe EncFS just needs to realize that something has changed in Boost? This patch seems to "solve" things and might/should work for the svn version of Boost (although I haven't tested). It probably breaks some versioning principles in EncFS, but if version numbers are going to be stored in 8 bit, those principles will be broken anyway.

Lars, you're more right than you probably know! I was concentrating so much on a suspected bug in Boost that I did not pay enough attention to EncFS itself and spent most of my time barking up the wrong tree. The patch and recipe you gave in your last reply will make EncFS work properly again even without having to apply my patch and recompile Boost. That is a solution I feel much more comfortable about.

If only the release notes for Boost 1.42.0 had mentioned that newly imposed restriction on class version numbers it would have saved me a lot of time ... but it was a great learning experience anyway :-)

kosmiciatakuja · 2010-03-08 12:55:53

I can confirm that it works with the patch Lars posted and rebuilt against boost 1.42. And of course changing to version="15" inside the xml file.

Thanks Lars!!

This makes my life so much easier because there seemed to be more and more packages compiled against with 1.42 coming my way somehow and my list of Ignores in pacman.conf was starting to worry me

Kitty · 2010-03-08 16:26:51

Here's what I did to mod the PKGBULD to get everything working again. Thanks for the patch Lars.

encfs-1.5-boost-1.42.patch:

--- encfs-1.5.orig/encfs/FileUtils.cpp    2008-09-10 07:53:58.000000000 +0200
+++ encfs-1.5/encfs/FileUtils.cpp    2010-03-07 17:02:22.226113619 +0100
@@ -96,7 +96,7 @@
 
 // 20080813 was really made on 20080413 -- typo on date..
 //const int V6SubVersion = 20080813; // switch to v6/XML, add allowHoles option
-const int V6SubVersion = 20080816; // add salt and iteration count
+const int V6SubVersion = 15; // add salt and iteration count
 
 struct ConfigInfo
 {
@@ -184,7 +184,7 @@
             cfg.assignKeyData(key, encodedSize);
             delete[] key;
 
-            if(version >= 20080816)
+            if(version >= 15)
             {
                 int saltLen;
                 ar >> make_nvp("saltLen", saltLen);

New PKGBUILD:

--- /home/kitty/Downloads/PKGBUILD    2010-03-08 09:18:15.837262955 -0700
+++ PKGBUILD    2010-03-08 09:22:08.853897738 -0700
@@ -5,7 +5,7 @@
 
 pkgname=encfs
 pkgver=1.5
-pkgrel=9
+pkgrel=10
 pkgdesc="Encrypted filesystem in user-space"
 arch=('i686' 'x86_64')
 url="http://www.arg0.net/encfs"
@@ -14,15 +14,18 @@
 options=('!libtool')
 source=(http://encfs.googlecode.com/files/${pkgname}-${pkgver}-2.tgz
     encfs-1.5-const.patch
-    encfs-1.5-boost-as-needed.patch)
+    encfs-1.5-boost-as-needed.patch
+    encfs-1.5-boost-1.42.patch)
 md5sums=('b07008545545b4a57cf2bf65f08a14ad'
          '7f83d584780f985f9a8904c6c2edd3e0'
-     'bd8e96dda3ce500e3e2a5c6a47b9fc59')
+     'bd8e96dda3ce500e3e2a5c6a47b9fc59'
+     'd97d79e617411224cc810f71a96cb9a6')
 
 build(){
     cd ${srcdir}/${pkgname}-${pkgver}
     patch -Np1 -i ${srcdir}/encfs-1.5-const.patch || return 1
     patch -Np1 -i ${srcdir}/encfs-1.5-boost-as-needed.patch || return 1
+    patch -Np1 -i ${srcdir}/encfs-1.5-boost-1.42.patch || return 1
 
     export LDFLAGS="${LDFLAGS//-Wl,--as-needed}"

ninian · 2010-03-08 22:26:17

@ Kitty, Lars & catseye:

Great work guys!
All your efforts to solve this problem are most appreciated and worthy of a most honourable Arch accolade.

pyther · 2010-03-09 04:13:34

Hmm... this does not work for me, fuse seems to mount the volume but none of my encrypted files are unencrypted or present!

Edit:

23:18:36 (BlockNameIO.cpp:202) on decode of 2 bytes
23:18:36 (DirNode.cpp:132) error decoding filename: Nz1ndEOGDbVxHAhWmwRAHis-
23:18:36 (BlockNameIO.cpp:185) padding, _bx, finalSize = 114, 16, -98
23:18:36 (DirNode.cpp:132) error decoding filename: dCjd6gT0t-7Ghuxan-Z8GRMZ
23:18:36 (BlockNameIO.cpp:185) padding, _bx, finalSize = 70, 16, -54
23:18:36 (DirNode.cpp:132) error decoding filename: f6mEs1aauP5tPCgSkm4jpnTt
23:18:36 (BlockNameIO.cpp:185) padding, _bx, finalSize = 71, 16, -55
23:18:36 (DirNode.cpp:132) error decoding filename: 81oTF5l,-mcFxswcKiNKgij1
23:18:36 (BlockNameIO.cpp:185) padding, _bx, finalSize = 29, 16, -13
23:18:36 (DirNode.cpp:132) error decoding filename: fZkXsKvfan,fu5fVVwp4nMds
23:18:36 (BlockNameIO.cpp:185) padding, _bx, finalSize = 42, 16, -26
23:18:36 (DirNode.cpp:132) error decoding filename: pOiyv92,thn-O1leqyqMOPau
23:18:36 (BlockNameIO.cpp:185) padding, _bx, finalSize = 134, 16, -118
23:18:36 (DirNode.cpp:132) error decoding filename: yYhcx3DsDr,UHXgpGfrg8R-4
23:18:36 (BlockNameIO.cpp:185) padding, _bx, finalSize = 140, 16, -124
23:18:36 (DirNode.cpp:132) error decoding filename: aQWhNgtyAHl7zQMwdXfiDkvu
23:18:36 (BlockNameIO.cpp:185) padding, _bx, finalSize = 104, 16, -88
23:18:36 (DirNode.cpp:132) error decoding filename: 4zPU9DGk8St9z5kIC9JLP1fn
23:18:36 (BlockNameIO.cpp:185) padding, _bx, finalSize = 62, 16, -46
23:18:36 (DirNode.cpp:132) error decoding filename: IjNO3C5N4H8kgaSHfeBiazeo
23:18:36 (BlockNameIO.cpp:201) checksum mismatch: expected 61315, got 53668
23:18:36 (BlockNameIO.cpp:202) on decode of 9 bytes
23:18:36 (DirNode.cpp:132) error decoding filename: jDM0GYq0k6WqyfAIJQClnl8H

Some errors...

Last edited by pyther (2010-03-09 04:19:50)

Wintervenom · 2010-03-09 06:46:26

ninian wrote:

Arm-the-Homeless wrote:
Downgrade, stop using encfs, upgrade?
But encfs seems to be unique in its ease of encrypting on the fly!
It's a brilliant solution to the problem of data on laptops which could be stolen, etc. Much less hassle than encrypting every file in sight or having to set up fixed TrueCrypt volumes.
If there's a decent alternative, please educate me ...

DM-Crypt loop. You could store everything inside one encrypted file. You'll have to plan ahead how much space you'll want to use, however, and if you need more down the road, you would append zeros to the end of the file and resize the file system.

ninian · 2010-03-09 08:51:02

Wintervenom wrote:

DM-Crypt loop. You could store everything inside one encrypted file. You'll have to plan ahead how much space you'll want to use, however, and if you need more down the road, you would append zeros to the end of the file and resize the file system.

Ah yes thanks, I've seen that mentioned before somewhere. The main problem I have is on Eee PCs which have very limited SSD storage space. That's why encrypting on the fly is so good on these.

mannemerak · 2010-03-09 13:38:58

So, I updated all and patched EncFS and changed version in config to "15".
Creating new volumes work now, but I still cannot access my old volume? (about 1.5-2 years old)
I get "Error decoding volume key, password incorrect", the password entered is correct.

Last edited by mannemerak (2010-03-09 13:39:51)

darose · 2010-03-09 18:03:52

FYI - downgrading to boost 1.41, and then recompiling encfs against it, does seem to fix this.

dunc · 2010-03-09 22:59:29

Thanks Lars, Kitty. Rescued a lot of stuff there. Let's hope this gets fixed upstream...

cja · 2010-03-10 00:05:22

mannemerak wrote:

So, I updated all and patched EncFS and changed version in config to "15".
Creating new volumes work now, but I still cannot access my old volume? (about 1.5-2 years old)
I get "Error decoding volume key, password incorrect", the password entered is correct.

Same issue for me: update all, patch EncFS, manually change version --> 15, get 'Error decoding volume...'.
Volume is ~1 yr old.

Arch Linux

#26 2010-03-04 21:58:41

Re: encfs fails with new boost update

#27 2010-03-04 22:02:14

Re: encfs fails with new boost update

#28 2010-03-04 22:18:27

Re: encfs fails with new boost update

#29 2010-03-04 23:33:56

Re: encfs fails with new boost update

#30 2010-03-05 07:18:37

Re: encfs fails with new boost update

#31 2010-03-05 09:10:23

Re: encfs fails with new boost update

#32 2010-03-05 10:07:02

Re: encfs fails with new boost update

#33 2010-03-05 12:03:41

Re: encfs fails with new boost update

#34 2010-03-05 18:47:35

Re: encfs fails with new boost update

#35 2010-03-06 19:41:57

Re: encfs fails with new boost update

#36 2010-03-06 22:02:39

Re: encfs fails with new boost update

#37 2010-03-07 05:48:06

Re: encfs fails with new boost update

#38 2010-03-07 08:16:46

Re: encfs fails with new boost update

#39 2010-03-07 16:28:06

Re: encfs fails with new boost update

#40 2010-03-08 06:55:04

Re: encfs fails with new boost update

#41 2010-03-08 12:55:53

Re: encfs fails with new boost update

#42 2010-03-08 16:26:51

Re: encfs fails with new boost update

#43 2010-03-08 22:26:17

Re: encfs fails with new boost update

#44 2010-03-09 04:13:34

Re: encfs fails with new boost update

#45 2010-03-09 06:46:26

Re: encfs fails with new boost update

#46 2010-03-09 08:51:02

Re: encfs fails with new boost update

#47 2010-03-09 13:38:58

Re: encfs fails with new boost update

#48 2010-03-09 18:03:52

Re: encfs fails with new boost update

#49 2010-03-09 22:59:29

Re: encfs fails with new boost update

#50 2010-03-10 00:05:22

Re: encfs fails with new boost update

Board footer