LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian
User Name
Password
Debian This forum is for the discussion of Debian Linux.

Notices

Reply
 
Search this Thread
Old 02-16-2011, 03:16 AM   #1
Barry1
LQ Newbie
 
Registered: Dec 2010
Location: Germany
Distribution: Debian GNU/Linux, Fedora Project and OpenSUSE LINUX
Posts: 22

Rep: Reputation: 1
Question installing CFS in SQUEEZE (stable)


Hi group,

I'm running a debian (stable=squeeze) server. There resides an encrypted directory (which a produced with cfs some time ago).
I'd like to access these files - but cfs is not available for debian - not even unstable für x86 or so (see http://packages.debian.org/cfs).
Are there any hints howto install - maybe with apt would be fine?
I have not found any backports or so?

Thanks in advance

Barry1
 
Old 02-16-2011, 02:33 PM   #2
mostlyharmless
Senior Member
 
Registered: Jan 2008
Distribution: Slackware -current (multilib) with kernel 3.15.5
Posts: 1,498
Blog Entries: 12

Rep: Reputation: 155Reputation: 155
You'd probably find it easiest to load a virtual machine with am older version of Linux that supports cfs and access the data from there, then re-encrypt it using something more modern. I haven't had any luck compiling cfs on anything remotely modern.
 
Old 04-25-2011, 04:04 AM   #3
marculix
LQ Newbie
 
Registered: Apr 2011
Posts: 5

Rep: Reputation: 1
Quote:
Originally Posted by mostlyharmless View Post
You'd probably find it easiest to load a virtual machine with am older version of Linux that supports cfs and access the data from there, then re-encrypt it using something more modern. I haven't had any luck compiling cfs on anything remotely modern.

Hy Barry, Mostlyharmless, Group members

I think there is a persistent maintenance problem with CFS. Most of the CFS packages out there are not supported officially or they are branched out or orphaned as nobody maintains a central svn or cvs repository to merge back all the invididual forks (from distributions) back to a main repository. From my perspective, all attempts failed (e.g. cfsnfs project on sourceforge and some others).

I'm using different CFS versions since 15 years under 3 different architectures (Sparc, i386, PPC) all under the Debian Operating System on Servers, MacBook's and PowerBook's. For me, it's still the most reliable solution for protecting my large private datastore (25 GB).

Last weekend, I installed a small Debian 6.0 personal server which holds my personal daily /home commit of my MacBook's svn-repository. The entire svn replica is now stored within the CFS tree and I'm testing in the next few days whether the combination of Subversion and CFS works reliable.

Barry to your problem:
On Debian squeeze, I've built my own CFS 1.4.1 binary from scratch yesterday without any problem using a simple 'make cfs' followed by a 'make_install cfs', that's it. Here it comes: It is my own branch of CFS which I backpatched against all the relevant CFS fixes which were contributed over the last 15 years. I gathered them from everywhere, in particular from Suse, Debian, Ubuntu, the BSD repository, Mailinglists and Boards, but I not applied every patch e.g. a patch to replace the required 16 char cmkdir password with a 8 char one (?!). If you want me to mirror my current CFS branch on my website, let me know. It contains a fully productional and functional CFS engine supporting the latest crypthography algorithms. You can compare then my version against the latest official version published by Matt Blaze in order to verify the changes (trustworthiness).

cheers
Marc

Last edited by marculix; 04-25-2011 at 06:12 AM. Reason: typo
 
1 members found this post helpful.
Old 04-26-2011, 01:13 AM   #4
Barry1
LQ Newbie
 
Registered: Dec 2010
Location: Germany
Distribution: Debian GNU/Linux, Fedora Project and OpenSUSE LINUX
Posts: 22

Original Poster
Rep: Reputation: 1
Cool

Quote:
Originally Posted by marculix View Post
Barry to your problem:
On Debian squeeze, I've built my own CFS 1.4.1 binary from scratch yesterday without any problem using a simple 'make cfs' followed by a 'make_install cfs', that's it. Here it comes: It is my own branch of CFS which I backpatched against all the relevant CFS fixes which were contributed over the last 15 years. I gathered them from everywhere, in particular from Suse, Debian, Ubuntu, the BSD repository, Mailinglists and Boards, but I not applied every patch e.g. a patch to replace the required 16 char cmkdir password with a 8 char one (?!). If you want me to mirror my current CFS branch on my website, let me know. It contains a fully productional and functional CFS engine supporting the latest crypthography algorithms. You can compare then my version against the latest official version published by Matt Blaze in order to verify the changes (trustworthiness).
Hi Marc,
thank you for your sources. I read the differences and compiled... they did fine...
Strange - on using 'cattach cryptdir name' it ask for my passphrase - and returns with 'no such encrypted directory' - do you have an idea?
Thanks in advance
Barry1

Last edited by Barry1; 04-27-2011 at 02:24 AM. Reason: Typo
 
Old 04-27-2011, 12:23 AM   #5
marculix
LQ Newbie
 
Registered: Apr 2011
Posts: 5

Rep: Reputation: 1
Quote:
Originally Posted by Barry1 View Post
Hi Marc,
thank you for your sources. I read the differences and compiled... they did fine...
Strange - on unsing 'cattach cryptdir name' it ask for my passphrase - and returns with 'no such encrypted directory' - do you have an idea?
Thanks in advance
Barry1
Generally CFS requires these things:
1. A fully working NFS (which you have already with squeeze)
2. A running CFS daemon (which you just compiled)
3. A CFS mounted diretory through NFS (see below)
4. Attaching the crypted directory (to make it virtually unecrypted via CFS, see below)

As you're also using Debian, here's the Debian specific instructions to get CFS working:

as root:
-mkdir /root/.cfs
-chmod 000 /root/.cfs
-Make sure the loopback device is in portmap:
add to /etc/hosts.allow: portmap: 127.0.0.1
-add to /etc/exports: '/root/.cfs localhost(rw)'
-restart your NFS subsystem by doing either:
'/etc/rc2.d/S15... restart' and '/etc/rc2.d/S16... restart'
(assuming that NFS init scripts are S15.. and S16... and you're also running the NFS-kernel-server and not the NFS daemon)
-Run 'cfsd 3049' (which starts the CFS daemon on port 3049)
-Then you can mount your CFS-mountpoint:
mount -t nfs -o port=3049,intr,sync,nfsvers=2,udp localhost:/root/.cfs /home/yourdir/test/ (assuming that 'test' is a simple empty directory which exists in your homedir)
-and finally attach your encyrypted dir:
cattach /your-encyrypted-dir/ test (test is here the reference to the mountpoint above)

That's it. My general debugging experience is:

bring up CFS order: cfsd start - mount - cattach
shutdown CFS order: cdetach - umount - cfsd stop

Hope it helps.
Marc
 
Old 04-27-2011, 02:35 AM   #6
Barry1
LQ Newbie
 
Registered: Dec 2010
Location: Germany
Distribution: Debian GNU/Linux, Fedora Project and OpenSUSE LINUX
Posts: 22

Original Poster
Rep: Reputation: 1
Question

Hi marculix,

thanks for you help..
I forgot your step
Quote:
Originally Posted by marculix View Post
Generally CFS requires these things:
-Make sure the loopback device is in portmap:
add to /etc/hosts.allow: portmap: 127.0.0.1
but now - I get another problem...
Code:
ebeling@gammaray:~$ cattach /home/ebeling/ebeling_privat/ /home/ebeling/cfsdir/
Key:
cattach: badly formed name
I also tried without trailing slashes...
Any ideas?

Thanks in advance and greets

Barry1
 
Old 04-28-2011, 06:08 AM   #7
marculix
LQ Newbie
 
Registered: Apr 2011
Posts: 5

Rep: Reputation: 1
Quote:
Originally Posted by Barry1 View Post
Hi marculix,
but now - I get another problem...
Code:
ebeling@gammaray:~$ cattach /home/ebeling/ebeling_privat/ /home/ebeling/cfsdir/
Key:
cattach: badly formed name
I also tried without trailing slashes...
Any ideas?
Barry1
Uuuuhhhh.... no clue... Never got this msg before... Maybe you encrypted the folder using an early 1.3.3 version of CFS? I you need, I also have the modified and blowfish patched 1.3.3 sources if you think it's an incompatibility issue... Let me know...

Marc
 
Old 04-28-2011, 06:24 AM   #8
Barry1
LQ Newbie
 
Registered: Dec 2010
Location: Germany
Distribution: Debian GNU/Linux, Fedora Project and OpenSUSE LINUX
Posts: 22

Original Poster
Rep: Reputation: 1
Lightbulb

Quote:
Originally Posted by marculix View Post
Uuuuhhhh.... no clue... Never got this msg before... Maybe you encrypted the folder using an early 1.3.3 version of CFS? I you need, I also have the modified and blowfish patched 1.3.3 sources if you think it's an incompatibility issue... Let me know...
Marc
Hi Marc,
maybe... Last working use was on 2008-11-18... I have no idea which version was used...
I'd like to give the older one a try.
Thanks in advance

Bastian
 
Old 04-28-2011, 07:42 AM   #9
Barry1
LQ Newbie
 
Registered: Dec 2010
Location: Germany
Distribution: Debian GNU/Linux, Fedora Project and OpenSUSE LINUX
Posts: 22

Original Poster
Rep: Reputation: 1
Question

Hi marculix,

thanks - I compiled... but the problem remains...
Trying the cattach-command with a strace show the following maybe interesting line (within many others)
Code:
bind(3, {sa_family=AF_INET, sin_port=htons(710), sin_addr=inet_addr("0.0.0.0")}, 16) = -1 EACCES (Permission denied)
Do you have an explanation?
Greets
Bastian
 
Old 04-29-2011, 08:58 AM   #10
mostlyharmless
Senior Member
 
Registered: Jan 2008
Distribution: Slackware -current (multilib) with kernel 3.15.5
Posts: 1,498
Blog Entries: 12

Rep: Reputation: 155Reputation: 155
@marculix I've got a dumb question: where are the sources for this newly parched up version of cfs? Could you provide a link?
 
Old 05-06-2011, 11:55 PM   #11
marculix
LQ Newbie
 
Registered: Apr 2011
Posts: 5

Rep: Reputation: 1
Quote:
Originally Posted by mostlyharmless View Post
@marculix I've got a dumb question: where are the sources for this newly parched up version of cfs? Could you provide a link?
Here's my update (work in progress):
The CFS Test on my Debian environment was not a success.

I ran all my test cases on this environment:

Code:
lsb_release -d:                     Debian GNU/Linux 6.0.1 (squeeze)
uname -a:                           kernel 2.6.32-5-686
apt-cache policy nfs-kernel-server: 1:1.2.2-4
gcc -v:                             gcc version 4.4.5 (Debian 4.4.5-8)
cfs version:                        1.4.1
Compiling and installing CFS works perfectly fine using my own backpatched branch of CFS 1.4.1 but the CFS functionality is clearly broken with recent Linux kernels, that's my final conclusion after a week investigation.

After I straced and analyzed a 'touch foo' within my CFS attached dir, I found that the latest implementation of NFS in newer linux kernels must be the reason that (anciently maintained) CFS 1.4.1 doesn't work anymore. It's a tragedy but a Debian bug report [1] two years ago ended with the closure of this issue (no solution provided), the bug remained unfixed and CFS subsequently orphaned in Debian.

Some deeper research brought me to the essential 3 years old kernel mailing list thread [2]. Based on the research work driven by Gianluca Alberici which insisted to find a solution for this issue, it was found, that after a NFS fix was contributed against linux kernel 2.6.22, CFS wasn't working anymore afterwards with all later kernels. It was concluded, that it wasn't the NFS maintainer's fault but due to the lack of CFS maintenance.

According Gianluca's post [3], he coded a 'working patch' against CFSD which makes CFS working with newer kernels. I contacted him today by e-mail for sending me the patch as I haven't found it somewhere else. Once I'll receive it, I'll run the patch against my CFS branch and re-run my tests again.

Should I manage to get CFS running on my recent Linux environment, then I'll mirror my entire backpatched CFS branch on my website.

I'll keep you up-to-date.
Marc


[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=516568
[2] http://www.mail-archive.com/linux-nf.../msg01248.html
[3] http://www.mail-archive.com/linux-nf.../msg01396.html

Last edited by marculix; 05-07-2011 at 12:43 AM.
 
Old 05-15-2011, 08:18 AM   #12
marculix
LQ Newbie
 
Registered: Apr 2011
Posts: 5

Rep: Reputation: 1
Quote:
Originally Posted by marculix View Post
Here's my update (work in progress):
Should I manage to get CFS running on my recent Linux environment, then I'll mirror my entire backpatched CFS branch on my website.
I'll keep you up-to-date.
Hi guys

I never received an answer from Gianluca by e-mail and I haven't found his working patch somewhere else, imho his fix was never committed into a public CFS repository. I checked every single google reference and repo in the last 7 days.

I'm highly under pressure with a research project thus, I have no time to fix this CFS bug. If someone else may have a look into it, feel free. For those which are interested to fix this CFS bug, I uploaded an incremental diff of my own maintained CFS branch to my website: http://pubwww.fhzh.ch/~mgloor/patch.html. Any feedback appreciated.

However, I'm using eCryptfs with Subversion now. The performance is great.

cheers
Marc
 
  


Reply

Tags
apt, cfs, debian, squeeze, stable


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Two days till Debian Squeeze goes Stable LXer Syndicated Linux News 0 02-04-2011 09:31 PM
LXer: Debian Squeeze set for Stable release on Feb. 5 or 6 - it's a distro you shouldn't ignore LXer Syndicated Linux News 0 01-21-2011 03:30 AM
[SOLVED] Waiting for Squeeze stable vs installing Squeeze right now and keeping it up to date alanv Linux - Newbie 2 11-03-2010 02:43 AM
How stable is Squeeze right now? Completely Clueless Debian 6 11-18-2009 05:50 PM
squeeze stable? cccc Debian 17 11-10-2009 12:01 PM


All times are GMT -5. The time now is 05:49 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration