How to disable perfused trace (for cryfs)?

To: netbsd-users%netbsd.org@localhost
Subject: How to disable perfused trace (for cryfs)?
From: unadvised <unadvised%airmail.cc@localhost>
Date: Wed, 16 Jul 2025 19:43:39 +0600
I was able to build and run cryfs with some modifications. But due to
perfused wanting to create a trace file in /var/run, it fails to mount
as non root user which makes it very hard or impractical to use.

I followed steps like the following:


$ doas pkgin in gcc cmake pkg-config fuse python312 openmp
$ doas ln -s /usr/pkg/bin/python3.12 /usr/pkg/bin/python3
$ python3 -m pip install --user pipx
$ python3 -m pipx ensurepath
Success! Added /home/usernamehere/.local/bin to the PATH environment
variable. ...Alternatively, you can source your shell's config file
with e.g. 'source ~/.bashrc'.
...
$ source ~/.bashrc

$ pipx install conan~=2.7.0
$ pipx ensurepath
$ conan profile detect


Open ~/.conan2/settings.yml, duplicate the "FreeBSD:" line as "NetBSD:"
so that conan doesn't complain NetBSD being unsupported.

1.0.1 is latest as per <https://github.com/cryfs/cryfs/releases> , so:


$ ftp https://github.com/cryfs/cryfs/archive/refs/tags/1.0.1.tar.gz
$ tar -xvf 1.0.1.tar.gz
$ cd cryfs-1.0.1


Then apply these changes:


diff --git a/conanfile.py b/conanfile.py
index cbd320c..999cb85 100644
--- a/conanfile.py
+++ b/conanfile.py
@@ -9,9 +9,9 @@ class CryFSConan(ConanFile):
     name = "cryfs"
     version = "na"
     settings = "os", "compiler", "build_type", "arch"
-    tool_requires = "cmake/3.25.3"
+    #tool_requires = "cmake/3.25.3"  # commented to use system cmake
     generators = ["CMakeToolchain", "CMakeDeps"]
-    package_folder = "/usr"
+    package_folder = "/usr/local"  # to keep /usr clean
     options = {
         "build_tests": [True, False],
         "update_checks": [True, False],
@@ -151,6 +151,9 @@ class CryFSConan(ConanFile):
             "CMAKE_EXPORT_COMPILE_COMMANDS":
self.options.export_compile_commands, "USE_IWYU": self.options.use_iwyu,
             "CLANG_TIDY_WARNINGS_AS_ERRORS":
self.options.clang_tidy_warnings_as_errors,
+            # NetBSD
+            "INSTALL_RPATH": "/usr/pkg/lib;/usr/local/lib;/usr/lib",
+            "CMAKE_INSTALL_RPATH_USE_LINK_PATH": "ON",
         }
         if self.options.use_ccache:
             cmake_vars["CMAKE_C_COMPILER_LAUNCHER"] = "ccache"
diff --git a/src/cpp-utils/CMakeLists.txt b/src/cpp-utils/CMakeLists.txt
index ecfdb53..84041d1 100644
--- a/src/cpp-utils/CMakeLists.txt
+++ b/src/cpp-utils/CMakeLists.txt
@@ -62,7 +62,7 @@ add_library(${PROJECT_NAME} STATIC ${SOURCES})
 
 if(MSVC)
     target_link_libraries(${PROJECT_NAME} PUBLIC DbgHelp)
-elseif (APPLE)
+elseif (APPLE OR CMAKE_HOST_SYSTEM_NAME STREQUAL NetBSD)
     target_compile_definitions(${PROJECT_NAME} PRIVATE
BOOST_STACKTRACE_GNU_SOURCE_NOT_REQUIRED) endif()
 
diff --git a/src/cpp-utils/system/get_total_memory.cpp
b/src/cpp-utils/system/get_total_memory.cpp index 2347d65..4dc82d8
100644 --- a/src/cpp-utils/system/get_total_memory.cpp
+++ b/src/cpp-utils/system/get_total_memory.cpp
@@ -21,7 +21,7 @@ namespace cpputils {
 	}
 }
 
-#elif defined(__linux__) || defined(__FreeBSD__)
+#elif defined(__linux__) || defined(__FreeBSD__) || defined(__NetBSD__)
 
 #include <unistd.h>
 
diff --git a/src/cpp-utils/thread/debugging_nonwindows.cpp
b/src/cpp-utils/thread/debugging_nonwindows.cpp index c32eda2..155e380
100644 --- a/src/cpp-utils/thread/debugging_nonwindows.cpp
+++ b/src/cpp-utils/thread/debugging_nonwindows.cpp
@@ -28,7 +28,11 @@ void set_thread_name(const char* name) {
 #if defined(__APPLE__)
   const int result = pthread_setname_np(name_.c_str());
 #else
+#  if defined(__NetBSD__)
+  const int result = pthread_setname_np(pthread_self(), name_.c_str(),
(void*)strlen(name_.c_str())); +#  else
   const int result = pthread_setname_np(pthread_self(), name_.c_str());
+#  endif
 #endif
   if (0 != result) {
     throw std::runtime_error("Error setting thread name with
pthread_setname_np. Code: " + std::to_string(result));


I didn't submit a PR to the project. But if anyone wants to, feel
free to do so.

pthread_setname_np line shows a -Wold-style-cast warning. If anyone
knows any better solutions please suggest.

To build and install:


$ conan build . -s build_type=Release -s compiler.cppstd=17
--build=missing -o "&:update_checks=False" $ doas make -C build/Release
install $ which cryfs
/usr/local/bin/cryfs


To test I did:


$ cd /tmp
## PERFUSE_BUFSIZE is to solve "perfuse_open: setsockopt SO_SNDBUF to
## 2162688 failed: No buffer space available" error.
## Source:
https://www.unitedbsd.com/d/483-ntfs-3g-fuse-error-on-os108-netbsd-91 $
doas env PERFUSE_BUFSIZE=$((132 * 1024)) cryfs secret plain


Entering y, y, y, then passphrase twice does work:


$ mount | grep secret
cryfs@/tmp/secret on /tmp/plain type puffs|perfuse|fuse.cryfs (nodev,
nosuid)


But writing to mountpoint does not work as non root user:


$ touch plain/test.txt
touch: plain/test.txt: Permission denied
$ doas chown -R $(id -un):$(id -gn) plain
$ touch plain/test.txt
touch: plain/test.txt: Permission denied


I tried running cryfs with "-o allow_other" and these as potential
fixes but they didn't work:


$ groups
users wheel operator
$ doas sysctl -w vfs.generic.usermount=1
$ doas chmod g+rw /dev/puffs


When I run cryfs using non root user it fails:


$ doas umount "/tmp/plain"
$ doas rm -rf {plain,secret}
$ env PERFUSE_BUFSIZE=$((132 * 1024)) cryfs secret plain
...
Mounting filesystem. To unmount, call:
$ cryfs-unmount "/tmp/plain"

could not open "/var/run/perfused%s.trace": Permission denied


Is there any way to disable the behavior of perfused creating trace
files?

perfused(8) man page mentions SIGUSR1:


> SIGUSR1
>       Toggle FUSE operation dump on and off.  When toggling off, the
>       trace is is stored in /var/run/perfuse-xxx.trace (xxx is the
>       filesystem mount point).


But I don't know how to use it. I found no docs on how to use it in
this scenario.

Btw, the file prefix seems to be "perfused-", not "perfuse-" as man
page says. I guess it might be a typo. "is is" also seems like another.

I found a workaround though. But it's impractical (details below). I
noticed when I tried it with root priv before, it created a file:


$ ls /var/run/perfused*
/var/run/perfused-tmp-plain.trace


So I tried the following and it worked with non root user:


$ doas touch /var/run/perfused-tmp-plain.trace  # just as a step
$ doas chmod g+rw /var/run/perfused-tmp-plain.trace
$ env PERFUSE_BUFSIZE=$((132 * 1024)) cryfs secret plain
...
Mounting filesystem. To unmount, call:
$ cryfs-unmount "/tmp/plain"

$ mount | grep secret
cryfs@/tmp/secret on /tmp/plain type puffs|perfuse|fuse.cryfs (nodev,
nosuid, mounted by user) $ touch plain/test.txt
touch: plain/test.txt: Permission denied
$ doas chown -R $(id -un):$(id -gn) plain
$ touch plain/test.txt
$ echo test > plain/test.txt
$ cat plain/test.txt 
test


This is not exactly a solution. The trace file name changes based on
mount directory path. So I'd have to do this every time I try a new
mount point, which is impractical.

Another solution I'm thinking about is adding group write permission
to /var/run (doas chmod g+rw /var/run ?). But it feels unnecessary,
since I don't need a trace file.

EncFS works fine without creating trace file, so I would want it to
work as well without it.

Is there a solution to this problem?
Can it be disabled from cryfs source code?
Follow-Ups:
- Re: How to disable perfused trace (for cryfs)?
  - From: Martin Husemann
Prev by Date: Re: mupdf cursor down key behavior on NetBSD vs Linux
Next by Date: Re: How to disable perfused trace (for cryfs)?
Previous by Thread: mupdf cursor down key behavior on NetBSD vs Linux
Next by Thread: Re: How to disable perfused trace (for cryfs)?
Indexes:
Home | Main Index | Thread Index | Old Index