Fixing MacFUSE for the Latest OS X Kernel
I recently joined Urban Insight and have been learning lots of great workflow tips. One of these as Justin pointed out in his recent blog post, is using Truecrypt and Dropbox for storing passwords; a really cool idea. One gets both the security of strong encryption and the backup redundancy of the cloud. I was happily using that system when a new Macbook Pro arrived on my desk. I transferred my files over to the new computer and started up Truecrypt to get a password.
Ack! I got an error message.
/library/Filesystems/fusefs.fs/Support/fusefs.kext failed to load - (libkern/kext) link error; check the system/kernel logs for errors or try kextutil(8).
Searching with the error on Google led me to discover that the problem wasn't with Truecrypt but with MacFUSE, an underlying piece on which Truecrypt depends.
It turns out that the new computer boots using a fully 64 bit kernel by default whereas the old one was booting a 32/64 bit hybrid version. A fully 64 bit kernel may not be of much advantage except for very specialized applications or using more than 32 Gigabytes of RAM but since this is what Apple is installing now and changing that requires editing NVRAM, I wanted to find a solution that let the installed software stay as original as possible. Before we get to the solution, let's look at what's going on when using Truecrypt.
What do Truecrypt and MacFUSE actually do?
Truecrypt encrypts and decrypts a filesystem on the fly. When you save something to a Truecrypt volume, it is encrypted on it's way from RAM to disk or whatever storage device is being used. When you read something from storage, it's decrypted on the fly before it gets to RAM. What you see is the unencrypted data but the storage device always sees only the encrypted data.
MacFUSE is an OS X implementation of FUSE, Filesystem in USEr space. It allows an alternate filesystem to reside in user space, allowing these filesystems to be used without kernel modules or extensions and by non-priveleged users. One use of this capability is to allow mounting of NTFS volumes in OS X. Tuxera sells a product, NTFS for Mac, that does just this thing. We'll come back to Tuxera as they are critical to the Truecrypt on Snow Leopard 64 bit solution.
For storage, Truecrypt can use a real disk partition, removable storage like a USB stick or a disk image for storage. On the Mac, the disk image option is really nice. It can be saved and copied just like a regular file but when mounted with Truecrypt, it acts just like a disk partition.
This 'encrypted' filesystem is where MacFUSE comes in. The Truecrypt volume is mounted using MacFUSE. MacFUSE has been working on 32 bit kernels since 2008 but when Apple starting shipping 64 bit default kernels, the problem showed up. The problem showed up in the NTFS for Mac product too and Tuxera, in September 2010, provided a fix which included a version of MacFUSE that works with the 64 bit kernel.
A new 'fixed' MacFUSE is needed. Fortunately, when Tuxera fixed if for their NTFS for Mac product they graciously made the source code available. http://www.tuxera.com/mac/macfuse-rebel-2.1.9-src.tar.bz2
An easy way to compile that source is to use Apple's Xcode. I was able to install it from the OS X Install DVD that came with the new computer but you can also buy it from the Mac OS App Store or if you join the Apple Developer Connection, you can download it. It's a very large download. Once Xcode is installed, download the source and expand it.
Using a terminal:
cd ~/Downloads/macfuse-rebel-2.1.9/core ./macfuse_buildtool.sh -t smalldist
The following message will appear:
MacFUSEBuildTool(smalldist) needs the Administrator password to chown '/tmp/macfuse-core-10.5-2.1.9/pkgroot//*':
Enter your administrator password.
If all goes well, you'll get this message:
MacFUSEBuildTool(smalldist) : succeeded, results in '/tmp/macfuse-core-10.5-2.1.9'.
Using the Finder's Go -> Go to Folder command, go to /tmp. In the /tmp/macfuse-core-10.5-2.1.9 folder is the pkg installer for MacFUSE that you just created. Run that pkg installer and then test out Truecrypt. You should now have Truecrypt running on your 64 bit kernel.
Next, I want to find an easy way to add missing commands like wget to OS X.