My unofficial/unsupported CFS 1.4.1 branch for Linux (Update: 15. May 2011)

CFS is an encrypting file system for UNIX-like OSes.

It uses NFS as its interface, and so is reasonably portable.  The original work on CFS dates back to 1992.  Matt Blaze has updated it since then, with version 1.4.1 appearing from around 1997, but CFS is not currently in active development, and Blaze warns at his Web site to consider the code unsupported.  Nevertheless, the CFS solution worked well for many years for my purposes, and it may work for you also.

Today, there is a persistent maintenance problem with CFS.  Most of the CFS packages out there are not supported officially or they are branched out or orphaned as nobody maintains a central repository anymore to merge back all the invididual forks (from distributions) back to a main repository.  From my perspective, all attempts failed (e.g. cfsnfs project on Sourceforge and some others).

However, I share my own modified branch of CFS 1.4.1 for Linux which is an incremental diff and the result of my permanent maintenance of CFS for Linux.  This patch includes numerous back merged modifications which I fetched from various sources (SuSe, Redhat, Debian, scientific books, etc) during the past years.  I was asked to share the code.  Due to license reasons, I not provide here my fully modified CFS archive but you can easily apply my backpatch against original CFS 1.4.1 code by following these instructions but note, that the patch comes without any warranty or support:

1.  Download original CFS 1.4.1 from Matt Blaze's website: wget http://www.crypto.com/software/cfs-1.4.1.tar.gz

2.  Download my CFS 1.4.1 Linux backpatch: wget http://pubwww.fhzh.ch/~mgloor/data/cfs-1.4.1-mgloor_branch.diff.gz

3.  Untar the file: tar xzvf cfs-1.4.1.tar.gz

4.  Move into the extracted CFS source dir: cd cfs-1.4.1

5.  Apply the patch against original CFS 1.4.1: zcat ../cfs-1.4.1-mgloor_branch.diff.gz | patch -p1

Update: May 15, 2011:

CFS 1.4.1 from original author Matt Blaze is broken since Linux kernel 2.6.22:  This was caused by an utimes/utimensat fix which was committed against the NFS system of Linux kernel 2.6.22, since then, CFS doesn't work anymore with recent Linux kernels.

I assume that patching CFS might be a minor issue but I found no time to do it on my own.  There is only one utime reference I found in the CFS code (cfs_fh.c) which might be patched to make CFS working again with the latest Linux kernel generation.  If someone else wanna have a look into it, feel free.  Any feedback appreciated.

Patch for official CFS release 1.4.0beta (7/12/1997) from Matt Blaze

Compiling CFS 1.4.0beta (Cryptographic System) for setting up a secure storage using strong cryptography on a Linux Box can be under some circumstances very painful if you prefer to build your own binaries from scratch.  One way is to use a CFS package from your distribution.  If there is a CFS version of your choice, lucky you!  If not and if you like to know whats happen with your data in future, you'll prefer to build the code manually like I does it.

To bypass a lot of errors, I collected all my CFS bugfixes, workarounds, changes and security patches to one single CFS patch [.gz, 14kb] for Rel.1.4.0beta which is well working for me.  Parts of the diff based on the GNU/Linux bugtracking system, public website informations and USENET postings (newsgroups).

For installing the patch, you have to change to the CFS source tree location and applying the patch by using: zcat cfs-1.4.0beta.linux.patch.gz | patch -p1