OpenZFS on OS X

[FadingIntoBlue]

OK, posted OpenZFSonOsX-2.0.0-Big.Sur-11.0.pkg with kstat fix, so we can try:

Happy to, where did you post it?

[lundman]

viewtopic.php?f=20&t=3533

I pasted the expected version string too, since this whole version fiasco is getting confusing

[FadingIntoBlue]

Duh, I'm getting a bit dopey as the afternoon proceeds - on to it.

[FadingIntoBlue]

Here's what I've done, still errors at the end.

Code: Select all

 % sudo sysctl kstat.zfs.darwin.tunable.icp_aes_impl=generic
Password:
kstat.zfs.darwin.tunable.icp_aes_impl: cycle [fastest] generic x86_64  -> cycle fastest [generic] x86_64
% sudo zpool import P2021-01H                           
zpool_open_func: zpool_read_label returned error -1 (errno: 0 name: /private/var/run/disk/by-id/media-AEC856CD-3548-0545-AB19-FE564F8FE2B0)
 % zpool status                                             
  pool: P2021-01H
 state: ONLINE
status: One or more devices has experienced an error resulting in data
   corruption.  Applications may be affected.
action: Restore the file in question if possible.  Otherwise restore the
   entire pool from backup.
   see: https://openzfs.github.io/openzfs-docs/msg/ZFS-8000-8A
config:

   NAME                                          STATE     READ WRITE CKSUM
   P2021-01H                                     ONLINE       0     0     0
     media-14117272-6A32-7F43-954E-81112CDCE122  ONLINE       0     0     0
errors: List of errors unavailable: permission denied

errors: 2 data errors, use '-v' for a list
 % sudo zfs mount -l P2021-01H                             
Enter passphrase for 'P2021-01H':
cannot mount 'P2021-01H': Unknown error: -1

Version #s for what they are worth:

Code: Select all

% zfs version
zfs-2.0.0-rc2
zfs-kmod-zfs-2.0.0-rc1-442-g816946801e

Do you want me to run sysctl kstat.zfs.misc.dbgmsg.dbgmsg again?

[lundman]

No ok, so your encryption=on or aes right, not gcm?

Guess that hunch didn't pan out

[FadingIntoBlue]

No ok, so your encryption=on or aes right, not gcm?

Indeed!

Code: Select all

P2021-01H          encryption             aes-256-ccm 

[lundman]

Would it be possible for someone to make a small pool that has this issue?

Like

mkfile -n 1g filepool.img
zpool create testpool filepool.img
# cmds to make it be an issue

and send it to me?

[FadingIntoBlue]

Would it be possible for someone to make a small pool that has this issue?

Done. Passphrase is testpool

filepool.img.zip

zip of image file demonstrating encryption mount issue with ZFS 2.0.0

(5.79 MiB) Downloaded 208 times

Permissions are promiscuous 777, but when tested as below just 700

Commands: Build under 1.9.4

Code: Select all

% sudo mkfile -n 1g filepool.img
% sudo zpool create -o ashift=12 -O casesensitivity=insensitive  -O normalization=formD -O checksum=edonr -O compression=lz4 -O atime=off -O encryption=on  -O keylocation=prompt -O keyformat=passphrase testpool /Users/hmedia/filepool.img

Properties:

Code: Select all

% zfs get all testpool     
testpool  encryption             aes-256-ccm            -
testpool  keylocation            prompt                 local
testpool  keyformat              passphrase             -

Create child filesystem :

Code: Select all

% sudo zfs create -o normalization=formD -o com.apple.mimic_hfs=on -o com.apple.ignoreowner=on testpool/safe

Check status and mount:

Code: Select all

% zpool status
   NAME                                            STATE     READ WRITE CKSUM
  pool: testpool
 state: ONLINE
  scan: none requested
config:

   NAME                          STATE     READ WRITE CKSUM
   testpool                      ONLINE       0     0     0
     /Users/hmedia/filepool.img  ONLINE       0     0     0

errors: No known data errors
% zfs list
NAME                       USED  AVAIL  REFER  MOUNTPOINT
testpool                  2.35M   830M  1.01M  /Volumes/testpool
testpool/safe              992K   830M   992K  /Volumes/testpool/safe
% df
Filesystem                512-blocks        Used   Available Capacity    iused       ifree %iused  Mounted on
testpool                     1700944        2064     1698880     1%         85     1698880    0%   /Volumes/testpool
testpool/safe                1700864        1984     1698880     1%         84     1698880    0%   /Volumes/testpool/safe
 

Attempt to mount under 2.0.0

Code: Select all

% sudo zpool import -d /Users/henryh/Downloads/filepool.img -f testpool
% sudo zpool status -v
  pool: testpool
 state: ONLINE
status: Some supported and requested features are not enabled on the pool.
   The pool can still be used, but some features are unavailable.
action: Enable all features using 'zpool upgrade'. Once this is done,
   the pool may no longer be accessible by software that does not support
   the features. See zpool-features(5) for details.
config:

   NAME                                    STATE     READ WRITE CKSUM
   testpool                                ONLINE       0     0     0
     /Users/henryh/Downloads/filepool.img  ONLINE       0     0     0

errors: No known data errors

% sudo zfs mount testpool
cannot mount 'testpool': encryption key not loaded
% sudo zfs mount -l testpool
Enter passphrase for 'testpool':
cannot mount 'testpool': Unknown error: -1
% sudo zpool status -v     
  pool: testpool
 state: ONLINE
status: One or more devices has experienced an error resulting in data
   corruption.  Applications may be affected.
action: Restore the file in question if possible.  Otherwise restore the
   entire pool from backup.
   see: https://openzfs.github.io/openzfs-docs/msg/ZFS-8000-8A
config:

   NAME                                    STATE     READ WRITE CKSUM
   testpool                                ONLINE       0     0     0
     /Users/henryh/Downloads/filepool.img  ONLINE       0     0     0

errors: Permanent errors have been detected in the following files:

        testpool:<0x0>

Which duplicates the process and result with the pool I am unable to mount, including the same errors

[lundman]

Awesome thank you. However, is the key "testpool"?

echo "testpool" | zfs mount -l testpool/encrypted
Key load error: Incorrect key provided for 'testpool/encrypted'.

Or is this part of the issue?

[FadingIntoBlue]

However, is the key "testpool"?

Yes, the key is "testpool"

The encrypted filesytems are as follows: the pool filesystem, which is encrypted ie testpool, and the child filesystem, which inherits the encryption, ie testpool/safe

there is no filesystem testpool/encrypted [or at least I didn't create one]

I can mount an unencrypted pool filesystem, and then get an error trying to mount an encrypted child filesystem, where the encryption was at creation, rather than inherited.

Hope that helps, sorry I wasn't very clear about what exactly is encrypted.