Fuse for OSX, Bitcasa, and encfs

This post describes installing encfs in OS X Mountain Lion 10.8.2 for use with Bitcasa (or any other remote file storage device). encfs is a really convenient file encryption tool. It allows you to mount a folder on your computer as a drive. When you move files into this drive, they are saved into the folder in an encrypted format, though within the mounted drive they can be opened normally. When the drive is unmounted, only the encrypted files remain. You can, for example, mount a shared folder (like a DropBox folder) and save files into in an encrypted form. If someone else ever gains access to your DropBox folder, they would still need the encryption key to do anything useful with your files. See e.g. this tutorial for some more specifics on how to work with encfs.

FUSE (Filesystem in user space) is a Unix module that lets programs create their own file systems on top of whatever systems the actual operating system is using. FUSE support in OSX is patchy with a previous project, macfuse, now defunct and several independent successors now being supported, mainly osxfuse and fuse4x.

As of early 2013, brew only supports fuse4x. According to the brew developers, "We would love to switch to OSXFUSE but unfortunately the buildsystem is extremely difficult to work with for producing the kind of installation we need." Bitcasa silently installs osxfuse along with its client (Bitcasa's install does not include osxfuse's prefpane for System Preferences). According to the brew developers, fuse4x and osxfuse use similar/the same names for their libraries, so having both installed can cause problems for programs trying to use one of them, especially since osxfuse installs into /usr/local where brew also puts its packages. It is advisable not to install both.

Both Bitcasa and encfs require fuse support. Since I want to use Bitcasa, I decided not to use fuse4x or the encfs brew formula that depends on it. Instead I did the following.

1. Uninstall the Bitcasa client. I used the uninstall script within Bitcasa.app's package contents, though this ran into trouble when it got to the part that removes osxfuse and macfuse....

2. git clone https://github.com/jollyjinx/encfs.macosx and run install.sh which downloads and runs the osxfuse installer and then installs encfs configured for osxfuse.

3. Open osxfuse's pane in System Preferences and check the version.

4. Reinstall Bitcasa.

5. Check osxfuse's version again. Bitcasa had installed an older version on top of the one just installed, so I updated osxfuse back to the latest version.

After these steps, both Bitcasa and encfs worked for me. Most of the work involved here was done by Patrick Stein in creating the brew formula for encfs that uses osxfuse. If you want to follow the steps above, be sure to read over `install.sh` and `encfsmacosxfuse.rb` and make sure they look okay. I don't know how often the formula will be updated over time to keep it functional. As noted in the encfs.macosx usage notes, encfs drives can be mounted in OS X with, e.g.:

encfs ~/Dropbox/Documents.encfs ~/Dropbox/Documents.secure -- -o volname="Documents"

By default, encfs stores the encryption key for an encrypted folder in the .encfs6.xml file in the folder. If you don't want to keep the key in this folder (e.g. you want to save the encrypted files on a shared drive where you wouldn't want people to have access to the key), you can store the key somewhere else and then run encfs with the ENCFS6_CONGFIG flag like so:

ENCFS6_CONFIG="/Users/username/.keys/.encfs6.xml" encfs ~/Dropbox/Documents.encfs ~/Dropbox/Documents.secure -- -o volname="Documents"

After installing osxfuse, brew doctor will complain about the extra files that were installed into /usr/local. Unfortunately, you just have to learn to live with this. I don't understand why brew doesn't at least support osxfuse as a bottle (meaning that it just runs the binary installer rather than building the files itself), but I am sure there are good reasons. Here is what I get for brew doctor after doing the above steps:

Warning: Unbrewed dylibs were found in /usr/local/lib. If you didn't put them there on purpose they could cause problems when building Homebrew formulae, and may need to be deleted.

Unexpected dylibs:
    /usr/local/lib/libmacfuse_i32.2.dylib
    /usr/local/lib/libmacfuse_i64.2.dylib
    /usr/local/lib/libosxfuse_i32.2.dylib
    /usr/local/lib/libosxfuse_i64.2.dylib
Warning: Unbrewed .la files were found in /usr/local/lib.
If you didn't put them there on purpose they could cause problems when
building Homebrew formulae, and may need to be deleted.

Unexpected .la files:
    /usr/local/lib/libosxfuse_i32.la
    /usr/local/lib/libosxfuse_i64.la
Warning: Unbrewed .pc files were found in /usr/local/lib/pkgconfig.
If you didn't put them there on purpose they could cause problems when
building Homebrew formulae, and may need to be deleted.

Unexpected .pc files:
    /usr/local/lib/pkgconfig/osxfuse.pc