ChangeNotify was unable to decrypt

sweh · April 14, 2019, 2:36pm

Version:

rclone v1.46
- os/arch: linux/amd64
- go version: go1.11.5

Config entry:

[backups]
type = crypt
remote = Amazon:Backups
filename_encryption = off
password = imnotsaying
password2 =

Mounted:

rclone mount backups: /mnt

So far so good.

Now in another window I try to do a compare between my local files and the Amazon encrypted files. eg diff -r /BACKUPS /mnt

And I start to see errors from the mount process:

2019/04/14 10:25:40 NOTICE: Encrypted drive 'backups:': ChangeNotify was unable to decrypt "hass": not an encrypted file - no ".bin" suffix
2019/04/14 10:25:40 NOTICE: Encrypted drive 'backups:': ChangeNotify was unable to decrypt "plexserver": not an encrypted file - no ".bin" suffix
2019/04/14 10:25:40 NOTICE: Encrypted drive 'backups:': ChangeNotify was unable to decrypt "monitor": not an encrypted file - no ".bin" suffix

The names mentioned in the errors are directories, not files.

Animosity022 · April 15, 2019, 3:59am

Can you rclone ls -vv and grab some debug on the problematic directories? Are they Amazon S3 buckets or just local disk?

ncw · April 15, 2019, 3:57pm

What remote is Amazon:Backups ? Presumably one which support ChangeNotify, eg Google drive?

I would guess there is some non encrypted stuff on Amazon:Backups?

sweh · April 15, 2019, 4:48pm

It’s Amazon Cloud Drive using “unofficial” credentials.

sweh · April 15, 2019, 4:59pm

Looking at the -vv logs doesn’t show anything. I can see it read-chunking nicely some files and then, in the middle of nowhere, these ChangeNotify errors…

2019/04/15 12:51:56 DEBUG : &{alexa/20180121.root.0.gz_aa (r)}: Read: len=131072, offset=690864128
2019/04/15 12:51:56 DEBUG : &{alexa/20180121.root.0.gz_aa (r)}: >Read: read=131072, err=<nil>
2019/04/15 12:51:56 DEBUG : &{alexa/20180121.root.0.gz_aa (r)}: Read: len=131072, offset=690995200
2019/04/15 12:51:56 NOTICE: Encrypted drive 'backups:': ChangeNotify was unable to decrypt "hass": not an encrypted file - no ".bin" suffix
2019/04/15 12:51:56 NOTICE: Encrypted drive 'backups:': ChangeNotify was unable to decrypt "plexserver": not an encrypted file - no ".bin" suffix
....
2019/04/15 12:51:56 DEBUG : &{alexa/20180121.root.0.gz_aa (r)}: >Read: read=131072, err=<nil>
2019/04/15 12:51:56 DEBUG : &{alexa/20180121.root.0.gz_aa (r)}: Read: len=131072, offset=691126272
2019/04/15 12:51:56 DEBUG : &{alexa/20180121.root.0.gz_aa (r)}: >Read: read=131072, err=<nil>

That’s the only line where “hass” shows

grep -w hass /tmp/acd
2019/04/15 12:51:56 NOTICE: Encrypted drive 'backups:': ChangeNotify was unable to decrypt "hass": not an encrypted file - no ".bin" suffix

ncw · April 15, 2019, 8:20pm

And you definitely dont have a file or directory called “hass”?

sweh · April 15, 2019, 9:53pm

I definitely do have a directory called “hass” (“Home Assistant”).

The diff -r didn’t get to that directory until 1.5 hours later…

2019/04/15 12:51:56 NOTICE: Encrypted drive 'backups:': ChangeNotify was unable to decrypt "hass": not an encrypted file - no ".bin" suffix
2019/04/15 14:16:51 DEBUG : /: Lookup: name="hass"
2019/04/15 14:16:51 DEBUG : /: >Lookup: node=hass/, err=<nil>
2019/04/15 14:16:51 DEBUG : hass/: Attr: 
2019/04/15 14:16:51 DEBUG : hass/: >Attr: attr=valid=1s ino=0 size=0 mode=drwxr-xr-x, err=<nil>
2019/04/15 14:16:51 DEBUG : hass/: ReadDirAll: 
2019/04/15 14:16:51 DEBUG : hass/: >ReadDirAll: item=78, err=<nil>
2019/04/15 14:16:51 DEBUG : hass/: Lookup: name="20190321._boot.0.gz_aa"

The code seems to be working; it’s just these odd NOTICE messages! (There’s 1Tb of data, so the diff is still running :-))

ncw · April 16, 2019, 7:29am

It seems to be confused as to whether “hass” is a file or a directory so that might be a problem with the ACD change notify code confusing files and directories, perhaps specifically in the filename_encryption = off mode…

Looking at the code this seems to be the problem

In the crypt backend

			wrappedNotifyFunc := func(path string, entryType fs.EntryType) {
				decrypted, err := f.DecryptFileName(path)
				if err != nil {
					fs.Logf(f, "ChangeNotify was unable to decrypt %q: %s", path, err)
					return
				}
				notifyFunc(decrypted, entryType)
			}
			doChangeNotify(wrappedNotifyFunc, pollInterval)

chhangenotify is ignoring the entrytype which will make a difference for filename_encryption = off. It should be calling DecryptDirName for directories.

That shouldn’t be too hard to fix… Fancy having a go or making a new issue on github?

sweh · May 11, 2019, 10:22pm

Sorry for the late followup; issue opened at https://github.com/ncw/rclone/issues/3187

system · August 9, 2019, 10:22pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.