Truecrypt hackery

I don't really like TrueCrypt. But it's the quasi standard to encrypt (external) storage which is to be attached to different operating systems. Yes, its license is kinda fishy; OSI approval has been withdrawn too. But after all, TrueCrypt is available for Windows, MacOS X and GNU/Linux (x86). And lacking the skillz to write my own halfway-portable encryption wrapper myself, I'm stuck with it. That being said, there's still the quest for the optimal filesystem: I'd need a POSIX like filesystem, providing symlinks, honoring ownerships and permissions and perhaps with journaling on top. And I need read and write support.

Let's see:

FAT - not a chance

NTFS - crappy symlink implementation, no (stable) MacOS driver

UFS - it's dead, Jim. Also: no stable write support in the Linux kernel.

ZFS - almost! It's even included in MacOS 10.5, but only as a read-only version. There's a ZFS project on macosforge.org, but it lists MacOS 10.5 as a requirement and I'm still on 10.4 on my PowerBook :-\

HFS+ - well, that's it I guess. Comes with all the features required, write support under Linux is pretty stable, not sure about journaling support under Linux though.

Anyway, the real question was: how do I convince Truecrypt to format my new volume as HFS+, but with journal, case-sensitivity and enabled ownerships?

Here it is:

Create a new volume in TrueCrypt, just choose "none" when it wants to format your volume. Actually, it does not matter, as we're gonna reformat anyway.

Use Truecrypt to "mount" the volume, but before doing that click "Options" in the mount-dialog and check "do not mount" - the wording is kinda sucky, yes.

Now TrueCrypt should have activated your volume, but not mounted. We'll now format (and partition) our activated device:

$ diskutil disk6
/dev/disk6
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:                            disk6                  *931.2 Gi   disk6

$ diskutil partitionDisk disk6 1 GPTFormat "Case-sensitive Journaled HFS+" disk6 100%
Started partitioning on disk disk6 disk6
Creating partition map
Formatting disk6s2 as Mac OS Extended (Case-sensitive, Journaled) with name disk6
[ + 0%..10%..20%..30%..40%..50%..60%..70%..80%..90%..100% ] 
Finished partitioning on disk disk6
/dev/disk6
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *931.2 Gi   disk6
   1:                        EFI                         200.0 Mi   disk6s1
   2:                  Apple_HFS disk6                   930.9 Gi   disk6s2
$ diskutil rename /dev/disk6s2 disk6s2
$ diskutil list disk6
/dev/disk6
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *931.2 Gi   disk6
   1:                        EFI                         200.0 Mi   disk6s1
   2:                  Apple_HFS disk6s2                 930.9 Gi   disk6s2

We can now deactivate the device with TrueCrypt ("unmount") and mount it again - this time for real. We still have to enable the ownership model though:

$ vsdbutil -c /Volumes/disk6s2 
No entry found for '/Volumes/disk6s2'.
$ vsdbutil -a /Volumes/disk6s2
$ vsdbutil -c /Volumes/disk6s2
Permissions on '/Volumes/disk6s2' are enabled.

$ diskutil info disk6s2
[...]
   Device Identifier:        disk6s2
   Device Node:              /dev/disk6s2
   Mount Point:              /Volumes/disk6s2
   File System:              Case-sensitive Journaled HFS+
                             Journal size 81920 KB at offset 0x1d19000
   Owners:                   Enabled
   Partition Type:           Apple_HFS

Now we can really start using it. I still wonder why TrueCrypt (or MacOS X) defaults to case-insensitivity and does not enable the ownership model by itself.