<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><span style="background-color: rgba(255, 255, 255, 0);">But why? That‘s just files in an encrypted container. You don’t need to fork pass for that. Actually you just have to create the zfs set, put geli on top of it, strip pass of its encryption functions and that‘s it. But even on my FreeBSD-machine (and iirc GELI is only available on FBSD; not even the other big BSDs habe it, only those derived from FBSD) I can’t see any advantage over the normal pass except that I don’t need GPG which I have installed anyways for other stuff (like encrypted passphrases used by mutt etc to access accounts). And if someone breaks into my machine the zfs set/GELI is mounted and she can read all my passwords. To prevent that I need to encrypt my files again with GPG. What exactly have I won now?</span><br><br><div id="AppleMailSignature">Niels</div><div><br>On 20. Nov 2017, at 20:27, Daniel Jensen <<a href="mailto:debdrup@gmail.com">debdrup@gmail.com</a>> wrote:<br><br></div><blockquote type="cite"><div><meta http-equiv="Content-Type" content="text/html charset=utf-8">I was thinking that GELI could encrypt a ZFS dataset which contains subdirectories in which each file is stored.<div class=""><br class=""></div><div class="">I’m still in the early days of putting the idea together, since it needs to be a fork, so there’s probably stuff to worked out.</div><div class=""><br class=""></div><div class=""><div><blockquote type="cite" class=""><div class="">On 20 Nov 2017, at 20.22, Niels Kobschaetzki <<a href="mailto:niels@kobschaetzki.net" class="">niels@kobschaetzki.net</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="content-type" content="text/html; charset=utf-8" class=""><div dir="auto" class="">Isn’t GELI a GEOM-class? and those are for GEOMs, how are single files like pass uses them GEOMs? Do you want to create a zfs set for each password and then put GELI on top of that to encrypt it?<br class=""><br class=""><div class="">Niels</div><div class=""><br class="">On 20. Nov 2017, at 19:58, Daniel Jensen <<a href="mailto:debdrup@gmail.com" class="">debdrup@gmail.com</a>> wrote:<br class=""><br class=""></div><blockquote type="cite" class=""><div class=""><meta http-equiv="Content-Type" content="text/html charset=utf-8" class=""><div class="">So it’s probably better to fork pass into zpass or something similar, since it’ll be exclusively for ZFS datasets and can optionally use GELI instead of GPG.</div><div class=""><br class=""></div><div class="">Will give it some thought, but perhaps it wasn’t really a good idea for a feature request after-all.</div><div class=""><br class=""></div>For reference, here are some links that should work:<div class=""><a href="https://man.freebsd.org/geli(8)" class="">https://man.freebsd.org/geli(8)</a></div><div class=""><a href="https://man.freebsd.org/ggatel(8)" class="">https://man.freebsd.org/ggatel(8)</a></div><div class=""><br class=""><div class=""><blockquote type="cite" class=""><div class="">On 20 Nov 2017, at 19.51, Kenny Evitt <<a href="mailto:kenny.evitt@gmail.com" class="">kenny.evitt@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">(Don't forget to 'reply all' to keep the thread on the list.)<div class=""><br class=""></div><div class="">Those links don't work for me. But I was able to get at least a sense of what `geli` and `ggatel` are based on some cursory review of Google search results for those terms. Basically, FreeBSD can encrypt arbitrary filesystems.</div><div class=""><br class=""></div><div class="">I can't think of what support Pass could have that would be relevant to these features. What specifically do you want to do with Pass and these features that you can't currently?</div><div class=""><br class=""></div><div class="">First, being only available on FreeBSD seems pretty limiting. Why would Pass add features only available on one platform?</div><div class=""><br class=""></div><div class="">Second, why would you want to combine those features with Pass? Or are you requesting that Pass be modified to (optionally?) make use of the FreeBSD filesystem encryption features *instead* of using GPG (and any other extensions available)?</div><div class=""><br class=""></div><div class="">I don't speak for the author and maintainer, but I'd guess this would make more sense as a Pass-like or Pass-inspired project.</div><div class=""><br class=""></div><div class="">Pass repos are just directories with GPG-encrypted files. (There's some conventions about what keys should be used to encrypt which files based on *.gpg-id* files in the root directory or sub-directories.) They can also be a Git repo for tracking changes. But besides that they're (perfectly?) independent of any specific filesystem. Would adding support for the FreeBSD GEOM features change that?</div><div class=""><div class="gmail_extra"><br class=""><div class="gmail_quote">On Mon, Nov 20, 2017 at 8:15 AM, Daniel Jensen <span dir="ltr" class=""><<a href="mailto:debdrup@gmail.com" target="_blank" class="">debdrup@gmail.com</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word" class="">Well, it’s a feature that’ll pretty much only work on FreeBSD since it requires GEOM.<div class=""><br class=""></div><div class="">GEOM ELI (<a href="https://man.freebsd.org/geli(8))" target="_blank" class="">https://man.freebsd.org/geli(<wbr class="">8))</a> and GGATEL (<a href="https://man.freebsd.org/ggatel(8))" target="_blank" class="">https://man.freebsd.org/<wbr class="">ggatel(8))</a> can be used to mount a disk image as a directory, which is where pass stores its data structure.</div><div class=""><div class="h5"><div class=""><br class=""></div><div class=""> <br class=""><div class=""><blockquote type="cite" class=""><div class="">On 20 Nov 2017, at 14.09, Kenny Evitt <<a href="mailto:kenny.evitt@gmail.com" target="_blank" class="">kenny.evitt@gmail.com</a>> wrote:</div><br class="m_5398194964745843121Apple-interchange-newline"><div class=""><div class="">I'm using ZFS on some servers, but not with Pass. What kind of features would you want to add to Pass related to ZFS or ZFS datasets?</div><div class=""><br class=""></div><div class="">What's GELI?</div><div class=""><br class=""></div><div class="">Depending on what it is exactly that you want, it could probably be implemented as a Pass extension. I'm pretty skeptical that these features, whatever they are, would be sensibly added to Pass itself.</div><div class=""><br class=""><div class="gmail_quote"><div class="">On Sun, Nov 19, 2017 at 12:22 PM D. Ebdrup <<a href="mailto:debdrup@gmail.com" target="_blank" class="">debdrup@gmail.com</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="">ZFS datasets and GELI are really powerful things and would be a great <br class=""><br class="">addition to password-store, so I’m wondering if it’s possible to <br class=""><br class="">implement this.<br class=""><br class=""><br class=""><br class=""><br class=""><br class="">Alternative, if it’s something I can figure out to do, or find someone <br class=""><br class="">with the skill to add it, is it a feature that would be accepted?</div><br class=""><br class="">______________________________<wbr class="">_________________<br class=""><br class="">Password-Store mailing list<br class=""><br class=""><a href="mailto:Password-Store@lists.zx2c4.com" target="_blank" class="">Password-Store@lists.zx2c4.com</a><br class=""><br class=""><a href="https://lists.zx2c4.com/mailman/listinfo/password-store" rel="noreferrer" target="_blank" class="">https://lists.zx2c4.com/<wbr class="">mailman/listinfo/password-<wbr class="">store</a><br class=""><br class=""></blockquote></div></div>
</div></blockquote></div><br class=""></div></div></div></div></blockquote></div><br class=""></div></div></div>
</div></blockquote></div><br class=""></div></div></blockquote><blockquote type="cite" class=""><div class=""><span class="">_______________________________________________</span><br class=""><span class="">Password-Store mailing list</span><br class=""><span class=""><a href="mailto:Password-Store@lists.zx2c4.com" class="">Password-Store@lists.zx2c4.com</a></span><br class=""><span class=""><a href="https://lists.zx2c4.com/mailman/listinfo/password-store" class="">https://lists.zx2c4.com/mailman/listinfo/password-store</a></span><br class=""></div></blockquote></div></div></blockquote></div><br class=""></div></div></blockquote></body></html>