<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">I was thinking that GELI could encrypt a ZFS dataset which contains subdirectories in which each file is stored.<div class=""><br class=""></div><div class="">I’m still in the early days of putting the idea together, since it needs to be a fork, so there’s probably stuff to worked out.</div><div class=""><br class=""></div><div class=""><div><blockquote type="cite" class=""><div class="">On 20 Nov 2017, at 20.22, Niels Kobschaetzki <<a href="mailto:niels@kobschaetzki.net" class="">niels@kobschaetzki.net</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="content-type" content="text/html; charset=utf-8" class=""><div dir="auto" class="">Isn’t GELI a GEOM-class? and those are for GEOMs, how are single files like pass uses them GEOMs? Do you want to create a zfs set for each password and then put GELI on top of that to encrypt it?<br class=""><br class=""><div class="">Niels</div><div class=""><br class="">On 20. Nov 2017, at 19:58, Daniel Jensen <<a href="mailto:debdrup@gmail.com" class="">debdrup@gmail.com</a>> wrote:<br class=""><br class=""></div><blockquote type="cite" class=""><div class=""><meta http-equiv="Content-Type" content="text/html charset=utf-8" class=""><div class="">So it’s probably better to fork pass into zpass or something similar, since it’ll be exclusively for ZFS datasets and can optionally use GELI instead of GPG.</div><div class=""><br class=""></div><div class="">Will give it some thought, but perhaps it wasn’t really a good idea for a feature request after-all.</div><div class=""><br class=""></div>For reference, here are some links that should work:<div class=""><a href="https://man.freebsd.org/geli(8)" class="">https://man.freebsd.org/geli(8)</a></div><div class=""><a href="https://man.freebsd.org/ggatel(8)" class="">https://man.freebsd.org/ggatel(8)</a></div><div class=""><br class=""><div class=""><blockquote type="cite" class=""><div class="">On 20 Nov 2017, at 19.51, Kenny Evitt <<a href="mailto:kenny.evitt@gmail.com" class="">kenny.evitt@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">(Don't forget to 'reply all' to keep the thread on the list.)<div class=""><br class=""></div><div class="">Those links don't work for me. But I was able to get at least a sense of what `geli` and `ggatel` are based on some cursory review of Google search results for those terms. Basically, FreeBSD can encrypt arbitrary filesystems.</div><div class=""><br class=""></div><div class="">I can't think of what support Pass could have that would be relevant to these features. What specifically do you want to do with Pass and these features that you can't currently?</div><div class=""><br class=""></div><div class="">First, being only available on FreeBSD seems pretty limiting. Why would Pass add features only available on one platform?</div><div class=""><br class=""></div><div class="">Second, why would you want to combine those features with Pass? Or are you requesting that Pass be modified to (optionally?) make use of the FreeBSD filesystem encryption features *instead* of using GPG (and any other extensions available)?</div><div class=""><br class=""></div><div class="">I don't speak for the author and maintainer, but I'd guess this would make more sense as a Pass-like or Pass-inspired project.</div><div class=""><br class=""></div><div class="">Pass repos are just directories with GPG-encrypted files. (There's some conventions about what keys should be used to encrypt which files based on *.gpg-id* files in the root directory or sub-directories.) They can also be a Git repo for tracking changes. But besides that they're (perfectly?) independent of any specific filesystem. Would adding support for the FreeBSD GEOM features change that?</div><div class=""><div class="gmail_extra"><br class=""><div class="gmail_quote">On Mon, Nov 20, 2017 at 8:15 AM, Daniel Jensen <span dir="ltr" class=""><<a href="mailto:debdrup@gmail.com" target="_blank" class="">debdrup@gmail.com</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word" class="">Well, it’s a feature that’ll pretty much only work on FreeBSD since it requires GEOM.<div class=""><br class=""></div><div class="">GEOM ELI (<a href="https://man.freebsd.org/geli(8))" target="_blank" class="">https://man.freebsd.org/geli(<wbr class="">8))</a> and GGATEL (<a href="https://man.freebsd.org/ggatel(8))" target="_blank" class="">https://man.freebsd.org/<wbr class="">ggatel(8))</a> can be used to mount a disk image as a directory, which is where pass stores its data structure.</div><div class=""><div class="h5"><div class=""><br class=""></div><div class=""> <br class=""><div class=""><blockquote type="cite" class=""><div class="">On 20 Nov 2017, at 14.09, Kenny Evitt <<a href="mailto:kenny.evitt@gmail.com" target="_blank" class="">kenny.evitt@gmail.com</a>> wrote:</div><br class="m_5398194964745843121Apple-interchange-newline"><div class=""><div class="">I'm using ZFS on some servers, but not with Pass. What kind of features would you want to add to Pass related to ZFS or ZFS datasets?</div><div class=""><br class=""></div><div class="">What's GELI?</div><div class=""><br class=""></div><div class="">Depending on what it is exactly that you want, it could probably be implemented as a Pass extension. I'm pretty skeptical that these features, whatever they are, would be sensibly added to Pass itself.</div><div class=""><br class=""><div class="gmail_quote"><div class="">On Sun, Nov 19, 2017 at 12:22 PM D. Ebdrup <<a href="mailto:debdrup@gmail.com" target="_blank" class="">debdrup@gmail.com</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="">ZFS datasets and GELI are really powerful things and would be a great <br class=""><br class="">addition to password-store, so I’m wondering if it’s possible to <br class=""><br class="">implement this.<br class=""><br class=""><br class=""><br class=""><br class=""><br class="">Alternative, if it’s something I can figure out to do, or find someone <br class=""><br class="">with the skill to add it, is it a feature that would be accepted?</div><br class=""><br class="">______________________________<wbr class="">_________________<br class=""><br class="">Password-Store mailing list<br class=""><br class=""><a href="mailto:Password-Store@lists.zx2c4.com" target="_blank" class="">Password-Store@lists.zx2c4.com</a><br class=""><br class=""><a href="https://lists.zx2c4.com/mailman/listinfo/password-store" rel="noreferrer" target="_blank" class="">https://lists.zx2c4.com/<wbr class="">mailman/listinfo/password-<wbr class="">store</a><br class=""><br class=""></blockquote></div></div>
</div></blockquote></div><br class=""></div></div></div></div></blockquote></div><br class=""></div></div></div>
</div></blockquote></div><br class=""></div></div></blockquote><blockquote type="cite" class=""><div class=""><span class="">_______________________________________________</span><br class=""><span class="">Password-Store mailing list</span><br class=""><span class=""><a href="mailto:Password-Store@lists.zx2c4.com" class="">Password-Store@lists.zx2c4.com</a></span><br class=""><span class=""><a href="https://lists.zx2c4.com/mailman/listinfo/password-store" class="">https://lists.zx2c4.com/mailman/listinfo/password-store</a></span><br class=""></div></blockquote></div></div></blockquote></div><br class=""></div></body></html>