[pass] pass and par2

Sat Sep 6 18:40:58 CEST 2014

Having lost an encrypted volume to what was probably bitrot, 
(and the corruption had spread to the backups... :-( )
I add "parchive" files to all encrypted content on my computer until 
such time that I can safely migrate to btrfs on linux.

I have added this to the pass script.

Yes, it is probably over the top, but I am taking no risks with
important information... Again...

See attachment for the patch.

par2: https://github.com/BlackIkeEagle/par2cmdline (a fork of the original
par2cmdline on sourceforge)


P.S. pass works very well in combination with the cryptostick
http://www.crypto-stick.com, and oh.. for interesting ways of combining
linux crypto and scripting see https://www.dyne.org/software/tomb


-- 
Met vriendelijke groet,

Henk Jan Enneman
enneman at enneman.demon.nl


Food for thought is no substitute for the real thing.
		-- Walt Kelly, "Putluck Pogo"
-------------- next part --------------

--- /home/enneman/Projects/password-store/src/password-store.sh
+++ /home/enneman/pass
@@ -5,7 +5,7 @@
 
 umask "${PASSWORD_STORE_UMASK:-077}"
 set -o pipefail
-
+PAR2=$(which par2)
 GPG_OPTS=( "--quiet" "--yes" "--compress-algo=none" )
 GPG="gpg"
 which gpg2 &>/dev/null && GPG="gpg2"
@@ -332,7 +332,7 @@
 		else
 			echo "${path%\/}"
 		fi
-		tree -C -l --noreport "$PREFIX/$path" | tail -n +2 | sed 's/\.gpg$//'
+		tree -C -l --noreport "$PREFIX/$path" | tail -n +2 | sed 's/\.gpg$//'| grep -v par2
 	elif [[ -z $path ]]; then
 		die "Error: password store is empty. Try \"pass init\"."
 	else
@@ -408,6 +408,9 @@
 		read -r -p "Enter password for $path: " -e password
 		$GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" <<<"$password"
 	fi
+
+	[[ -n $PAR2 ]] && ($PAR2 c $PREFIX/$path $passfile || (echo "par2 creation failed!";exit))
+
 	git_add_file "$passfile" "Add given password for $path to store."
 }
 
@@ -419,10 +422,12 @@
 	mkdir -p -v "$PREFIX/$(dirname "$path")"
 	set_gpg_recipients "$(dirname "$path")"
 	local passfile="$PREFIX/$path.gpg"
+	local template="$PROGRAM.XXXXXXXXXXXXX"
 
 	tmpdir #Defines $SECURE_TMPDIR
 	local tmp_file="$(mktemp -u "$SECURE_TMPDIR/XXXXX")-${path//\//-}.txt"
 
+	[[ -n $PAR2 ]] && ($($PAR2 v $PREFIX/$path $passfile) || (echo "par2 verification failed!"; exit 1))
 
 	local action="Add"
 	if [[ -f $passfile ]]; then
@@ -434,6 +439,7 @@
 	while ! $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" "$tmp_file"; do
 		yesno "GPG encryption failed. Would you like to try again?"
 	done
+	[[ -n $PAR2 ]] && ($PAR2 c $PREFIX/$path $passfile || (echo "par2 creation failed!"; exit 1))
 	git_add_file "$passfile" "$action password for $path using ${EDITOR:-vi}."
 }
 
@@ -562,6 +568,7 @@
 
 cmd_git() {
 	if [[ $1 == "init" ]]; then
+		echo "*.par2" > "$PREFIX/.gitignore"
 		git "$@" || exit 1
 		git_add_file "$PREFIX" "Add current contents of password store."
 
