Feature request: Enable use of ZFS datasets and optionally GELI

Niels Kobschaetzki niels at kobschaetzki.net
Mon Nov 20 20:22:52 CET 2017 

Isn’t GELI a GEOM-class? and those are for GEOMs, how are single files like pass uses them GEOMs? Do you want to create a zfs set for each password and then put GELI on top of that to encrypt it?

Niels

> On 20. Nov 2017, at 19:58, Daniel Jensen <debdrup at gmail.com> wrote:
> 
> So it’s probably better to fork pass into zpass or something similar, since it’ll be exclusively for ZFS datasets and can optionally use GELI instead of GPG.
> 
> Will give it some thought, but perhaps it wasn’t really a good idea for a feature request after-all.
> 
> For reference, here are some links that should work:
> https://man.freebsd.org/geli(8)
> https://man.freebsd.org/ggatel(8)
> 
>> On 20 Nov 2017, at 19.51, Kenny Evitt <kenny.evitt at gmail.com> wrote:
>> 
>> (Don't forget to 'reply all' to keep the thread on the list.)
>> 
>> Those links don't work for me. But I was able to get at least a sense of what `geli` and `ggatel` are based on some cursory review of Google search results for those terms. Basically, FreeBSD can encrypt arbitrary filesystems.
>> 
>> I can't think of what support Pass could have that would be relevant to these features. What specifically do you want to do with Pass and these features that you can't currently?
>> 
>> First, being only available on FreeBSD seems pretty limiting. Why would Pass add features only available on one platform?
>> 
>> Second, why would you want to combine those features with Pass? Or are you requesting that Pass be modified to (optionally?) make use of the FreeBSD filesystem encryption features *instead* of using GPG (and any other extensions available)?
>> 
>> I don't speak for the author and maintainer, but I'd guess this would make more sense as a Pass-like or Pass-inspired project.
>> 
>> Pass repos are just directories with GPG-encrypted files. (There's some conventions about what keys should be used to encrypt which files based on *.gpg-id* files in the root directory or sub-directories.) They can also be a Git repo for tracking changes. But besides that they're (perfectly?) independent of any specific filesystem. Would adding support for the FreeBSD GEOM features change that?
>> 
>>> On Mon, Nov 20, 2017 at 8:15 AM, Daniel Jensen <debdrup at gmail.com> wrote:
>>> Well, it’s a feature that’ll pretty much only work on FreeBSD since it requires GEOM.
>>> 
>>> GEOM ELI (https://man.freebsd.org/geli(8)) and GGATEL (https://man.freebsd.org/ggatel(8)) can be used to mount a disk image as a directory, which is where pass stores its data structure.
>>> 
>>>  
>>>> On 20 Nov 2017, at 14.09, Kenny Evitt <kenny.evitt at gmail.com> wrote:
>>>> 
>>>> I'm using ZFS on some servers, but not with Pass. What kind of features would you want to add to Pass related to ZFS or ZFS datasets?
>>>> 
>>>> What's GELI?
>>>> 
>>>> Depending on what it is exactly that you want, it could probably be implemented as a Pass extension. I'm pretty skeptical that these features, whatever they are, would be sensibly added to Pass itself.
>>>> 
>>>>> On Sun, Nov 19, 2017 at 12:22 PM D. Ebdrup <debdrup at gmail.com> wrote:
>>>>> ZFS datasets and GELI are really powerful things and would be a great 
>>>>> 
>>>>> addition to password-store, so I’m wondering if it’s possible to 
>>>>> 
>>>>> implement this.
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> Alternative, if it’s something I can figure out to do, or find someone 
>>>>> 
>>>>> with the skill to add it, is it a feature that would be accepted?
>>>>> 
>>>>> 
>>>>> _______________________________________________
>>>>> 
>>>>> Password-Store mailing list
>>>>> 
>>>>> Password-Store at lists.zx2c4.com
>>>>> 
>>>>> https://lists.zx2c4.com/mailman/listinfo/password-store
>>>>> 
>>> 
>> 
> 
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/password-store
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20171120/4c523ad4/attachment.html>

More information about the Password-Store mailing list