Extension: pass-mount 0.1.0 released
Johannes Larsen
mail at johslarsen.net
Sat Mar 7 19:32:23 CET 2020
2020-03-07 12:33:08 -0500, William Morris <me at williammorris.com> wrote:
> `cryptsetup` support for systems without udisks is planned, however
> feedback is needed on the naming of the device-mapper entry and the
> mount point.
UUID is not a bad idea. I am using the entry name for those, but that is
because the device is a parameter to my scripts. It adds some
restriction on the entry names (e.g. no subdirectories), but I am fine
with that. I am using, and would think (see `man 7 hier`), /media is
more appropriate place to mount such devices.
> Should sudo be called inside the script to mount system disks?
In general I would advice against using sudo in such scripts, but my
experience with gpg is that running the pass command itself with sudo
does not work properly. Both for security reasons and to avoid these
problem I have a separate password-store for the root user that I am
using to decrypt my devices. However, even this is not trivial use,
because gpg does not work well with logins via `su -i` or `sudo -i`, so
I have to login/ssh to the root account directly to use pass.
> The issue with the newline on the end of the keyfile is that udisksctl
> needs it without a newline, otherwise it ends up with a newline in your
> password.
Yeah, I am simply using a passwords with the newline. I use this for
key files, so I am never entering these 4K files manually anyway.
--
johs (Johannes Larsen), (+47) 41435451
More information about the Password-Store
mailing list