2020-03-07 12:33:08 -0500, William Morris <[email protected]> wrote: > `cryptsetup` support for systems without udisks is planned, however > feedback is needed on the naming of the device-mapper entry and the > mount point.
UUID is not a bad idea. I am using the entry name for those, but that is because the device is a parameter to my scripts. It adds some restriction on the entry names (e.g. no subdirectories), but I am fine with that. I am using, and would think (see `man 7 hier`), /media is more appropriate place to mount such devices. > Should sudo be called inside the script to mount system disks? In general I would advice against using sudo in such scripts, but my experience with gpg is that running the pass command itself with sudo does not work properly. Both for security reasons and to avoid these problem I have a separate password-store for the root user that I am using to decrypt my devices. However, even this is not trivial use, because gpg does not work well with logins via `su -i` or `sudo -i`, so I have to login/ssh to the root account directly to use pass. > The issue with the newline on the end of the keyfile is that udisksctl > needs it without a newline, otherwise it ends up with a newline in your > password. Yeah, I am simply using a passwords with the newline. I use this for key files, so I am never entering these 4K files manually anyway. -- johs (Johannes Larsen), (+47) 41435451
