On 11/11/21 14:16, Oswald Buddenhagen wrote:
On Thu, Nov 11, 2021 at 01:47:41PM +0200, Vasi Vilvoiu wrote:
On 11/11/21 13:20, Simão Afonso wrote:
What's wrong with:
#!/bin/sh
# mbsync-encrypted
decrypt command <~/.config/mbsyncrc.encrypted
>"$XDG_RUNTIME_DIR/mbsyncrc"
mbsync -c "$XDG_RUNTIM
On 2021-11-11 13:47:41, Vasi Vilvoiu wrote:
> AFAIK, tmpfs can reach swap under some circumstances, which is a no-no. I'd
> personally still see this ideally implemented in the tool as there would be
> less stuff between the encrypted and decrypted data (gpg -> pipe -> memory
> versus gpg -> tmpfs
a`
> requires 5 touches that are spread across the sync process.
You can configure the gpg-agent to cache the credentials, no?
https://wiki.archlinux.org/title/GnuPG#gpg-agent
> I was thinking of implementing support for encrypted configuration files,
> which would then only require the touch
On Thu, Nov 11, 2021 at 01:47:41PM +0200, Vasi Vilvoiu wrote:
On 11/11/21 13:20, Simão Afonso wrote:
What's wrong with:
#!/bin/sh
# mbsync-encrypted
decrypt command <~/.config/mbsyncrc.encrypted >"$XDG_RUNTIME_DIR/mbsyncrc"
mbsync -c "$XDG_RUNTIME_DIR/mbsyncrc" "$@"
rval=$?
rm "$XDG_RUNTIME_DI
On 2021-11-11 14:04:23, Vasi Vilvoiu wrote:
> Oh, that's great! Did not know it supported stdin for -c.
>
> That should be pretty much enough for my use case. Thanks!
This was untested when I wrote it, but now I double checked and it seems
to work on my complex config that has PassCmd and the lik
On 11/11/21 13:59, Simão Afonso wrote:
On 2021-11-11 13:47:41, Vasi Vilvoiu wrote:
AFAIK, tmpfs can reach swap under some circumstances, which is a no-no. I'd
personally still see this ideally implemented in the tool as there would be
less stuff between the encrypted and decrypted data (gpg -> p
, `mbsync -a`
requires 5 touches that are spread across the sync process.
You can configure the gpg-agent to cache the credentials, no?
https://wiki.archlinux.org/title/GnuPG#gpg-agent
That somewhat goes against my security practices.
I was thinking of implementing support for encrypted
thinking of implementing support for encrypted configuration
files, which would then only require the touch only once (when calling
the tool), but I'm not sure what the best approach would be. I'm
thinking something of the lines of an 'IncludeCmd' configuration option
that wou
