subject:"Re\: Feature request\: Enable use of ZFS datasets and optionally GELI"

Re: Feature request: Enable use of ZFS datasets and optionally GELI

2017-11-20 Thread Jason A. Donenfeld

If you want to put your gpg files inside an encrypted container, I
think somebody wrote a plugin called "pass-tomb":

https://github.com/roddhjav/pass-tomb

I don't know if it's good or if it works or if you should spend time
on it, but there it is. I CCd the maintainer in case he's interested
in jumping in.

Alternatively, you can put your files inside of a ctmg, a little tool
I wrote for generic LUKS containers:

https://git.zx2c4.com/ctmg/about/

I don't use this for pass, but I use it for other things, and it seems
to work well for what it's designed to do.

If you want to use ZFS and GELI and whatever else, you can probably
script this, following either or none of the above as an example. The
beauty of pass being just boring gpg files in a directory is that you
can do whatever you want with them in the most unremarkable way.
___
Password-Store mailing list
Password-Store@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/password-store

Re: Feature request: Enable use of ZFS datasets and optionally GELI

2017-11-20 Thread Niels Kobschaetzki

But why? That‘s just files in an encrypted container. You don’t need to fork 
pass for that. Actually you just have to create the zfs set, put geli on top of 
it, strip pass of its encryption functions and that‘s it. But even on my 
FreeBSD-machine (and iirc GELI is only available on FBSD; not even the other 
big BSDs habe it, only those derived from FBSD) I can’t see any advantage over 
the normal pass except that I don’t need GPG which I have installed anyways for 
other stuff (like encrypted passphrases used by mutt etc to access accounts). 
And if someone breaks into my machine the zfs set/GELI is mounted and she can 
read all my passwords. To prevent that I need to encrypt my files again with 
GPG. What exactly have I won now?

Niels

> On 20. Nov 2017, at 20:27, Daniel Jensen  wrote:
> 
> I was thinking that GELI could encrypt a ZFS dataset which contains 
> subdirectories in which each file is stored.
> 
> I’m still in the early days of putting the idea together, since it needs to 
> be a fork, so there’s probably stuff to worked out.
> 
>> On 20 Nov 2017, at 20.22, Niels Kobschaetzki  wrote:
>> 
>> Isn’t GELI a GEOM-class? and those are for GEOMs, how are single files like 
>> pass uses them GEOMs? Do you want to create a zfs set for each password and 
>> then put GELI on top of that to encrypt it?
>> 
>> Niels
>> 
>>> On 20. Nov 2017, at 19:58, Daniel Jensen  wrote:
>>> 
>>> So it’s probably better to fork pass into zpass or something similar, since 
>>> it’ll be exclusively for ZFS datasets and can optionally use GELI instead 
>>> of GPG.
>>> 
>>> Will give it some thought, but perhaps it wasn’t really a good idea for a 
>>> feature request after-all.
>>> 
>>> For reference, here are some links that should work:
>>> https://man.freebsd.org/geli(8)
>>> https://man.freebsd.org/ggatel(8)
>>> 
 On 20 Nov 2017, at 19.51, Kenny Evitt  wrote:

 (Don't forget to 'reply all' to keep the thread on the list.)

 Those links don't work for me. But I was able to get at least a sense of 
 what `geli` and `ggatel` are based on some cursory review of Google search 
 results for those terms. Basically, FreeBSD can encrypt arbitrary 
 filesystems.

 I can't think of what support Pass could have that would be relevant to 
 these features. What specifically do you want to do with Pass and these 
 features that you can't currently?

 First, being only available on FreeBSD seems pretty limiting. Why would 
 Pass add features only available on one platform?

 Second, why would you want to combine those features with Pass? Or are you 
 requesting that Pass be modified to (optionally?) make use of the FreeBSD 
 filesystem encryption features *instead* of using GPG (and any other 
 extensions available)?

 I don't speak for the author and maintainer, but I'd guess this would make 
 more sense as a Pass-like or Pass-inspired project.

 Pass repos are just directories with GPG-encrypted files. (There's some 
 conventions about what keys should be used to encrypt which files based on 
 *.gpg-id* files in the root directory or sub-directories.) They can also 
 be a Git repo for tracking changes. But besides that they're (perfectly?) 
 independent of any specific filesystem. Would adding support for the 
 FreeBSD GEOM features change that?

> On Mon, Nov 20, 2017 at 8:15 AM, Daniel Jensen  wrote:
> Well, it’s a feature that’ll pretty much only work on FreeBSD since it 
> requires GEOM.
> 
> GEOM ELI (https://man.freebsd.org/geli(8)) and GGATEL 
> (https://man.freebsd.org/ggatel(8)) can be used to mount a disk image as 
> a directory, which is where pass stores its data structure.
> 
>  
>> On 20 Nov 2017, at 14.09, Kenny Evitt  wrote:
>> 
>> I'm using ZFS on some servers, but not with Pass. What kind of features 
>> would you want to add to Pass related to ZFS or ZFS datasets?
>> 
>> What's GELI?
>> 
>> Depending on what it is exactly that you want, it could probably be 
>> implemented as a Pass extension. I'm pretty skeptical that these 
>> features, whatever they are, would be sensibly added to Pass itself.
>> 
>>> On Sun, Nov 19, 2017 at 12:22 PM D. Ebdrup  wrote:
>>> ZFS datasets and GELI are really powerful things and would be a great 
>>> 
>>> addition to password-store, so I’m wondering if it’s possible to 
>>> 
>>> implement this.
>>> 
>>> 
>>> 
>>> 
>>> 
>>> Alternative, if it’s something I can figure out to do, or find someone 
>>> 
>>> with the skill to add it, is it a feature that would be accepted?
>>> 
>>> 
>>> ___
>>> 
>>> Password-Store

Re: Feature request: Enable use of ZFS datasets and optionally GELI

2017-11-20 Thread Daniel Jensen

I was thinking that GELI could encrypt a ZFS dataset which contains 
subdirectories in which each file is stored.

I’m still in the early days of putting the idea together, since it needs to be 
a fork, so there’s probably stuff to worked out.

> On 20 Nov 2017, at 20.22, Niels Kobschaetzki  wrote:
> 
> Isn’t GELI a GEOM-class? and those are for GEOMs, how are single files like 
> pass uses them GEOMs? Do you want to create a zfs set for each password and 
> then put GELI on top of that to encrypt it?
> 
> Niels
> 
> On 20. Nov 2017, at 19:58, Daniel Jensen  > wrote:
> 
>> So it’s probably better to fork pass into zpass or something similar, since 
>> it’ll be exclusively for ZFS datasets and can optionally use GELI instead of 
>> GPG.
>> 
>> Will give it some thought, but perhaps it wasn’t really a good idea for a 
>> feature request after-all.
>> 
>> For reference, here are some links that should work:
>> https://man.freebsd.org/geli(8) 
>> https://man.freebsd.org/ggatel(8) 
>> 
>>> On 20 Nov 2017, at 19.51, Kenny Evitt >> > wrote:
>>> 
>>> (Don't forget to 'reply all' to keep the thread on the list.)
>>> 
>>> Those links don't work for me. But I was able to get at least a sense of 
>>> what `geli` and `ggatel` are based on some cursory review of Google search 
>>> results for those terms. Basically, FreeBSD can encrypt arbitrary 
>>> filesystems.
>>> 
>>> I can't think of what support Pass could have that would be relevant to 
>>> these features. What specifically do you want to do with Pass and these 
>>> features that you can't currently?
>>> 
>>> First, being only available on FreeBSD seems pretty limiting. Why would 
>>> Pass add features only available on one platform?
>>> 
>>> Second, why would you want to combine those features with Pass? Or are you 
>>> requesting that Pass be modified to (optionally?) make use of the FreeBSD 
>>> filesystem encryption features *instead* of using GPG (and any other 
>>> extensions available)?
>>> 
>>> I don't speak for the author and maintainer, but I'd guess this would make 
>>> more sense as a Pass-like or Pass-inspired project.
>>> 
>>> Pass repos are just directories with GPG-encrypted files. (There's some 
>>> conventions about what keys should be used to encrypt which files based on 
>>> *.gpg-id* files in the root directory or sub-directories.) They can also be 
>>> a Git repo for tracking changes. But besides that they're (perfectly?) 
>>> independent of any specific filesystem. Would adding support for the 
>>> FreeBSD GEOM features change that?
>>> 
>>> On Mon, Nov 20, 2017 at 8:15 AM, Daniel Jensen >> > wrote:
>>> Well, it’s a feature that’ll pretty much only work on FreeBSD since it 
>>> requires GEOM.
>>> 
>>> GEOM ELI (https://man.freebsd.org/geli(8)) 
>>>  and GGATEL 
>>> (https://man.freebsd.org/ggatel(8))  
>>> can be used to mount a disk image as a directory, which is where pass 
>>> stores its data structure.
>>> 
>>>  
 On 20 Nov 2017, at 14.09, Kenny Evitt > wrote:
 
 I'm using ZFS on some servers, but not with Pass. What kind of features 
 would you want to add to Pass related to ZFS or ZFS datasets?
 
 What's GELI?
 
 Depending on what it is exactly that you want, it could probably be 
 implemented as a Pass extension. I'm pretty skeptical that these features, 
 whatever they are, would be sensibly added to Pass itself.
 
 On Sun, Nov 19, 2017 at 12:22 PM D. Ebdrup > wrote:
 ZFS datasets and GELI are really powerful things and would be a great 
 
 addition to password-store, so I’m wondering if it’s possible to 
 
 implement this.
 
 
 
 
 
 Alternative, if it’s something I can figure out to do, or find someone 
 
 with the skill to add it, is it a feature that would be accepted?
 
 
 ___
 
 Password-Store mailing list
 
 Password-Store@lists.zx2c4.com 
 
 https://lists.zx2c4.com/mailman/listinfo/password-store 
 
 
>>> 
>>> 
>> 
>> ___
>> Password-Store mailing list
>> Password-Store@lists.zx2c4.com 
>> https://lists.zx2c4.com/mailman/listinfo/password-store 
>> 

___
Password-Store mailing list
Password-Store@lists.zx2c4.com

Re: Feature request: Enable use of ZFS datasets and optionally GELI

2017-11-20 Thread Niels Kobschaetzki

Isn’t GELI a GEOM-class? and those are for GEOMs, how are single files like 
pass uses them GEOMs? Do you want to create a zfs set for each password and 
then put GELI on top of that to encrypt it?

Niels

> On 20. Nov 2017, at 19:58, Daniel Jensen  wrote:
> 
> So it’s probably better to fork pass into zpass or something similar, since 
> it’ll be exclusively for ZFS datasets and can optionally use GELI instead of 
> GPG.
> 
> Will give it some thought, but perhaps it wasn’t really a good idea for a 
> feature request after-all.
> 
> For reference, here are some links that should work:
> https://man.freebsd.org/geli(8)
> https://man.freebsd.org/ggatel(8)
> 
>> On 20 Nov 2017, at 19.51, Kenny Evitt  wrote:
>> 
>> (Don't forget to 'reply all' to keep the thread on the list.)
>> 
>> Those links don't work for me. But I was able to get at least a sense of 
>> what `geli` and `ggatel` are based on some cursory review of Google search 
>> results for those terms. Basically, FreeBSD can encrypt arbitrary 
>> filesystems.
>> 
>> I can't think of what support Pass could have that would be relevant to 
>> these features. What specifically do you want to do with Pass and these 
>> features that you can't currently?
>> 
>> First, being only available on FreeBSD seems pretty limiting. Why would Pass 
>> add features only available on one platform?
>> 
>> Second, why would you want to combine those features with Pass? Or are you 
>> requesting that Pass be modified to (optionally?) make use of the FreeBSD 
>> filesystem encryption features *instead* of using GPG (and any other 
>> extensions available)?
>> 
>> I don't speak for the author and maintainer, but I'd guess this would make 
>> more sense as a Pass-like or Pass-inspired project.
>> 
>> Pass repos are just directories with GPG-encrypted files. (There's some 
>> conventions about what keys should be used to encrypt which files based on 
>> *.gpg-id* files in the root directory or sub-directories.) They can also be 
>> a Git repo for tracking changes. But besides that they're (perfectly?) 
>> independent of any specific filesystem. Would adding support for the FreeBSD 
>> GEOM features change that?
>> 
>>> On Mon, Nov 20, 2017 at 8:15 AM, Daniel Jensen  wrote:
>>> Well, it’s a feature that’ll pretty much only work on FreeBSD since it 
>>> requires GEOM.
>>> 
>>> GEOM ELI (https://man.freebsd.org/geli(8)) and GGATEL 
>>> (https://man.freebsd.org/ggatel(8)) can be used to mount a disk image as a 
>>> directory, which is where pass stores its data structure.
>>> 
>>>  
 On 20 Nov 2017, at 14.09, Kenny Evitt  wrote:
 
 I'm using ZFS on some servers, but not with Pass. What kind of features 
 would you want to add to Pass related to ZFS or ZFS datasets?
 
 What's GELI?
 
 Depending on what it is exactly that you want, it could probably be 
 implemented as a Pass extension. I'm pretty skeptical that these features, 
 whatever they are, would be sensibly added to Pass itself.
 
> On Sun, Nov 19, 2017 at 12:22 PM D. Ebdrup  wrote:
> ZFS datasets and GELI are really powerful things and would be a great 
> 
> addition to password-store, so I’m wondering if it’s possible to 
> 
> implement this.
> 
> 
> 
> 
> 
> Alternative, if it’s something I can figure out to do, or find someone 
> 
> with the skill to add it, is it a feature that would be accepted?
> 
> 
> ___
> 
> Password-Store mailing list
> 
> Password-Store@lists.zx2c4.com
> 
> https://lists.zx2c4.com/mailman/listinfo/password-store
> 
>>> 
>> 
> 
> ___
> Password-Store mailing list
> Password-Store@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/password-store
___
Password-Store mailing list
Password-Store@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/password-store

Re: Feature request: Enable use of ZFS datasets and optionally GELI

2017-11-20 Thread Daniel Jensen

So it’s probably better to fork pass into zpass or something similar, since 
it’ll be exclusively for ZFS datasets and can optionally use GELI instead of 
GPG.

Will give it some thought, but perhaps it wasn’t really a good idea for a 
feature request after-all.

For reference, here are some links that should work:
https://man.freebsd.org/geli(8) 
https://man.freebsd.org/ggatel(8) 

> On 20 Nov 2017, at 19.51, Kenny Evitt  wrote:
> 
> (Don't forget to 'reply all' to keep the thread on the list.)
> 
> Those links don't work for me. But I was able to get at least a sense of what 
> `geli` and `ggatel` are based on some cursory review of Google search results 
> for those terms. Basically, FreeBSD can encrypt arbitrary filesystems.
> 
> I can't think of what support Pass could have that would be relevant to these 
> features. What specifically do you want to do with Pass and these features 
> that you can't currently?
> 
> First, being only available on FreeBSD seems pretty limiting. Why would Pass 
> add features only available on one platform?
> 
> Second, why would you want to combine those features with Pass? Or are you 
> requesting that Pass be modified to (optionally?) make use of the FreeBSD 
> filesystem encryption features *instead* of using GPG (and any other 
> extensions available)?
> 
> I don't speak for the author and maintainer, but I'd guess this would make 
> more sense as a Pass-like or Pass-inspired project.
> 
> Pass repos are just directories with GPG-encrypted files. (There's some 
> conventions about what keys should be used to encrypt which files based on 
> *.gpg-id* files in the root directory or sub-directories.) They can also be a 
> Git repo for tracking changes. But besides that they're (perfectly?) 
> independent of any specific filesystem. Would adding support for the FreeBSD 
> GEOM features change that?
> 
> On Mon, Nov 20, 2017 at 8:15 AM, Daniel Jensen  > wrote:
> Well, it’s a feature that’ll pretty much only work on FreeBSD since it 
> requires GEOM.
> 
> GEOM ELI (https://man.freebsd.org/geli(8))  
> and GGATEL (https://man.freebsd.org/ggatel(8)) 
>  can be used to mount a disk image as a 
> directory, which is where pass stores its data structure.
> 
>  
>> On 20 Nov 2017, at 14.09, Kenny Evitt > > wrote:
>> 
>> I'm using ZFS on some servers, but not with Pass. What kind of features 
>> would you want to add to Pass related to ZFS or ZFS datasets?
>> 
>> What's GELI?
>> 
>> Depending on what it is exactly that you want, it could probably be 
>> implemented as a Pass extension. I'm pretty skeptical that these features, 
>> whatever they are, would be sensibly added to Pass itself.
>> 
>> On Sun, Nov 19, 2017 at 12:22 PM D. Ebdrup > > wrote:
>> ZFS datasets and GELI are really powerful things and would be a great 
>> 
>> addition to password-store, so I’m wondering if it’s possible to 
>> 
>> implement this.
>> 
>> 
>> 
>> 
>> 
>> Alternative, if it’s something I can figure out to do, or find someone 
>> 
>> with the skill to add it, is it a feature that would be accepted?
>> 
>> 
>> ___
>> 
>> Password-Store mailing list
>> 
>> Password-Store@lists.zx2c4.com 
>> 
>> https://lists.zx2c4.com/mailman/listinfo/password-store 
>> 
>> 
> 
> 

___
Password-Store mailing list
Password-Store@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/password-store

Re: Feature request: Enable use of ZFS datasets and optionally GELI

2017-11-20 Thread Kenny Evitt

(Don't forget to 'reply all' to keep the thread on the list.)

Those links don't work for me. But I was able to get at least a sense of
what `geli` and `ggatel` are based on some cursory review of Google search
results for those terms. Basically, FreeBSD can encrypt arbitrary
filesystems.

I can't think of what support Pass could have that would be relevant to
these features. What specifically do you want to do with Pass and these
features that you can't currently?

First, being only available on FreeBSD seems pretty limiting. Why would
Pass add features only available on one platform?

Second, why would you want to combine those features with Pass? Or are you
requesting that Pass be modified to (optionally?) make use of the FreeBSD
filesystem encryption features *instead* of using GPG (and any other
extensions available)?

I don't speak for the author and maintainer, but I'd guess this would make
more sense as a Pass-like or Pass-inspired project.

Pass repos are just directories with GPG-encrypted files. (There's some
conventions about what keys should be used to encrypt which files based on
*.gpg-id* files in the root directory or sub-directories.) They can also be
a Git repo for tracking changes. But besides that they're (perfectly?)
independent of any specific filesystem. Would adding support for the
FreeBSD GEOM features change that?

On Mon, Nov 20, 2017 at 8:15 AM, Daniel Jensen  wrote:

> Well, it’s a feature that’ll pretty much only work on FreeBSD since it
> requires GEOM.
>
> GEOM ELI (https://man.freebsd.org/geli(8)) and GGATEL (
> https://man.freebsd.org/ggatel(8)) can be used to mount a disk image as a
> directory, which is where pass stores its data structure.
>
>
>
> On 20 Nov 2017, at 14.09, Kenny Evitt  wrote:
>
> I'm using ZFS on some servers, but not with Pass. What kind of features
> would you want to add to Pass related to ZFS or ZFS datasets?
>
> What's GELI?
>
> Depending on what it is exactly that you want, it could probably be
> implemented as a Pass extension. I'm pretty skeptical that these features,
> whatever they are, would be sensibly added to Pass itself.
>
> On Sun, Nov 19, 2017 at 12:22 PM D. Ebdrup  wrote:
>
>> ZFS datasets and GELI are really powerful things and would be a great
>>
>> addition to password-store, so I’m wondering if it’s possible to
>>
>> implement this.
>>
>>
>>
>>
>>
>> Alternative, if it’s something I can figure out to do, or find someone
>>
>> with the skill to add it, is it a feature that would be accepted?
>>
>>
>> ___
>>
>> Password-Store mailing list
>>
>> Password-Store@lists.zx2c4.com
>>
>> https://lists.zx2c4.com/mailman/listinfo/password-store
>>
>>
>
___
Password-Store mailing list
Password-Store@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/password-store

Re: Feature request: Enable use of ZFS datasets and optionally GELI

2017-11-20 Thread Kenny Evitt

I'm using ZFS on some servers, but not with Pass. What kind of features
would you want to add to Pass related to ZFS or ZFS datasets?

What's GELI?

Depending on what it is exactly that you want, it could probably be
implemented as a Pass extension. I'm pretty skeptical that these features,
whatever they are, would be sensibly added to Pass itself.

On Sun, Nov 19, 2017 at 12:22 PM D. Ebdrup  wrote:

> ZFS datasets and GELI are really powerful things and would be a great
>
> addition to password-store, so I’m wondering if it’s possible to
>
> implement this.
>
>
>
>
>
> Alternative, if it’s something I can figure out to do, or find someone
>
> with the skill to add it, is it a feature that would be accepted?
>
>
> ___
>
> Password-Store mailing list
>
> Password-Store@lists.zx2c4.com
>
> https://lists.zx2c4.com/mailman/listinfo/password-store
>
>
___
Password-Store mailing list
Password-Store@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/password-store

Re: Feature request: Enable use of ZFS datasets and optionally GELI

Re: Feature request: Enable use of ZFS datasets and optionally GELI

Re: Feature request: Enable use of ZFS datasets and optionally GELI

Re: Feature request: Enable use of ZFS datasets and optionally GELI

Re: Feature request: Enable use of ZFS datasets and optionally GELI

Re: Feature request: Enable use of ZFS datasets and optionally GELI

Re: Feature request: Enable use of ZFS datasets and optionally GELI

7 matches

Site Navigation

Mail list logo

Footer information