-
Notifications
You must be signed in to change notification settings - Fork 255
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mount using /etc/fstab #45
Comments
This used to not work because mount passes "-o foo,bar" at the end of the command line while gocryptfs wants it at the front. But I fixed this in 9cf3ced . Please pull the latest master. I have also added a new option, "-passfile", to make reading the password from a file easier.
Notes: The mount manpage says that the hash-notation ("type#path") is deprecated, which is why I used "fuse.type" instead. You need to have "nodev,nosuid" because otherwise mount passes the "dev,suid" options. |
Mounting using the masterkey was meant as a recovery option in emergencies, there is currently no way to read if from a plain-text file. Would your use-case work better with that? |
Thanks, will try a version taken from the master and then get back and confirm that it works for me.
I created a volume using SiriKali (GUI app) encrypted based on a file (just a random binary file), not the password, that's why I was interested how can I pass that file via command line. But actually password should work for my use case, I was just trying the feature. I guess it might work using a new cmd arg |
To be honest, I don't know what SiriKali does here, there is no way to pass a binary file to gocryptfs. Maybe it takes the sha256 hash of the file and uses this as the password? |
I checked that, sha256 hash has not been accepted as a valid password, but it's not the issue for me (password works for me), I propose to focus on the primary issue. I got it mounted based on your example an using a build from master, thank you. But there are still few issues:
I tried to define uid, gid, dmask, fmask fstab parameters (setting uid/gid to my current user values), but seems gocryptfs doesn't allow to define such parameters in fstab (shows a error message). |
When I mount a volume directly in cmd (no fstab involved) then created files and directories both have owner set to the current user - expected behavior. So setting directory owner to the |
The "KeyFile" option of SiriKali just reads the keyfile contents and pass them along to gocryptfs as password so gocryptfs is completely not aware the password came from a keyfile. I would not recommend using this keyfile type option unless you are sure your keyfile has no new line character since gocryptfs will most likely truncate your keyfile on the first new line character it will find on the keyfile and SiriKali warns about this since it scans the keyfile contents for new line characters. Explanations for different keyfile options can be found here: https://github.com/mhogomchungu/SiriKali/wiki/Frequently-Asked-Questions#40-what-does-different-key-options-means-in-the-dialog-for-creatingunlocking-volume |
@vladimiry The mkdir owner issue is fixed in 828f718 , this should also fix the directory copy problem. |
changes made here also breaks SiriKali support for gocryptfs and you will also have to use git version of SiriKali if you want to continue using it with git version of gocryptfs. |
Oh, what breaks? ABI breaks are evil, i will try to fix it in gocryptfs if
possible.
|
Latest commits requires "-o" option to be at the end of the CLI options while it was required to be at the beginning previously. SiriKali deals with this change here: https://github.com/mhogomchungu/sirikali/blob/a36d91d3e39f0c1eb9a79680ed6c28ddb6568fa8/src/siritask.cpp#L188 |
Ok, I'll make it accept "-o" at both positions.
|
Confirmed, works well for me. |
@mhogomchungu fixed in 7b2049c |
@vladimiry Thanks for the confirmation, closing the ticket. |
How do I do that?
It doesn't work in this way (it just shows this
Usage: gocryptfs [OPTIONS] CIPHERDIR MOUNTPOINT
):Also how do I specify a key file using command line to unlock the volume, not the password?
Versions used:
The text was updated successfully, but these errors were encountered: