provide a script for changing the ~/private dir secrets
gocryptfs doesn't (i think?) ship a tool for changing the password: you just create a new fs and rsync/mv the data
This commit is contained in:
parent
174bc539bc
commit
b344c38bfb
|
@ -49,8 +49,9 @@ resholve.mkDerivation {
|
||||||
"umount"
|
"umount"
|
||||||
"sudo"
|
"sudo"
|
||||||
|
|
||||||
# this is actually internal; probably a better fix
|
# these are used internally; probably a better fix
|
||||||
"sane-mount-servo"
|
"sane-mount-servo"
|
||||||
|
"sane-private-unlock"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
32
pkgs/sane-scripts/src/sane-private-change-passwd
Executable file
32
pkgs/sane-scripts/src/sane-private-change-passwd
Executable file
|
@ -0,0 +1,32 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
set -ex
|
||||||
|
|
||||||
|
new_plain=/home/colin/private-new
|
||||||
|
new_cipher="/nix/persist${new_plain}"
|
||||||
|
dest_plain=/home/colin/private
|
||||||
|
dest_cipher="/nix/persist${dest_plain}"
|
||||||
|
|
||||||
|
# initialize the new store
|
||||||
|
sudo mkdir -p "${new_cipher}" && sudo chown colin:users "${new_cipher}"
|
||||||
|
mkdir -p "${new_plain}"
|
||||||
|
gocryptfs -init "${new_cipher}"
|
||||||
|
|
||||||
|
# mount the new and old store
|
||||||
|
gocryptfs "${new_cipher}" "${new_plain}"
|
||||||
|
sane-private-unlock
|
||||||
|
|
||||||
|
# transfer to the new store
|
||||||
|
rsync -arv /home/colin/private/ "${new_plain}"/
|
||||||
|
|
||||||
|
# unmount both stores
|
||||||
|
sudo umount "${new_plain}"
|
||||||
|
sudo umount /home/colin/private
|
||||||
|
|
||||||
|
# swap the stores
|
||||||
|
sudo mv "${dest_cipher}" "${dest_cipher}-old"
|
||||||
|
sudo mv "${new_cipher}" "${dest_cipher}"
|
||||||
|
|
||||||
|
sane-private-unlock
|
||||||
|
|
||||||
|
echo "if things look well, rm ${dest_cipher}-old"
|
|
@ -8,4 +8,7 @@ set -ex
|
||||||
mount=/home/colin/private
|
mount=/home/colin/private
|
||||||
cipher="/nix/persist$mount"
|
cipher="/nix/persist$mount"
|
||||||
mkdir -p "$mount"
|
mkdir -p "$mount"
|
||||||
gocryptfs "$cipher" "$mount"
|
if [ ! -f "$mount/init" ]
|
||||||
|
then
|
||||||
|
gocryptfs "$cipher" "$mount"
|
||||||
|
fi
|
||||||
|
|
Loading…
Reference in New Issue
Block a user