provide a script for changing the ~/private dir secrets
gocryptfs doesn't (i think?) ship a tool for changing the password: you just create a new fs and rsync/mv the data
This commit is contained in:
parent
174bc539bc
commit
b344c38bfb
|
@ -49,8 +49,9 @@ resholve.mkDerivation {
|
|||
"umount"
|
||||
"sudo"
|
||||
|
||||
# this is actually internal; probably a better fix
|
||||
# these are used internally; probably a better fix
|
||||
"sane-mount-servo"
|
||||
"sane-private-unlock"
|
||||
];
|
||||
};
|
||||
|
||||
|
|
32
pkgs/sane-scripts/src/sane-private-change-passwd
Executable file
32
pkgs/sane-scripts/src/sane-private-change-passwd
Executable file
|
@ -0,0 +1,32 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
set -ex
|
||||
|
||||
new_plain=/home/colin/private-new
|
||||
new_cipher="/nix/persist${new_plain}"
|
||||
dest_plain=/home/colin/private
|
||||
dest_cipher="/nix/persist${dest_plain}"
|
||||
|
||||
# initialize the new store
|
||||
sudo mkdir -p "${new_cipher}" && sudo chown colin:users "${new_cipher}"
|
||||
mkdir -p "${new_plain}"
|
||||
gocryptfs -init "${new_cipher}"
|
||||
|
||||
# mount the new and old store
|
||||
gocryptfs "${new_cipher}" "${new_plain}"
|
||||
sane-private-unlock
|
||||
|
||||
# transfer to the new store
|
||||
rsync -arv /home/colin/private/ "${new_plain}"/
|
||||
|
||||
# unmount both stores
|
||||
sudo umount "${new_plain}"
|
||||
sudo umount /home/colin/private
|
||||
|
||||
# swap the stores
|
||||
sudo mv "${dest_cipher}" "${dest_cipher}-old"
|
||||
sudo mv "${new_cipher}" "${dest_cipher}"
|
||||
|
||||
sane-private-unlock
|
||||
|
||||
echo "if things look well, rm ${dest_cipher}-old"
|
|
@ -8,4 +8,7 @@ set -ex
|
|||
mount=/home/colin/private
|
||||
cipher="/nix/persist$mount"
|
||||
mkdir -p "$mount"
|
||||
if [ ! -f "$mount/init" ]
|
||||
then
|
||||
gocryptfs "$cipher" "$mount"
|
||||
fi
|
||||
|
|
Loading…
Reference in New Issue
Block a user