18 lines
692 B
Plaintext
Executable File
18 lines
692 B
Plaintext
Executable File
#!/usr/bin/env nix-shell
|
|
#!nix-shell -i bash -p bash -p coreutils-full -p gocryptfs
|
|
|
|
# mount invokes us like this. not sure if that's a guarantee or not:
|
|
# <exe> <device> <mountpt> -o <flags>
|
|
backing=$1
|
|
# facing=$2
|
|
|
|
# backing might exist from the last boot, so wipe it:
|
|
# mkdir -p "$backing" #< sane.fs should ensure this already exists
|
|
rm -fr "$backing"/*
|
|
|
|
# the password shows up in /proc/.../env, briefly.
|
|
# that's inconsequential: we just care that it's not *persisted*.
|
|
pw=$(dd if=/dev/random bs=128 count=1 2>/dev/null | base64 --wrap=0)
|
|
echo "$pw" | gocryptfs -quiet -nosyslog -passfile /dev/fd/0 -init "$backing"
|
|
echo "$pw" | exec gocryptfs -quiet -nosyslog -passfile /dev/fd/0 "$@"
|