2

I have build myself a nice setup:

I have encrypted encfs folders that are mountable with autofs, i.e. when I enter the folders they will be automatically decrypted. I have the encfs password added to my keyring and wrote a custom script that extracts the password (/usr/local/sbin/load-encfs see below).

The only drawback is that I have to enter my login password to unlock the keyring on the first visit of any of the automounted folders. Every visit of another folder (or the same after the timeout expired) does not prompt me for my pw.

Question: Is there any possibility that also the first password prompt can be somehow automated?

/etc/autofs/auto.master:

I just added this line:

/- /etc/autofs/auto.encfs

/etc/autofs/auto.encfs:

/home/user/Privat -fstype=fuse :load-encfs\#user\:/home/user/encfs-keys/private.xml\:/home/user/Dropbox/.private /home/user/BTU -fstype=fuse :load-encfs\#user\:/home/user/encfs-keys/btu.xml\:/home/user/Dropbox/.btu /home/user/TUD -fstype=fuse :load-encfs\#user\:/home/user/encfs-keys/tud.xml\:/home/user/Dropbox/.tud

/usr/local/sbin/load-encfs (fish script): 

#!/usr/bin/fish function usage echo "need at least two arguments" echo " 1. <user name>:[<config>]:<crypt folder>" echo " 2. <mount folder>" exit 1 end if test (count $argv) -lt 2 usage end set split (string split ':' $argv[1]) if test $status -ne 0 usage else if test (count $split) -eq 2 set USER_NAME $split[1] set CONFIG_PATH "" set CRYPT_PATH (realpath $split[2]) else set USER_NAME $split[1] set CONFIG_PATH (realpath $split[2]) set CRYPT_PATH (realpath $split[3]) end set MOUNT_PATH (realpath $argv[2]) set PID (ps aux | sed -e '/sed/d;/$USER_NAME.*xinit/!d;s/^.*xserverrc \(:[0-9\.]*\).*/aaa/' | awk '{ print $2 }') if test -n "$PID" set DISPLAY (cat /proc/$PID/environ | tr '\0' '\n' | grep '^DISPLAY=' | sed -r 's/.*=(.*)/\1/') end if test -z "$DISPLAY" set DISPLAY ":0.0" end set PASS (env DISPLAY=$DISPLAY sudo -H -u $USER_NAME secret-tool lookup server $CRYPT_PATH) if test -n $CONFIG_PATH set COMMAND "env ENCFS6_CONFIG=$CONFIG_PATH" end set COMMAND $COMMAND "encfs --public --extpass='echo \'$PASS\'' $CRYPT_PATH $MOUNT_PATH" eval $COMMAND

I added the various arguments to be flexible where the config file for encfs is stored.

Improve this question
1
  • Obviously the simplest approach would be to extract all passwords from the keyring to plain files like here but I don't want to store it in plaintext. Commented Jun 13, 2016 at 18:37

1 Answer 1

Reset to default
1

I finally found the solution after having problems with dbus after an update. New script:

#!/usr/bin/fish function usage echo "need at least two arguments" echo " 1. <user name>:[<config>]:<crypt folder>" echo " 2. <mount folder>" exit 1 end if test (count $argv) -lt 2 usage end set split (string split ':' $argv[1]) if test $status -ne 0 usage else if test (count $split) -eq 2 set USER_NAME $split[1] set CONFIG_PATH "" set CRYPT_PATH (realpath $split[2]) else set USER_NAME $split[1] set CONFIG_PATH (realpath $split[2]) set CRYPT_PATH (realpath $split[3]) end set MOUNT_PATH (realpath $argv[2]) set PASS (sudo -H -u $USER_NAME bash -c "env DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/`id -u $USER_NAME`/bus secret-tool lookup server $CRYPT_PATH") if test -n $CONFIG_PATH set COMMAND "env ENCFS6_CONFIG=$CONFIG_PATH" end set COMMAND $COMMAND "encfs --public --extpass='echo \'$PASS\'' $CRYPT_PATH $MOUNT_PATH" eval $COMMAND
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.