Having lost an encrypted volume to what was probably bitrot,
(and the corruption had spread to the backups... :-( )
I add "parchive" files to all encrypted content on my computer until
such time that I can safely migrate to btrfs on linux.
I have added this to the pass script.
Yes, it is probably over the top, but I am taking no risks with
important information... Again...
See attachment for the patch.
par2: https://github.com/BlackIkeEagle/par2cmdline (a fork of the original
par2cmdline on sourceforge)
P.S. pass works very well in combination with the cryptostick
http://www.crypto-stick.com, and oh.. for interesting ways of combining
linux crypto and scripting see https://www.dyne.org/software/tomb
--
Met vriendelijke groet,
Henk Jan Enneman
[email protected]
Food for thought is no substitute for the real thing.
-- Walt Kelly, "Putluck Pogo"
--- /home/enneman/Projects/password-store/src/password-store.sh
+++ /home/enneman/pass
@@ -5,7 +5,7 @@
umask "${PASSWORD_STORE_UMASK:-077}"
set -o pipefail
-
+PAR2=$(which par2)
GPG_OPTS=( "--quiet" "--yes" "--compress-algo=none" )
GPG="gpg"
which gpg2 &>/dev/null && GPG="gpg2"
@@ -332,7 +332,7 @@
else
echo "${path%\/}"
fi
- tree -C -l --noreport "$PREFIX/$path" | tail -n +2 | sed
's/\.gpg$//'
+ tree -C -l --noreport "$PREFIX/$path" | tail -n +2 | sed
's/\.gpg$//'| grep -v par2
elif [[ -z $path ]]; then
die "Error: password store is empty. Try \"pass init\"."
else
@@ -408,6 +408,9 @@
read -r -p "Enter password for $path: " -e password
$GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile"
"${GPG_OPTS[@]}" <<<"$password"
fi
+
+ [[ -n $PAR2 ]] && ($PAR2 c $PREFIX/$path $passfile || (echo "par2
creation failed!";exit))
+
git_add_file "$passfile" "Add given password for $path to store."
}
@@ -419,10 +422,12 @@
mkdir -p -v "$PREFIX/$(dirname "$path")"
set_gpg_recipients "$(dirname "$path")"
local passfile="$PREFIX/$path.gpg"
+ local template="$PROGRAM.XXXXXXXXXXXXX"
tmpdir #Defines $SECURE_TMPDIR
local tmp_file="$(mktemp -u "$SECURE_TMPDIR/XXXXX")-${path//\//-}.txt"
+ [[ -n $PAR2 ]] && ($($PAR2 v $PREFIX/$path $passfile) || (echo "par2
verification failed!"; exit 1))
local action="Add"
if [[ -f $passfile ]]; then
@@ -434,6 +439,7 @@
while ! $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile"
"${GPG_OPTS[@]}" "$tmp_file"; do
yesno "GPG encryption failed. Would you like to try again?"
done
+ [[ -n $PAR2 ]] && ($PAR2 c $PREFIX/$path $passfile || (echo "par2
creation failed!"; exit 1))
git_add_file "$passfile" "$action password for $path using
${EDITOR:-vi}."
}
@@ -562,6 +568,7 @@
cmd_git() {
if [[ $1 == "init" ]]; then
+ echo "*.par2" > "$PREFIX/.gitignore"
git "$@" || exit 1
git_add_file "$PREFIX" "Add current contents of password store."
_______________________________________________
Password-Store mailing list
[email protected]
http://lists.zx2c4.com/mailman/listinfo/password-store
