mhdry
commented
5 years ago Sorry for replying to this rather old post, but it might still concern some people: This is not a Cryptomator issue, but more depends on the operating system you run Cryptomator on. In Linux Cryptomator-CLI responds fine to SIGTERM signals. It should therefore be safe to kill the PID, if the WebDAV share has been unmounted before. Here's the fragment of a Bash script I use for background tasks involving Cryptomator.
Please note that it's just a fragment, which you'll have to adjust to your needs. This is especially important when mount or umount is concerned, as the user under which your script runs will need to have permissions to run these two commands.
#!/bin/bash
CM_VNAME='MyVault'
CM_VPATH='/home/user/wherever/top-secret-vault'
CM_PASSW="myFunnyPassphrase"
MOUNTPNT='/home/user/elsewhere/not-that-secret'
DAV_PORT=42420
# Step 1: unlock Cryptomator vault
java -jar /usr/local/bin/cryptomator-cli.jar \
--vault $CM_VNAME="$CM_VPATH" \
--password $CM_VNAME="$CM_PASSW" \
--bind 127.0.0.1 --port $DAV_PORT \
> /dev/null 2>&1 &
# Step 2: wait, until WebDAV server is ready
while ! nc -z localhost $DAV_PORT; do
sleep 0.1
done
# Step 3: mount WebDAV share
echo "" | mount -t davfs -o uid=$(id -u),username="" http://localhost:$DAV_PORT/$CM_VNAME $MOUNTPNT > /dev/null
# Step 4: do all the stuff you want to automate here
...
# Step 5: unmount WebDAV share and lock Cryptomator vault
umount "$MOUNTPNT"
pid=($( lsof -i :$DAV_PORT | sed -n 2p ))
kill ${pid[1]}Beware: Since davfs is used instead of FUSE, a file cache will be used. Therefore you may also have to (securely) delete (i.e. "wipe") files under /var/cache/davfs2/localhost-MyVault* depending on your security measures in step 5.
You should also carefully read, understand and consider the security policy in man mount.davfs...
Since this rather crude example contains the password in $CM_PASSW, you may want to carefully set permissions for this script or find a better solution to provide the password
overheadhunter
fancsali
Use case: fully automated scripts. I want to use this for backups of sensitive files with the vault being visible/readable only as long as necessary and unmounted without user intervention as soon as the backup is finished.
The current cli starts the server process and then waits for user intervention to stop it. I would like to have some way to also stop the server. I can use a unix kill command to stop the running process, but I don't know how safe that is, and it just feels a bit too forceful. It would be better to have this as part of the cli.
I don't know enough about your webdav server implementation to know what is possible. Maybe the cli can check if a server is already running on host:port and send some kind of stop command to the running server?