Closed pieroproietti closed 3 months ago
Create a tar.gz
file and after encrypt it with gpg
is not a bad idea.
I can image you wanting to use the linux tar
command to create the compressed archive and the gpg
command to encrypt It or, perhaps something like gpgtar
to create an encrypted archive shortly (although it seems that gpgtar
does not have the exclusion of paths from a file).
While I'm not very knowledgeable on the subject, if you want, let's explore the different possibilities.
For what I can read in the manual page of the tar
command (man) it is indeed possible to exclude a list of paths using the canonical argument, similar to how other programs do, --exclude-from=FILE
. By concatenating this with the gpg
command, we can create the encrypted and compressed archive.
tar --exclude-from='exclusion-list.txt' -czf - /home/myuser | gpg -c -o payload.tar.gz.gpg
Now, regarding the use of mksquashfs
and LUKS
partitions, I must admit that I hadn’t encountered them until I got my hands on penguins.
What made you fall in love with LUKS?
What do you thing are the advantages of using mksquashfs
+LUKS
instead of tar.gz
+gpg
?
I don’t know the instrument well (penguins-eggs), and due to my limited perspective, I can’t comment on what is better for all scenario.
But I think, Hey! We are developer! We can implement both! :smiley:
I fall in love with LUKS when understood it was impossible to discover the pass-frase, but this is probably possible with others methods too. I'm not too expert on cryptografy, just - when I build the first version of syncto, syncfrom - want to help a friend with the need to move servers on the net, without expose it's data.
So far, I had a couple of days off, I tried to implement everything with LUKS and mksquashfs. It works as well - sometimes - but I can't figure out the reasons why.
It's all on the branch syncto
I hope to have time in the next days to fix it, but maybe the idea of using tar if it has the ability to use an exclude-list would probably be more stable.
@markoceri
syncto and syncfrom
I am thinking of restructuring, and also simplifying, syncto and syncfrom.
When I created these commands I had fallen in love with LUKS which, however - used as I have been using it - has a not insignificant problem and that is the need to know before the space required for the device.
After your intervention I thought maybe it was better to use a
payload.tar.gz.gpg
file created with tar, gz and gpg, however this would mean giving up the exclude list, applicable however to mksquashfs.So I tried to see the possibility of using mksquashfs and encrypting the final result with LUKS . I got the idea from this link
payload should be mounted with the commands:
and you could directly copy the files contained in / with syncfrom.
What do you think? Thanks for the patch anyway