Bloerg
         

Quick reminder how to use the alternatives system to call Neovim:

sudo update-alternatives --install /usr/bin/vi vi /usr/local/bin/nvim
sudo update-alternatives --install /usr/bin/vim vim /usr/local/bin/nvim
sudo update-alternatives --install /usr/bin/editor editor /usr/local/bin/nvim

… and to change it

sudo update-alternatives --config vi

pkg-config is a freedesktop standard and implementation that helps developers finding correct compile and link flags of dependencies. Despite its very low version number, it is the de facto method for determining said flags on the Linux desktop. An oft-forgotten feature of pkg-config is the ability of a package to expose arbitrary key-value meta data. This allows dependent applications to find data paths, plugins to know where to install themselves or determining tool paths.

Although CMake supports pkg-config for quite some time with its FindPkgConfig module, it only queries for the compile and link information. If you want to get a variable value you are out of luck. But fear not! Just stick this into a CMake module

find_package(PkgConfig REQUIRED)

function(pkg_check_variable _pkg _name)
    string(TOUPPER ${_pkg} _pkg_upper)
    string(TOUPPER ${_name} _name_upper)
    string(REPLACE "-" "_" _pkg_upper ${_pkg_upper})
    string(REPLACE "-" "_" _name_upper ${_name_upper})
    set(_output_name "${_pkg_upper}_${_name_upper}")

    execute_process(COMMAND ${PKG_CONFIG_EXECUTABLE} --variable=${_name} ${_pkg}
                    OUTPUT_VARIABLE _pkg_result
                    OUTPUT_STRIP_TRAILING_WHITESPACE)

    set("${_output_name}" "${_pkg_result}" CACHE STRING "pkg-config variable ${_name} of ${_pkg}")
endfunction()

and you can easily query information like this

pkg_check_modules(GLIB glib-2.0)
pkg_check_variable(glib-2.0 glib-genmarshal)
message("Path: ${GLIB_2.0_GLIB_GENMARSHAL}")

I found the time to update my static comment script and will have the time to review comments again for the foreseeable future. Thus spam bots: ready, steady, go!

In this day and age, cloud storage is a convenient way to access data from any location. However for privacy and data theft reasons, using third party products always leaves a sour taste in my opinion. To host my own centralized and encrypted data storage for small, highly confidential data, I set up a system combining SSHFS and EncFS.

SSHFS is a FUSE file system to mount a remote file system securely through an SSH tunnel. As a nice side effect, this means that no additional client setup is required once the keys are distributed accordingly. EncFS is another FUSE file system that transparently decrypts an encrypted data source as a mounted directory. In the remaining post, I will explain how I use both systems together to read and write securely to an encrypted remote file system on my VPS.

Before mounting the file systems, we need two empty mount points: one that contains the SSHFS mounted encrypted directory (let’s call the path ENCBOX_PATH) and one that contains the decrypted data (let’s call that BOX_PATH). Before mounting the remote file system you should make sure that the remote directory actually exists. If that’s the case, you mount the remote directory with

sshfs foo@bar.com:/path/to/box $ENCBOX_PATH -o uid=$(id -u) -o gid=$(id -g)

I pass the uid and gid parameters to map my local user to the remote one. Otherwise I would not be able to access the data. Once $ENCBOX_PATH is available we can encrypt the contents with

encfs $ENCBOX_PATH $BOX_PATH

To avoid having to type in the password every time, we have to pass the password programmatically to EncFS. You could either get it from somewhere and pass it through stdin using the --stdin option or specify an external programm that prints the password on stdout. I use the latter together with my keyring-query script. It is a small Python script that uses the system’s keyring to store and retrieve arbitrary secrets. Thus before trying to mount the encrypted file system I will first store the password using

keyring-query --service=encbox --user=foo

The same command line is then used for the encfs command

encfs --extpass="keyring-query --service=encbox --user=foo" $ENCBOX_PATH $BOX_PATH

To avoid letting the box stay open indefinitely, I also set EncFS’ --idle option to five minutes.

Because all those steps are quite elaborate, I bundled this together in a small shell script. Besides the basic mounting of the file systems the script also takes care of checking error conditions and unmounting the file systems if they are already mounted.

The outlined solution is a huge relief for keeping confidential data centrally located that I don’t want to share with Google or Dropbox. However, this comes at a price: Although the bandwidth is not too bad (around 1.8 MB/s on a fast line), writing interactively (e.g. editing with Vim) becomes a pain due to the high latencies involved.