Skip to content

Commit

Permalink
launchd for igloosync-dropbox setup with gocryptfs (macOS support)
Browse files Browse the repository at this point in the history
Created a new snowblock for launchd (1) snowblock includes a user agent
defining a job to auto-mount the `sync` gocryptfs (2) volume located in
the Dropbox (3) folder receiving the password stored in the macOS
Keychain (4) via the macOS builtin system CLI tool `security`.

It also includes a documentation to describe the requirements for
the `com.arcticicestudio.igloo.launchd.igloosync` agent. It consists of
information about dependencies and how to create the required
`gocryptfs` password stored- and received via the macOS builtin system
CLI tool `security`.

Note that this is a macOS specific snowblock and therefore the
`com.arcticicestudio.igloo.launchd.igloosync-dropbox.plist` agent and
script file will only be linked for the `iceowl` host.

References:
  (1) https://wiki.freebsd.org/launchd
  (2) https://github.com/rfjakob/gocryptfs
  (3) https://www.dropbox.com
  (4) https://support.apple.com/guide/keychain-access/welcome/mac
    * http://www.launchd.info
    * launchd(1)
    * launchd.plist(5)
    * security(1)

Epic: GH-131
Related to GH-58
Closes GH-133
  • Loading branch information
arcticicestudio committed Sep 15, 2018
1 parent fd258eb commit 6cf2479
Show file tree
Hide file tree
Showing 4 changed files with 147 additions and 0 deletions.
52 changes: 52 additions & 0 deletions snowblocks/launchd/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
# launchd

> In computing, [launchd][], a unified service-management framework, starts, stops and manages daemons, applications, processes, and scripts in macOS.
## igloosync-dropbox setup on macOS

This snowblock includes a user agent defining a job to auto-mount the `sync` [gocryptfs][] volume/container located in the [Dropbox][] folder receiving the password stored in the [macOS Keychain][apple-doc-keychain] via the macOS builtin system CLI tool `security`.
It requires the [gocryptfs][brew-gocryptfs] forumla and [dropbox][brew-cask-dropbox] cask to be installed.

### macOS Keychain setup

Store the gocryptfs volume/container password in the macOS [Keychain][apple-doc-keychain] app:

```sh
security add-generic-password -a sgreb -l igloosync-dropbox -s igloosync -T $(brew --prefix gocryptfs)/bin/gocryptfs -w
# Example: security add-generic-password -a sgreb -l igloosync-dropbox -s igloosync -T $(brew --prefix gocryptfs)/bin/gocryptfs -w
```

* `-a` - Specifies the account name
* `-l` - Specifies the label (if omitted, service name is used as default label)
* `-s` - Specifies the service name
* `-T` - Specifies the application which may have access to this item
* `-w` - Show an interactive prompt to pass the password to be added

See `security help add-generic-password` and security(1) for a detailed documentation of the available commands and options.

The password can then be received by running

```sh
security find-generic-password -l igloosync-dropbox -w
```

where the `-w` flag prints only the password to stdout.

### launchd service/agent and script

> For launchd tutorials, documentations and cookbooks see [launchd.info][launchd.info] and and manpages `launchd(1)` and `launchd.plist(5)`.
Create the service task as shell script and corresponding launchd service and place it in the folder for user agents:

```sh
mkdir -p ~/Library/LaunchAgents
cp <SERVICE>.plist ~/Library/LaunchAgents
```


[apple-doc-keychain]: https://support.apple.com/guide/keychain-access/welcome/mac
[brew-cask-dropbox]: https://github.com/Homebrew/homebrew-cask/blob/master/Casks/dropbox.rb
[brew-gocryptfs]: https://formulae.brew.sh/formula/gocryptfs
[gocryptfs]: https://github.com/rfjakob/gocryptfs
[launchd]: https://wiki.freebsd.org/launchd
[launchd.info]: http://www.launchd.info
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
<!--
Copyright (C) 2016-present Arctic Ice Studio <[email protected]>
Copyright (C) 2016-present Sven Greb <[email protected]>
Project: igloo
Repository: https://github.com/arcticicestudio/igloo
License: MIT
References:
http://launchd.info
launchd(1)
launchd.plist(5)
security(1)
-->
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.arcticicestudio.igloo.launchd.igloosync</string>
<key>Program</key>
<string>/Users/sgreb/.config/launchd/tasks/igloosync-dropbox.sh</string>
<key>RunAtLoad</key>
<true/>
<key>StandardErrorPath</key>
<string>/Users/sgreb/.var/log/igloo/launchd/igloosync-dropbox.error.log</string>
<key>StandardOutPath</key>
<string>/Users/sgreb/.var/log/igloo/launchd/igloosync-dropbox.log</string>
</dict>
</plist>
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
#!/usr/bin/env bash

# Copyright (C) 2016-present Arctic Ice Studio <[email protected]>
# Copyright (C) 2016-present Sven Greb <[email protected]>

# Project: igloo
# Repository: https://github.com/arcticicestudio/igloo
# License: MIT
# References:
# https://github.com/rfjakob/gocryptfs
# security(1)

set -eo pipefail

cleanup() {
unset -f mount
}

mount() {
local brew="/usr/local/bin/brew"
local gocryptfs="$($brew --prefix gocryptfs)/bin/gocryptfs"
local container="$HOME/cloud/.dropbox/Dropbox/sync"
local mountpoint="$HOME/cloud/dropbox"
local extpass_command="security find-generic-password -l igloosync-dropbox -w"

if [ ! -f $brew ]; then
echo "Homebrew is not installed or available in PATH!"
exit 1
fi

if [ -f $gocryptfs ]; then
$($gocryptfs -allow_other -q -extpass="$extpass_command" "$container" "$mountpoint")
else
echo "gocryptfs is not installed or available in PATH!"
exit 1
fi
}

trap 'printf "User aborted.\n" && exit 1' SIGINT SIGTERM
trap cleanup EXIT

mount $@
exit 0
23 changes: 23 additions & 0 deletions snowblocks/launchd/snowblock.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
[
{
"clean": ["~/Library/LaunchAgents"]
},
{
"link": {
"~/Library/LaunchAgents/com.arcticicestudio.igloo.launchd.igloosync-dropbox.plist": {
"create": true,
"force": true,
"hosts": {
"iceowl": "com/arcticicestudio/igloo/launchd/igloosync/com.arcticicestudio.igloo.launchd.igloosync-dropbox.plist"
}
},
"~/Library/LaunchAgents/igloosync-dropbox.sh": {
"create": true,
"force": true,
"hosts": {
"iceowl": "com/arcticicestudio/igloo/launchd/igloosync/igloosync-dropbox.sh"
}
}
}
}
]

0 comments on commit 6cf2479

Please sign in to comment.