It’s been all change with the olives. I didn’t attempt to combine with anyone this time round.
So the only olives I harvested were my own. I picked these mid October.
The four main olive trees that I have, produced a very good bi-annual harvest as expected. They were the main contributors to the 157 kg that I collected to have pressed for olive oil. These produce green olives. I still have no idea as to their variety. I have young olive trees and a few not pruned large olive trees. These contributed about 15 kgs to this total. The 15kgs were a mixture of black and green olives. One of the varieties is the ‘cornicabra’.
I picked my olives mid October and essentially picked them by hand. I found this works better for me and is more conducive to a state of zen. When I got tired of the silence I tuned in on the portable radio 🙂 I had to bash the olives which were higher up with a long cane. It went well. Because of limited time I have ended up leaving about 25% in the field. This is fine. I am happy my work efficiency and finished in a week. For my efforts I got 17 litres of olive oil. This will keep me in oil for a year, so I am pleased. I was reluctant to collect more this year due to difficulties in arranging transportation.
I got my olives pressed at Lagar Santa Catarina, Afra & Rocha Limitada. My olives got thrown into the mix with other mainly small holdings growers. The Lagar gives you your olive afterwards. I am not sure how much of the oil the Lagar retain for their work input. I didn’t ask this time round. I think it is 25%. The oil produced by the lagar is of Extra Virgin quality and is, as always, very good.
Pickled olives are nice to eat. Which you are waiting for your other dishes to cook. So about 3 weeks before the main harvest I picked some for pickling.
That about wraps up my olive productivity for the year. I will for the rest of the year carry on with pruning and transplanting what the olive trees I have. I do have 100-150 young olive trees for sale if anyone wants some. Of the mainly Cobrançosa variety. A bargain at three euros a tree. Strictly by appointment 🙂 Thank you.
eCryptfs is a POSIX-compliant enterprise
cryptographic "stacked" filesystem for
Linux. Please note that eCryptfs is not a partition/ disk encryption
subsystem like "Veracrypt".
eCryptfs is a stacked filesystem that can be mounted on any
directory and on top of the main file system.
Using eCryptfs, we can easily create an encrypted directory to store confidential data and mount it on any directory. Although it is good practice for the mount path to match the path of the underlying file system.
No separate partition or pre-allocated space is actually required. eCryptfs should work well on local filesystems such as EXT3, EXT4, XFS, JFS and ReiserFS etc.
eCryptfs also supports networked filesystems such as NFS, CIFS, Samba and WebDAV, but not does not have full functionality as it was designed to work with local filesystems.
It stores the cryptographic metadata in the headers of files, so the encrypted data can be easily moved between different users and even systems. eCryptfs has been included in Linux Kernel since version 2.6.19.
Installation
I have only tested it on Ubuntu 18.04 which runs on the
5.4.0-87-generic kernel obtained by running
$ uname -r
5.4.0-87-generic
To enable an utilize Ecryptfs install ecryptfs-utils
$ sudo apt install
ecryptfs-utils
How to use Ecryptfs
The method below explains how to encrypt a folder called temp2
located at /home/zephyr/temp2
Open terminal and run the following:
$ sudo mount -t ecryptfs
/home/zephyr/temp2 /home/zephyr/temp2
Passphrase: ↠enter your passphrase
Select cipher:
1) aes: blocksize = 16; min keysize = 16; max keysize = 32
2) blowfish: blocksize = 8; min keysize = 16; max keysize = 56
3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24
4) twofish: blocksize = 16; min keysize = 16; max keysize = 32
5) cast6: blocksize = 16; min keysize = 16; max keysize = 32
6) cast5: blocksize = 8; min keysize = 5; max keysize = 16
Selection [aes]: 1 ↠selected
Select key bytes:
1) 16
2) 32
3) 24
Selection [16]: 1 ↠selected
Enable plaintext passthrough (y/n) [n]: n â†
selected
Enable filename encryption (y/n) [n]: n â†
selected
Attempting to mount with the following options:
ecryptfs_unlink_sigs
ecryptfs_key_bytes=16
ecryptfs_cipher=aes
ecryptfs_sig=015fa84ce5a1043d
Mounted eCryptfs
temp2 is now and encrypted folder. Any files and folders moved
into it or created in it, will be automatically encrypted.
It is very important to remember your passphrase to be able to access your eCryptfs encrypted files and folders. It is also advisable to make note of your encryption settings for future mounting/access of your encrypted file/directory. Choose a password of 14 characters long made up of 3 random words. This is easier to remember and still secure. You can add symbols and numbers to it increase the strength of the passphrase.
A signature file named "sig-cache.txt" will be created under "/root/.ecryptfs/" directory. This file is used to identify the mount passphrase in the kernel keyring. It is a read only file except for the root user. I suggest saving a copy with a .bak extension as the signature number for each encrypted and mounted folder. It is a good reference to have.
Accessing your encrypted data.
Each time you reboot
your system the encrypted volume will be dismounted and you will not
be able to access your encrypted data.
To access your data you have to
remount the encrypted volume with:
$
sudo mount -t ecryptfs /home/zephyr/temp2 /home/zephyr/temp2
After which Terminal pops up prompting you for your passphrase
The problem with this is that you have to enter all the encryption options each time.
Automating the mount process
My solution to this is make an executable .sh file with a text editor. I use the default, gnome, gedit text editor
In this example, I have called it mount_temp2.sh
Paste the following code into it. Use whatever options you chose when you encrypted the file/folder.
#!/bin/bash $ sudo mount -t ecryptfs -o ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_passthrough=no,ecryptfs_enable_filename_crypto=no /home/zephyr/temp2 /home/zephyr/temp2
Save mount_temp2.sh
Right click, on the file in File Manager, go to the Permissions tab and tick the box “Allow executing file as a programâ€
Next with your Text Editor, create a new executable file. Call it run_mount_temp2.sh for example. Paste the following code into it.
#!/bin/bash #start terminal and mount encrypted temp2 folder gnome- terminal -- sh -c './mount_temp2.sh'
Make
it executable as described
previously. Now when you
start your system, simply double click on
run_mount_temp2.sh
this it will call Terminal and prompt you to enter your passphrase. After entering the correct passphrase you will be granted full access to your encrypted folder and files within.
Automating the dismount process
You
can dismount (unmount) your encrypted folder at any time to make it
inaccessible. By default
to
unmount an encrypted drive manually,
open Terminal
an run
sudo umount /path/to encrypted/folder
so, in my test case it is
sudo umount /home/zephyr/temp2
To
Automate unmount/dismount:
Create
an executable file (refer to ‘Automating the mount process’ for
the steps) called
unmount_temp2.sh and in it enter the following code. Paths and folders should match your own.
Next
create the run file that will open Terminal and run the previous
created executable.
Create an executable file called run_unmount_temp2.sh
Enter the following code into it:
#!/bin/bash #start terminal and unmount encrypted temp2 folder gnome-terminal -- sh -c './unmount_temp2.sh'
Double clicking on run_unmount_temp2.sh will run Terminal and execute the command to unmount the encrypted folder
Notes on Automation
All the automation files should be in
the same folder/directory
The folder/directory containing the automation files should not be encrypted.
Creating an encrypted folder on a USB drive
On your Linux machine format a USB stick with ext4 file system. The USB stick will only be accessible to machines with Linux operating systems.
In this example I have given the USB
stick a Volume Label called “SECRETâ€.
Whenever you plug in this USB stick it
will be mounted as “SECRET†by the operating system.
Next create a folder on “SECRETâ€.
I called mine temp3.
Next mount and encrypt the temp3 folder by running the following command in Terminal. The path name should start with media/home directory name/usb volume name on a standard Ubuntu 18.04 install.
$ sudo mount -t ecryptfs /media/zephyr/SECRET/temp3 /media/zephyr/SECRET/temp3
The steps to automate are the same as described earlier on.
Note: Verify the volume name for the usb that you use in your scripts is correct and matches the one shown in Terminal when you type df .
In Conclusion
To further automate the mount process you could utilize the Startup Applications Preferences app
which comes pre-installed on Ubuntu 18.04 . This allows configuring applications to run automatically when logging in to your desktop. So just add the run_mount_temp2.sh example to the list of startup apps.
In the Command: field you need to enter bash U% followed by the path to your .sh executable.
bash %U /path/to/file/run_mount_temp2.sh
Alternatively you can create a .desktop file in /home/your home directory/.config/autostart . So for example mount_documents.desktop with the following code in it.
One quirk I noticed is that ecryptfs will allow you to carry on mounting your encrypted volume with an incorrect passphrase and proceed to create a new signature for it but you won’t be able to access your encrypted files and folders. Ecryptfs does warn you first that the passphrase you have entered maybe be incorrect and do you want to proceed with the mount. Best to abort if you are unsure about the passphrase you entered.
All in all , I think ecryptfs is a robust , fast and very flexible file encryption system.