free
/
freedombone
Volgen 1
Ster 0
Vork 0
Code Kwesties 0 Pull-aanvragen 0 Publicaties 0 Wiki Activiteit
Bladeren bron

Import keys to root for backup purposes

Bob Mottram 10 jaren geleden
bovenliggende
93589120c9
commit
09bb9a3c7f
1 gewijzigde bestanden met toevoegingen van 24 en 6 verwijderingen
Zij-aan-zij weergave Toon Diff Stats
  1. 24
    6
      install-freedombone.sh

+ 24
- 6
install-freedombone.sh Bestand weergeven 

@@ -308,7 +308,22 @@ function create_backup_script {
308 308 
   apt-get -y --force-yes install duplicity gnupg
309 309
310 310 
   if [ ! $MY_GPG_PUBLIC_KEY_ID ]; then
311 
-	  MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_USERNAME@$DOMAIN_NAME | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
311 
+      MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_USERNAME@$DOMAIN_NAME | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
312 
+  fi
313 
+
314 
+  # make sure that the root user has access to your gpg public key
315 
+  if [ $MY_GPG_PUBLIC_KEY_ID ]; then
316 
+      if [ ! $MY_GPG_PUBLIC_KEY ]; then
317 
+          MY_GPG_PUBLIC_KEY=/tmp/public_key.gpg
318 
+      fi
319 
+      # This is a compromise. backup needs access to things which the user
320 
+      # doesn't have access to, but also needs to be able to encrypt as the user
321 
+      # Perhaps there is some better way to do this.
322 
+      su -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME
323 
+      su -c "gpg --output ~/temp_private_key.txt --armor --export-secret-key $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME
324 
+      gpg --import $MY_GPG_PUBLIC_KEY
325 
+      gpg --allow-secret-key-import --import /home/$MY_USERNAME/temp_private_key.txt
326 
+      shred -zu /home/$MY_USERNAME/temp_private_key.txt
312 327 
   fi
313 328
314 329 
   echo '#!/bin/bash' > /usr/bin/$BACKUP_SCRIPT_NAME
 
@@ -397,9 +412,12 @@ function create_backup_script {
397 412 
   echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
398 413
399 414 
   echo 'echo "Cleaning up backup files"' >> /usr/bin/$BACKUP_SCRIPT_NAME
400 
-  echo "duplicity --force cleanup file://$USB_MOUNT/backup" >> /usr/bin/$BACKUP_SCRIPT_NAME
415 
+  echo -n 'duplicity --encrypt-key $GPG_KEY --force cleanup '
416 
+  echo "file://$USB_MOUNT/backup" >> /usr/bin/$BACKUP_SCRIPT_NAME
417 
+
401 418 
   echo 'echo "Removing old backups"' >> /usr/bin/$BACKUP_SCRIPT_NAME
402 
-  echo "duplicity --force remove-all-but-n-full 2 file://$USB_MOUNT/backup" >> /usr/bin/$BACKUP_SCRIPT_NAME
419 
+  echo -n 'duplicity --encrypt-key $GPG_KEY --force remove-all-but-n-full 2 '
420 
+  echo "file://$USB_MOUNT/backup" >> /usr/bin/$BACKUP_SCRIPT_NAME
403 421
404 422 
   echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
405 423 
   echo '# Remove temporary files' >> /usr/bin/$BACKUP_SCRIPT_NAME
 
@@ -1611,7 +1629,7 @@ function configure_gpg {
1611 1629 
   # if gpg keys directory was previously imported from usb
1612 1630 
   if [[ $GPG_KEYS_IMPORTED == "yes" && -d /home/$MY_USERNAME/.gnupg ]]; then
1613 1631 
       sed -i "s|keyserver hkp://keys.gnupg.net|keyserver $GPG_KEYSERVER|g" /home/$MY_USERNAME/.gnupg/gpg.conf
1614 
-	  MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_USERNAME@$DOMAIN_NAME | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
1632 
+      MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_USERNAME@$DOMAIN_NAME | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
1615 1633 
       echo 'configure_gpg' >> $COMPLETION_FILE
1616 1634 
       return
1617 1635 
   fi
 
@@ -1648,7 +1666,7 @@ function configure_gpg {
1648 1666 
       su -c "gpg --allow-secret-key-import --import $MY_GPG_PRIVATE_KEY" - $MY_USERNAME
1649 1667 
       # for security ensure that the private key file doesn't linger around
1650 1668 
       shred -zu $MY_GPG_PRIVATE_KEY
1651 
-	  MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_USERNAME@$DOMAIN_NAME | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
1669 
+      MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_USERNAME@$DOMAIN_NAME | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
1652 1670 
   else
1653 1671 
       # Generate a GPG key
1654 1672 
       echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf
 
@@ -1661,7 +1679,7 @@ function configure_gpg {
1661 1679 
       chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf
1662 1680 
       su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
1663 1681 
       shred -zu /home/$MY_USERNAME/gpg-genkey.conf
1664 
-	  MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_USERNAME@$DOMAIN_NAME | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
1682 
+      MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_USERNAME@$DOMAIN_NAME | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
1665 1683 
       MY_GPG_PUBLIC_KEY=/tmp/public_key.gpg
1666 1684 
       su -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME
1667 1685 
   fi