Refresh gpg keys on client

src/freedombone-client

@@ -40,11 +40,11 @@ VERSION="1.01"
 # get the main project file, so that some values can be extracted
 MAIN_PROJECT_FILE=/usr/local/bin/${PROJECT_NAME}
 if [ ! -f $MAIN_PROJECT_FILE ]; then
-    MAIN_PROJECT_FILE=/usr/bin/${PROJECT_NAME}
+	MAIN_PROJECT_FILE=/usr/bin/${PROJECT_NAME}
 fi
 if [ ! -f $MAIN_PROJECT_FILE ]; then
-    echo "The main project file $MAIN_PROJECT_FILE was not found"
-    exit 72529
+	echo "The main project file $MAIN_PROJECT_FILE was not found"
+	exit 72529
 fi
 
 # ssh (from https://stribika.github.io/2015/01/04/secure-secure-shell.html)
@@ -53,117 +53,135 @@ SSH_MACS=$(cat $MAIN_PROJECT_FILE | grep 'SSH_MACS=' | head -n 1 | awk -F '"' '{
 SSH_KEX=$(cat $MAIN_PROJECT_FILE | grep 'SSH_KEX=' | head -n 1 | awk -F '"' '{print $2}')
 SSH_HOST_KEY_ALGORITHMS=$(cat $MAIN_PROJECT_FILE | grep 'SSH_HOST_KEY_ALGORITHMS=' | head -n 1 | awk -F '"' '{print $2}')
 
+# refresh gpg keys every few hours
+REFRESH_GPG_KEYS_HOURS=2
+
+function refresh_gpg_keys {
+	if [ ! -f /usr/bin/gpg ]; then
+		sudo apt-get -y install gnupg
+	fi
+	sudo cp /etc/crontab ~/temp_crontab
+	sudo chown $CURR_USER:$CURR_USER ~/temp_crontab
+	if ! grep -q "gpg --refresh-keys" ~/temp_crontab; then
+		echo "0            */$REFRESH_GPG_KEYS_HOURS *   *   *   $CURR_USER /usr/bin/gpg --refresh-keys > /dev/null" >> ~/temp_crontab
+		sudo cp ~/temp_crontab /etc/crontab
+		chown root:root /etc/crontab
+	fi
+	rm ~/temp_crontab
+}
+
 # see https://stribika.github.io/2015/01/04/secure-secure-shell.html
 function ssh_remove_small_moduli {
-    sudo awk '$5 > 2000' /etc/ssh/moduli > /home/$CURR_USER/moduli
-    sudo mv /home/$CURR_USER/moduli /etc/ssh/moduli
+	sudo awk '$5 > 2000' /etc/ssh/moduli > /home/$CURR_USER/moduli
+	sudo mv /home/$CURR_USER/moduli /etc/ssh/moduli
 }
 
 function configure_ssh_client {
-    #sudo sed -i 's/#   PasswordAuthentication.*/   PasswordAuthentication no/g' /etc/ssh/ssh_config
-    #sudo sed -i 's/#   ChallengeResponseAuthentication.*/   ChallengeResponseAuthentication no/g' /etc/ssh/ssh_config
-    sudo sed -i "s/#   HostKeyAlgorithms.*/   HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS/g" /etc/ssh/ssh_config
-    sudo sed -i "s/#   Ciphers.*/   Ciphers $SSH_CIPHERS/g" /etc/ssh/ssh_config
-    sudo sed -i "s/#   MACs.*/   MACs $SSH_MACS/g" /etc/ssh/ssh_config
-    if ! grep -q "HostKeyAlgorithms" /etc/ssh/ssh_config; then
-        sudo cp /etc/ssh/ssh_config ~/ssh_config
-        sudo chown $CURR_USER:$CURR_USER ~/ssh_config
-        echo "   HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS" >> ~/ssh_config
-        sudo mv ~/ssh_config /etc/ssh/ssh_config
-        sudo chown root:root /etc/ssh/ssh_config
-    fi
-    sudo sed -i "s/Ciphers.*/Ciphers $SSH_CIPHERS/g" /etc/ssh/ssh_config
-    if ! grep -q "Ciphers " /etc/ssh/ssh_config; then
-        sudo cp /etc/ssh/ssh_config ~/ssh_config
-        sudo chown $CURR_USER:$CURR_USER ~/ssh_config
-        echo "   Ciphers $SSH_CIPHERS" >> ~/ssh_config
-        sudo mv ~/ssh_config /etc/ssh/ssh_config
-        sudo chown root:root /etc/ssh/ssh_config
-    fi
-    sudo sed -i "s/MACs.*/MACs $SSH_MACS/g" /etc/ssh/ssh_config
-    if ! grep -q "MACs " /etc/ssh/ssh_config; then
-        sudo cp /etc/ssh/ssh_config ~/ssh_config
-        sudo chown $CURR_USER:$CURR_USER ~/ssh_config
-        echo "   MACs $SSH_MACS" >> ~/ssh_config
-        sudo mv ~/ssh_config /etc/ssh/ssh_config
-        sudo chown root:root /etc/ssh/ssh_config
-    fi
-
-    # Create ssh keys
-    if [ ! -f /home/$CURR_USER/.ssh/id_ed25519 ]; then
-        ssh-keygen -t ed25519 -o -a 100
-    fi
-    if [ ! -f /home/$CURR_USER/.ssh/id_rsa ]; then
-        ssh-keygen -t rsa -b 4096 -o -a 100
-    fi
-
-    ssh_remove_small_moduli
-
-    if [ ! -d ~/.ssh ]; then
-        mkdir ~/.ssh
-    fi
-    echo 'Host *.onion' > ~/.ssh/config
-    echo '  ServerAliveInterval 60' >> ~/.ssh/config
-    echo '  ServerAliveCountMax 3' >> ~/.ssh/config
-    echo "  ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p" >> ~/.ssh/config
-    echo "#  ProxyCommand sh -c 'monkeysphere ssh-proxycommand --no-connect %h %p ; connect -R remote -5 -S 127.0.0.1:9050 %h %p'" >> ~/.ssh/config
-    echo 'Host *' >> ~/.ssh/config
-    echo '  ServerAliveInterval 60' >> ~/.ssh/config
-    echo '  ServerAliveCountMax 3' >> ~/.ssh/config
-    echo '#  ProxyCommand monkeysphere ssh-proxycommand %h %p' >> ~/.ssh/config
-
-    echo ''
-    echo $'Copy the following into a file called /home/username/.ssh/authorized_keys on the Freedombone server'
-    echo ''
-    echo $(cat /home/$CURR_USER/.ssh/id_rsa.pub)
-    echo $(cat /home/$CURR_USER/.ssh/id_ed25519.pub)
-    echo ''
+	#sudo sed -i 's/#   PasswordAuthentication.*/   PasswordAuthentication no/g' /etc/ssh/ssh_config
+	#sudo sed -i 's/#   ChallengeResponseAuthentication.*/   ChallengeResponseAuthentication no/g' /etc/ssh/ssh_config
+	sudo sed -i "s/#   HostKeyAlgorithms.*/   HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS/g" /etc/ssh/ssh_config
+	sudo sed -i "s/#   Ciphers.*/   Ciphers $SSH_CIPHERS/g" /etc/ssh/ssh_config
+	sudo sed -i "s/#   MACs.*/   MACs $SSH_MACS/g" /etc/ssh/ssh_config
+	if ! grep -q "HostKeyAlgorithms" /etc/ssh/ssh_config; then
+		sudo cp /etc/ssh/ssh_config ~/ssh_config
+		sudo chown $CURR_USER:$CURR_USER ~/ssh_config
+		echo "   HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS" >> ~/ssh_config
+		sudo mv ~/ssh_config /etc/ssh/ssh_config
+		sudo chown root:root /etc/ssh/ssh_config
+	fi
+	sudo sed -i "s/Ciphers.*/Ciphers $SSH_CIPHERS/g" /etc/ssh/ssh_config
+	if ! grep -q "Ciphers " /etc/ssh/ssh_config; then
+		sudo cp /etc/ssh/ssh_config ~/ssh_config
+		sudo chown $CURR_USER:$CURR_USER ~/ssh_config
+		echo "   Ciphers $SSH_CIPHERS" >> ~/ssh_config
+		sudo mv ~/ssh_config /etc/ssh/ssh_config
+		sudo chown root:root /etc/ssh/ssh_config
+	fi
+	sudo sed -i "s/MACs.*/MACs $SSH_MACS/g" /etc/ssh/ssh_config
+	if ! grep -q "MACs " /etc/ssh/ssh_config; then
+		sudo cp /etc/ssh/ssh_config ~/ssh_config
+		sudo chown $CURR_USER:$CURR_USER ~/ssh_config
+		echo "   MACs $SSH_MACS" >> ~/ssh_config
+		sudo mv ~/ssh_config /etc/ssh/ssh_config
+		sudo chown root:root /etc/ssh/ssh_config
+	fi
+
+	# Create ssh keys
+	if [ ! -f /home/$CURR_USER/.ssh/id_ed25519 ]; then
+		ssh-keygen -t ed25519 -o -a 100
+	fi
+	if [ ! -f /home/$CURR_USER/.ssh/id_rsa ]; then
+		ssh-keygen -t rsa -b 4096 -o -a 100
+	fi
+
+	ssh_remove_small_moduli
+
+	if [ ! -d ~/.ssh ]; then
+		mkdir ~/.ssh
+	fi
+	echo 'Host *.onion' > ~/.ssh/config
+	echo '  ServerAliveInterval 60' >> ~/.ssh/config
+	echo '  ServerAliveCountMax 3' >> ~/.ssh/config
+	echo "  ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p" >> ~/.ssh/config
+	echo "#  ProxyCommand sh -c 'monkeysphere ssh-proxycommand --no-connect %h %p ; connect -R remote -5 -S 127.0.0.1:9050 %h %p'" >> ~/.ssh/config
+	echo 'Host *' >> ~/.ssh/config
+	echo '  ServerAliveInterval 60' >> ~/.ssh/config
+	echo '  ServerAliveCountMax 3' >> ~/.ssh/config
+	echo '#  ProxyCommand monkeysphere ssh-proxycommand %h %p' >> ~/.ssh/config
+
+	echo ''
+	echo $'Copy the following into a file called /home/username/.ssh/authorized_keys on the Freedombone server'
+	echo ''
+	echo $(cat /home/$CURR_USER/.ssh/id_rsa.pub)
+	echo $(cat /home/$CURR_USER/.ssh/id_ed25519.pub)
+	echo ''
 }
 
 function configure_monkeysphere {
-    sudo apt-get -y install tor connect-proxy monkeysphere
+	sudo apt-get -y install tor connect-proxy monkeysphere
 }
 
 function show_help {
-    echo ''
-    echo $"${PROJECT_NAME}-client --mesh [yes|no]"
-    echo ''
-    exit 0
+	echo ''
+	echo $"${PROJECT_NAME}-client --mesh [yes|no]"
+	echo ''
+	exit 0
 }
 
 while [[ $# > 1 ]]
 do
-    key="$1"
-
-    case $key in
-        -h|--help)
-            show_help
-            ;;
-        --essid)
-            shift
-            WIFI_SSID="$1"
-            ;;
-        --channel)
-            shift
-            WIFI_CHANNEL=${1}
-            ;;
-        --mesh)
-            shift
-            MESH_CLIENT_INSTALL=${1}
-            ;;
-        *)
-            # unknown option
-            ;;
-    esac
-    shift
+	key="$1"
+
+	case $key in
+		-h|--help)
+			show_help
+			;;
+		--essid)
+			shift
+			WIFI_SSID="$1"
+			;;
+		--channel)
+			shift
+			WIFI_CHANNEL=${1}
+			;;
+		--mesh)
+			shift
+			MESH_CLIENT_INSTALL=${1}
+			;;
+		*)
+			# unknown option
+			;;
+	esac
+	shift
 done
 
 echo $'Configuring client'
+refresh_gpg_keys
 configure_ssh_client
 configure_monkeysphere
 if [[ $MESH_CLIENT_INSTALL == $'yes' || $MESH_CLIENT_INSTALL == $'y' || $MESH_CLIENT_INSTALL == $'on' ]]; then
-    ${PROJECT_NAME}-mesh-install batman_client
-    ${PROJECT_NAME}-mesh-install babel_client
+	${PROJECT_NAME}-mesh-install batman_client
+	${PROJECT_NAME}-mesh-install babel_client
 fi
 echo $'Configuration complete'
 exit 0