Преглед на файлове

Use encryption key with obnam

Bob Mottram преди 10 години
родител
ревизия
88ef1e1190
променени са 1 файла, в които са добавени 61 реда и са изтрити 41 реда
  1. 61
    41
      src/freedombone

+ 61
- 41
src/freedombone Целия файл

@@ -2417,7 +2417,13 @@ function get_mariadb_owncloud_admin_password {
2417 2417
 
2418 2418
 function backup_directory_to_usb {
2419 2419
   if [[ $BACKUP_TYPE == 'obnam' ]]; then
2420
-      echo "obnam backup -r $USB_MOUNT/backup/${2} ${1}" >> /usr/bin/$BACKUP_SCRIPT_NAME
2420
+      BACKUP_KEY_EXISTS=$("gpg --list-keys \"$MY_EMAIL_ADDRESS (backup key)\"")
2421
+      if [ ! "$?" = "0" ]; then
2422
+          echo "Backup key could not be found"
2423
+          exit 43382
2424
+      fi
2425
+      MY_BACKUP_KEY_ID=$(gpg --list-keys \"$MY_EMAIL_ADDRESS (backup key)\" | grep 'pub ' | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
2426
+      echo "obnam backup -r $USB_MOUNT/backup/${2} --encrypt-with $MY_BACKUP_KEY_ID ${1}" >> /usr/bin/$BACKUP_SCRIPT_NAME
2421 2427
   else
2422 2428
       # For rsyncrypto usage see http://archive09.linux.com/feature/125322
2423 2429
       echo "rsyncrypto -v -r ${1} $USB_MOUNT/backup/${2} $USB_MOUNT/backup/${2}.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME
@@ -2525,18 +2531,19 @@ function create_backup_script {
2525 2531
   echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
2526 2532
   echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
2527 2533
 
2528
-  echo "if [ ! -f $BACKUP_CERTIFICATE ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
2529
-  echo '    echo "Creating backup key"' >> /usr/bin/$BACKUP_SCRIPT_NAME
2530
-  echo "    freedombone-addcert -h backup --dhkey $DH_KEYLENGTH" >> /usr/bin/$BACKUP_SCRIPT_NAME
2531
-  echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
2532
-  echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
2533
-
2534
-  echo "if [ ! -f $BACKUP_CERTIFICATE.gpg ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
2535
-  echo '  echo "GPG encrypt the backup key"' >> /usr/bin/$BACKUP_SCRIPT_NAME
2536
-  echo "  gpg -c $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME
2537
-  echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
2538
-  echo "cp $BACKUP_CERTIFICATE.gpg $USB_MOUNT/backup/key.gpg" >> /usr/bin/$BACKUP_SCRIPT_NAME
2539
-  echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
2534
+  if [[ $BACKUP_TYPE != 'obnam' ]]; then
2535
+      echo "if [ ! -f $BACKUP_CERTIFICATE ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
2536
+      echo '    echo "Creating backup key"' >> /usr/bin/$BACKUP_SCRIPT_NAME
2537
+      echo "    freedombone-addcert -h backup --dhkey $DH_KEYLENGTH" >> /usr/bin/$BACKUP_SCRIPT_NAME
2538
+      echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
2539
+      echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
2540
+      echo "if [ ! -f $BACKUP_CERTIFICATE.gpg ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
2541
+      echo '  echo "GPG encrypt the backup key"' >> /usr/bin/$BACKUP_SCRIPT_NAME
2542
+      echo "  gpg -c $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME
2543
+      echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
2544
+      echo "cp $BACKUP_CERTIFICATE.gpg $USB_MOUNT/backup/key.gpg" >> /usr/bin/$BACKUP_SCRIPT_NAME
2545
+      echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
2546
+  fi
2540 2547
 
2541 2548
   echo '# MariaDB password' >> /usr/bin/$BACKUP_SCRIPT_NAME
2542 2549
   echo -n 'DATABASE_PASSWORD=$(cat ' >> /usr/bin/$BACKUP_SCRIPT_NAME
@@ -2975,34 +2982,36 @@ function create_restore_script {
2975 2982
   echo 'cp -r /home/$MY_USERNAME/.gnupg /root' >> /usr/bin/$RESTORE_SCRIPT_NAME
2976 2983
   echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
2977 2984
 
2978
-  echo "if [ -f $USB_MOUNT/backup/key.gpg ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
2979
-  echo "  if [ -f $BACKUP_CERTIFICATE.new ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
2980
-  echo "    rm $BACKUP_CERTIFICATE.new" >> /usr/bin/$RESTORE_SCRIPT_NAME
2981
-  echo '  fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
2982
-  echo "  cp $USB_MOUNT/backup/key.gpg /root/tempbackupkey.gpg" >> /usr/bin/$RESTORE_SCRIPT_NAME
2983
-  echo "  gpg /root/tempbackupkey.gpg" >> /usr/bin/$RESTORE_SCRIPT_NAME
2984
-  echo "  if [ -f /root/tempbackupkey ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
2985
-  echo '    echo "Backup key decrypted"' >> /usr/bin/$RESTORE_SCRIPT_NAME
2986
-  echo "    cp /root/tempbackupkey $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME
2987
-  echo "    shred -zu /root/tempbackupkey" >> /usr/bin/$RESTORE_SCRIPT_NAME
2988
-  echo "    chmod 400 $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME
2989
-  echo '    echo "Backup certificate installed"' >> /usr/bin/$RESTORE_SCRIPT_NAME
2990
-  echo '  else' >> /usr/bin/$RESTORE_SCRIPT_NAME
2991
-  echo '    echo "Unable to decrypt the backup key"' >> /usr/bin/$RESTORE_SCRIPT_NAME
2992
-  echo "    umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
2993
-  echo "    rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
2994
-  echo '    exit 735' >> /usr/bin/$RESTORE_SCRIPT_NAME
2995
-  echo '  fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
2996
-  echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
2997
-  echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
2985
+  if [[ $BACKUP_TYPE != 'obnam' ]]; then
2986
+      echo "if [ -f $USB_MOUNT/backup/key.gpg ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
2987
+      echo "  if [ -f $BACKUP_CERTIFICATE.new ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
2988
+      echo "    rm $BACKUP_CERTIFICATE.new" >> /usr/bin/$RESTORE_SCRIPT_NAME
2989
+      echo '  fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
2990
+      echo "  cp $USB_MOUNT/backup/key.gpg /root/tempbackupkey.gpg" >> /usr/bin/$RESTORE_SCRIPT_NAME
2991
+      echo "  gpg /root/tempbackupkey.gpg" >> /usr/bin/$RESTORE_SCRIPT_NAME
2992
+      echo "  if [ -f /root/tempbackupkey ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
2993
+      echo '    echo "Backup key decrypted"' >> /usr/bin/$RESTORE_SCRIPT_NAME
2994
+      echo "    cp /root/tempbackupkey $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME
2995
+      echo "    shred -zu /root/tempbackupkey" >> /usr/bin/$RESTORE_SCRIPT_NAME
2996
+      echo "    chmod 400 $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME
2997
+      echo '    echo "Backup certificate installed"' >> /usr/bin/$RESTORE_SCRIPT_NAME
2998
+      echo '  else' >> /usr/bin/$RESTORE_SCRIPT_NAME
2999
+      echo '    echo "Unable to decrypt the backup key"' >> /usr/bin/$RESTORE_SCRIPT_NAME
3000
+      echo "    umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
3001
+      echo "    rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
3002
+      echo '    exit 735' >> /usr/bin/$RESTORE_SCRIPT_NAME
3003
+      echo '  fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
3004
+      echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
3005
+      echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
2998 3006
 
2999
-  echo "if [ ! -f $BACKUP_CERTIFICATE ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
3000
-  echo "    echo 'No backup key was found. Copy your backup key to $BACKUP_CERTIFICATE'" >> /usr/bin/$RESTORE_SCRIPT_NAME
3001
-  echo "    umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
3002
-  echo "    rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
3003
-  echo '    exit 563' >> /usr/bin/$RESTORE_SCRIPT_NAME
3004
-  echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
3005
-  echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
3007
+      echo "if [ ! -f $BACKUP_CERTIFICATE ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
3008
+      echo "    echo 'No backup key was found. Copy your backup key to $BACKUP_CERTIFICATE'" >> /usr/bin/$RESTORE_SCRIPT_NAME
3009
+      echo "    umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
3010
+      echo "    rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
3011
+      echo '    exit 563' >> /usr/bin/$RESTORE_SCRIPT_NAME
3012
+      echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
3013
+      echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
3014
+  fi
3006 3015
   echo '# MariaDB password' >> /usr/bin/$RESTORE_SCRIPT_NAME
3007 3016
   echo -n 'DATABASE_PASSWORD=$(cat ' >> /usr/bin/$RESTORE_SCRIPT_NAME
3008 3017
   echo "$DATABASE_PASSWORD_FILE)" >> /usr/bin/$RESTORE_SCRIPT_NAME
@@ -3557,7 +3566,15 @@ function create_freedns_updater {
3557 3566
 
3558 3567
 function backup_directory_to_friend {
3559 3568
   if [[ $BACKUP_TYPE == 'obnam' ]]; then
3560
-      echo -n 'obnam backup -r $SERVER_DIRECTORY/backup/' >> /usr/bin/$BACKUP_SCRIPT_NAME
3569
+      BACKUP_KEY_EXISTS=$("gpg --list-keys \"$MY_EMAIL_ADDRESS (backup key)\"")
3570
+      if [ ! "$?" = "0" ]; then
3571
+          echo "Backup key could not be found"
3572
+          exit 43382
3573
+      fi
3574
+      MY_BACKUP_KEY_ID=$(gpg --list-keys \"$MY_EMAIL_ADDRESS (backup key)\" | grep 'pub ' | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
3575
+
3576
+      echo -n 'obnam backup -r $SERVER_DIRECTORY/backup/ ' >> /usr/bin/$BACKUP_SCRIPT_NAME
3577
+      echo "--encrypt-with $MY_BACKUP_KEY_ID " >> /usr/bin/$BACKUP_SCRIPT_NAME
3561 3578
       echo "${2} ${1}" >> /usr/bin/$BACKUP_SCRIPT_NAME
3562 3579
   else
3563 3580
       # For rsyncrypto usage see http://archive09.linux.com/feature/125322
@@ -6305,6 +6322,9 @@ function configure_backup_key {
6305 6322
   if grep -Fxq "configure_backup_key" $COMPLETION_FILE; then
6306 6323
       return
6307 6324
   fi
6325
+  if [[ $BACKUP_TYPE != 'obnam' ]]; then
6326
+      return
6327
+  fi
6308 6328
   apt-get -y install gnupg
6309 6329
 
6310 6330
   BACKUP_KEY_EXISTS=$(su -c "gpg --list-keys \"$MY_EMAIL_ADDRESS (backup key)\"" - $MY_USERNAME)