|
|
@@ -2417,7 +2417,13 @@ function get_mariadb_owncloud_admin_password {
|
|
2417
|
2417
|
|
|
2418
|
2418
|
function backup_directory_to_usb {
|
|
2419
|
2419
|
if [[ $BACKUP_TYPE == 'obnam' ]]; then
|
|
2420
|
|
- echo "obnam backup -r $USB_MOUNT/backup/${2} ${1}" >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
|
2420
|
+ BACKUP_KEY_EXISTS=$("gpg --list-keys \"$MY_EMAIL_ADDRESS (backup key)\"")
|
|
|
2421
|
+ if [ ! "$?" = "0" ]; then
|
|
|
2422
|
+ echo "Backup key could not be found"
|
|
|
2423
|
+ exit 43382
|
|
|
2424
|
+ fi
|
|
|
2425
|
+ MY_BACKUP_KEY_ID=$(gpg --list-keys \"$MY_EMAIL_ADDRESS (backup key)\" | grep 'pub ' | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
|
|
|
2426
|
+ echo "obnam backup -r $USB_MOUNT/backup/${2} --encrypt-with $MY_BACKUP_KEY_ID ${1}" >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
2421
|
2427
|
else
|
|
2422
|
2428
|
# For rsyncrypto usage see http://archive09.linux.com/feature/125322
|
|
2423
|
2429
|
echo "rsyncrypto -v -r ${1} $USB_MOUNT/backup/${2} $USB_MOUNT/backup/${2}.keys $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
|
@@ -2525,18 +2531,19 @@ function create_backup_script {
|
|
2525
|
2531
|
echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
2526
|
2532
|
echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
2527
|
2533
|
|
|
2528
|
|
- echo "if [ ! -f $BACKUP_CERTIFICATE ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
2529
|
|
- echo ' echo "Creating backup key"' >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
2530
|
|
- echo " freedombone-addcert -h backup --dhkey $DH_KEYLENGTH" >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
2531
|
|
- echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
2532
|
|
- echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
2533
|
|
-
|
|
2534
|
|
- echo "if [ ! -f $BACKUP_CERTIFICATE.gpg ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
2535
|
|
- echo ' echo "GPG encrypt the backup key"' >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
2536
|
|
- echo " gpg -c $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
2537
|
|
- echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
2538
|
|
- echo "cp $BACKUP_CERTIFICATE.gpg $USB_MOUNT/backup/key.gpg" >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
2539
|
|
- echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
|
2534
|
+ if [[ $BACKUP_TYPE != 'obnam' ]]; then
|
|
|
2535
|
+ echo "if [ ! -f $BACKUP_CERTIFICATE ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
|
2536
|
+ echo ' echo "Creating backup key"' >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
|
2537
|
+ echo " freedombone-addcert -h backup --dhkey $DH_KEYLENGTH" >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
|
2538
|
+ echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
|
2539
|
+ echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
|
2540
|
+ echo "if [ ! -f $BACKUP_CERTIFICATE.gpg ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
|
2541
|
+ echo ' echo "GPG encrypt the backup key"' >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
|
2542
|
+ echo " gpg -c $BACKUP_CERTIFICATE" >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
|
2543
|
+ echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
|
2544
|
+ echo "cp $BACKUP_CERTIFICATE.gpg $USB_MOUNT/backup/key.gpg" >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
|
2545
|
+ echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
|
2546
|
+ fi
|
|
2540
|
2547
|
|
|
2541
|
2548
|
echo '# MariaDB password' >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
2542
|
2549
|
echo -n 'DATABASE_PASSWORD=$(cat ' >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
|
@@ -2975,34 +2982,36 @@ function create_restore_script {
|
|
2975
|
2982
|
echo 'cp -r /home/$MY_USERNAME/.gnupg /root' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
2976
|
2983
|
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
2977
|
2984
|
|
|
2978
|
|
- echo "if [ -f $USB_MOUNT/backup/key.gpg ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
2979
|
|
- echo " if [ -f $BACKUP_CERTIFICATE.new ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
2980
|
|
- echo " rm $BACKUP_CERTIFICATE.new" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
2981
|
|
- echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
2982
|
|
- echo " cp $USB_MOUNT/backup/key.gpg /root/tempbackupkey.gpg" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
2983
|
|
- echo " gpg /root/tempbackupkey.gpg" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
2984
|
|
- echo " if [ -f /root/tempbackupkey ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
2985
|
|
- echo ' echo "Backup key decrypted"' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
2986
|
|
- echo " cp /root/tempbackupkey $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
2987
|
|
- echo " shred -zu /root/tempbackupkey" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
2988
|
|
- echo " chmod 400 $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
2989
|
|
- echo ' echo "Backup certificate installed"' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
2990
|
|
- echo ' else' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
2991
|
|
- echo ' echo "Unable to decrypt the backup key"' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
2992
|
|
- echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
2993
|
|
- echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
2994
|
|
- echo ' exit 735' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
2995
|
|
- echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
2996
|
|
- echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
2997
|
|
- echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
|
2985
|
+ if [[ $BACKUP_TYPE != 'obnam' ]]; then
|
|
|
2986
|
+ echo "if [ -f $USB_MOUNT/backup/key.gpg ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
|
2987
|
+ echo " if [ -f $BACKUP_CERTIFICATE.new ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
|
2988
|
+ echo " rm $BACKUP_CERTIFICATE.new" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
|
2989
|
+ echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
|
2990
|
+ echo " cp $USB_MOUNT/backup/key.gpg /root/tempbackupkey.gpg" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
|
2991
|
+ echo " gpg /root/tempbackupkey.gpg" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
|
2992
|
+ echo " if [ -f /root/tempbackupkey ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
|
2993
|
+ echo ' echo "Backup key decrypted"' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
|
2994
|
+ echo " cp /root/tempbackupkey $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
|
2995
|
+ echo " shred -zu /root/tempbackupkey" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
|
2996
|
+ echo " chmod 400 $BACKUP_CERTIFICATE" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
|
2997
|
+ echo ' echo "Backup certificate installed"' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
|
2998
|
+ echo ' else' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
|
2999
|
+ echo ' echo "Unable to decrypt the backup key"' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
|
3000
|
+ echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
|
3001
|
+ echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
|
3002
|
+ echo ' exit 735' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
|
3003
|
+ echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
|
3004
|
+ echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
|
3005
|
+ echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
2998
|
3006
|
|
|
2999
|
|
- echo "if [ ! -f $BACKUP_CERTIFICATE ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
3000
|
|
- echo " echo 'No backup key was found. Copy your backup key to $BACKUP_CERTIFICATE'" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
3001
|
|
- echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
3002
|
|
- echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
3003
|
|
- echo ' exit 563' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
3004
|
|
- echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
3005
|
|
- echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
|
3007
|
+ echo "if [ ! -f $BACKUP_CERTIFICATE ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
|
3008
|
+ echo " echo 'No backup key was found. Copy your backup key to $BACKUP_CERTIFICATE'" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
|
3009
|
+ echo " umount $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
|
3010
|
+ echo " rm -rf $USB_MOUNT" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
|
3011
|
+ echo ' exit 563' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
|
3012
|
+ echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
|
3013
|
+ echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
|
3014
|
+ fi
|
|
3006
|
3015
|
echo '# MariaDB password' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
3007
|
3016
|
echo -n 'DATABASE_PASSWORD=$(cat ' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
3008
|
3017
|
echo "$DATABASE_PASSWORD_FILE)" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
|
@@ -3557,7 +3566,15 @@ function create_freedns_updater {
|
|
3557
|
3566
|
|
|
3558
|
3567
|
function backup_directory_to_friend {
|
|
3559
|
3568
|
if [[ $BACKUP_TYPE == 'obnam' ]]; then
|
|
3560
|
|
- echo -n 'obnam backup -r $SERVER_DIRECTORY/backup/' >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
|
3569
|
+ BACKUP_KEY_EXISTS=$("gpg --list-keys \"$MY_EMAIL_ADDRESS (backup key)\"")
|
|
|
3570
|
+ if [ ! "$?" = "0" ]; then
|
|
|
3571
|
+ echo "Backup key could not be found"
|
|
|
3572
|
+ exit 43382
|
|
|
3573
|
+ fi
|
|
|
3574
|
+ MY_BACKUP_KEY_ID=$(gpg --list-keys \"$MY_EMAIL_ADDRESS (backup key)\" | grep 'pub ' | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
|
|
|
3575
|
+
|
|
|
3576
|
+ echo -n 'obnam backup -r $SERVER_DIRECTORY/backup/ ' >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
|
3577
|
+ echo "--encrypt-with $MY_BACKUP_KEY_ID " >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
3561
|
3578
|
echo "${2} ${1}" >> /usr/bin/$BACKUP_SCRIPT_NAME
|
|
3562
|
3579
|
else
|
|
3563
|
3580
|
# For rsyncrypto usage see http://archive09.linux.com/feature/125322
|
|
|
@@ -6305,6 +6322,9 @@ function configure_backup_key {
|
|
6305
|
6322
|
if grep -Fxq "configure_backup_key" $COMPLETION_FILE; then
|
|
6306
|
6323
|
return
|
|
6307
|
6324
|
fi
|
|
|
6325
|
+ if [[ $BACKUP_TYPE != 'obnam' ]]; then
|
|
|
6326
|
+ return
|
|
|
6327
|
+ fi
|
|
6308
|
6328
|
apt-get -y install gnupg
|
|
6309
|
6329
|
|
|
6310
|
6330
|
BACKUP_KEY_EXISTS=$(su -c "gpg --list-keys \"$MY_EMAIL_ADDRESS (backup key)\"" - $MY_USERNAME)
|
Bob Mottram
před 10 roky