free
/
freedombone
Прати 1
Волим 0
Креирај огранак 0
Код Дискусије 0 Захтеви за спајање 0 Издања 0 Вики Activity
Преглед изворни кода

Use an ssh key for backup encryption

Bob Mottram пре 10 година
родитељ
be0ec9a11b
комит
a6f9a69986
1 измењених фајлова са 27 додато и 18 уклоњено
Један поглед Покажи статистику Diff
  1. 27
    18
      install-freedombone.sh

+ 27
- 18
install-freedombone.sh Прегледај датотеку

240 
 # name of a script used to restore backed up data from a friend
 240 
 # name of a script used to restore backed up data from a friend
241 
 RESTORE_FROM_FRIEND_SCRIPT_NAME="restorefromfriend"
 241 
 RESTORE_FROM_FRIEND_SCRIPT_NAME="restorefromfriend"
242
242
243 
-# passphrase used for automatic backups to friends servers
244 
-# this will be automatically generated
245 
-BACKUP_TO_FRIENDS_PASSPHRASE=
246 
-
247 
 # memory limit for php in MB
 243 
 # memory limit for php in MB
248 
 MAX_PHP_MEMORY=64
 244 
 MAX_PHP_MEMORY=64
249
245
631 
       echo "tar -czvf /home/$MY_USERNAME/tempfiles/blog.tar.gz /var/www/$FULLBLOG_DOMAIN_NAME/htdocs" >> /usr/bin/$BACKUP_SCRIPT_NAME
 627 
       echo "tar -czvf /home/$MY_USERNAME/tempfiles/blog.tar.gz /var/www/$FULLBLOG_DOMAIN_NAME/htdocs" >> /usr/bin/$BACKUP_SCRIPT_NAME
632 
   fi
 628 
   fi
633 
   echo 'echo "Archiving miscellaneous files"' >> /usr/bin/$BACKUP_SCRIPT_NAME
 629 
   echo 'echo "Archiving miscellaneous files"' >> /usr/bin/$BACKUP_SCRIPT_NAME
634 
-  echo "tar -czvf /home/$MY_USERNAME/tempfiles/miscfiles.tar.gz /home/$MY_USERNAME/.gnupg /home/$MY_USERNAME/.muttrc /home/$MY_USERNAME/.procmailrc /home/$MY_USERNAME/.ssh /var/lib/mysql/mysql /var/www /etc/nginx/sites-available /etc/ssl/private /etc/ssl/certs $GITHUB_BACKUP_DIRECTORY /home/$MY_USERNAME/projects /home/$MY_USERNAME/personal /home/$MY_USERNAME/README" >> /usr/bin/$BACKUP_SCRIPT_NAME
630 
+  echo "tar -czvf /home/$MY_USERNAME/tempfiles/miscfiles.tar.gz /home/$MY_USERNAME/.gnupg /home/$MY_USERNAME/.muttrc /home/$MY_USERNAME/.procmailrc /home/$MY_USERNAME/.ssh /root/backupkey /var/lib/mysql/mysql /var/www /etc/nginx/sites-available /etc/ssl/private /etc/ssl/certs $GITHUB_BACKUP_DIRECTORY /home/$MY_USERNAME/projects /home/$MY_USERNAME/personal /home/$MY_USERNAME/README" >> /usr/bin/$BACKUP_SCRIPT_NAME
635
631
636 
   echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
 632 
   echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
637 
   echo '# Backup the public mailing list' >> /usr/bin/$BACKUP_SCRIPT_NAME
 633 
   echo '# Backup the public mailing list' >> /usr/bin/$BACKUP_SCRIPT_NAME
845 
   fi
 841 
   fi
846
842
847 
   apt-get -y --force-yes install duplicity
 843 
   apt-get -y --force-yes install duplicity
848 
-
849 
-  if [ ! $BACKUP_TO_FRIENDS_PASSPHRASE ]; then
850 
-      BACKUP_TO_FRIENDS_PASSPHRASE=$(openssl rand -base64 32)
851 
-  fi
852 
-
844 
+
853 
   if ! grep -q "backups on friends servers" /home/$MY_USERNAME/README; then
 845 
   if ! grep -q "backups on friends servers" /home/$MY_USERNAME/README; then
854 
       echo '' >> /home/$MY_USERNAME/README
 846 
       echo '' >> /home/$MY_USERNAME/README
855 
       echo '' >> /home/$MY_USERNAME/README
 847 
       echo '' >> /home/$MY_USERNAME/README
856 
       echo 'Backups' >> /home/$MY_USERNAME/README
 848 
       echo 'Backups' >> /home/$MY_USERNAME/README
857 
       echo '=======' >> /home/$MY_USERNAME/README
 849 
       echo '=======' >> /home/$MY_USERNAME/README
858 
-      echo "Passphrase for backups on friends servers: $BACKUP_TO_FRIENDS_PASSPHRASE" >> /home/$MY_USERNAME/README
850 
+      echo 'Key file: /root/backupkey' >> /home/$MY_USERNAME/README
859 
       echo "To add friends servers create a file called $FRIENDS_SERVERS_LIST"
 851 
       echo "To add friends servers create a file called $FRIENDS_SERVERS_LIST"
860 
       echo 'and add entries like this:' >> /home/$MY_USERNAME/README
 852 
       echo 'and add entries like this:' >> /home/$MY_USERNAME/README
861 
       echo '' >> /home/$MY_USERNAME/README
 853 
       echo '' >> /home/$MY_USERNAME/README
869
861
870 
   echo '#!/bin/bash' > /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
 862 
   echo '#!/bin/bash' > /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
871 
   echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
 863 
   echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
872 
-  echo "PASSPHRASE='$BACKUP_TO_FRIENDS_PASSPHRASE'" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
864 
+
865 
+  echo '# Generate an ssh key used for encrypting backups' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
866 
+  echo "if [ ! -f /root/backupkey ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
867 
+  echo '  ssh-keygen -t rsa -f /root/backupkey -q -N ""' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
868 
+  echo '  sed -i "s/-----BEGIN RSA PRIVATE KEY-----//g" /root/backupkey' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
869 
+  echo '  sed -i "s/-----END RSA PRIVATE KEY-----//g" /root/backupkey' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
870 
+  echo '  sed -i "s/==//g" /root/backupkey' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
871 
+  echo '  chmod 400 /root/backupkey' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
872 
+  echo '  rm /root/backupkey.pub' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
873 
+  echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
874 
+  echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
875 
+
876 
+  echo '# Passphrase is the ssh private key' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
877 
+  echo "PASSPHRASE=$(</root/backupkey)" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
873 
   echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
 878 
   echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
874 
   echo "if [ ! -f $FRIENDS_SERVERS_LIST ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
 879 
   echo "if [ ! -f $FRIENDS_SERVERS_LIST ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
875 
   echo '    exit 1' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
 880 
   echo '    exit 1' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
905 
   if grep -Fxq "install_blog" $COMPLETION_FILE; then
 910 
   if grep -Fxq "install_blog" $COMPLETION_FILE; then
906 
       echo "tar -czvf /home/$MY_USERNAME/tempfiles/blog.tar.gz /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/data" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
 911 
       echo "tar -czvf /home/$MY_USERNAME/tempfiles/blog.tar.gz /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/data" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
907 
   fi
 912 
   fi
908 
-  echo "tar -czvf /home/$MY_USERNAME/tempfiles/miscfiles.tar.gz /home/$MY_USERNAME/.gnupg /home/$MY_USERNAME/.muttrc /home/$MY_USERNAME/.procmailrc /home/$MY_USERNAME/.ssh /var/lib/mysql/mysql /var/www /etc/nginx/sites-available /etc/ssl/private /etc/ssl/certs $GITHUB_BACKUP_DIRECTORY /home/$MY_USERNAME/projects /home/$MY_USERNAME/personal /home/$MY_USERNAME/README" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
913 
+  echo "tar -czvf /home/$MY_USERNAME/tempfiles/miscfiles.tar.gz /home/$MY_USERNAME/.gnupg /home/$MY_USERNAME/.muttrc /home/$MY_USERNAME/.procmailrc /home/$MY_USERNAME/.ssh /root/backupkey /var/lib/mysql/mysql /var/www /etc/nginx/sites-available /etc/ssl/private /etc/ssl/certs $GITHUB_BACKUP_DIRECTORY /home/$MY_USERNAME/projects /home/$MY_USERNAME/personal /home/$MY_USERNAME/README" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
909
914
910 
   echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
 915 
   echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
911 
   echo 'while read remote_server' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
 916 
   echo 'while read remote_server' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
1013 
       chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
 1018 
       chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
1014 
   fi
 1019 
   fi
1015
1020
1016 
-  if [ ! $BACKUP_TO_FRIENDS_PASSPHRASE ]; then
1017 
-      BACKUP_TO_FRIENDS_PASSPHRASE=$(openssl rand -base64 32)
1018 
-  fi
1019 
-
1020 
   echo '#!/bin/bash' > /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
 1021 
   echo '#!/bin/bash' > /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
1021 
   echo 'SERVER_NAME=$1' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
 1022 
   echo 'SERVER_NAME=$1' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
1022 
   echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
 1023 
   echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
1023 
-  echo "PASSPHRASE='$BACKUP_TO_FRIENDS_PASSPHRASE'" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
1024 
+
1025 
+  echo '# Check that a backup key exists' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
1026 
+  echo "if [ ! -f /root/backupkey ]; then" >> /usr/bin/$RESTORE_FROM_FRIENDS_SCRIPT_NAME
1027 
+  echo '  echo "No backup key was found in /root/backupkey"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
1028 
+  echo '  exit 84' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
1029 
+  echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
1030 
+  echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
1031 
+
1032 
+  echo "PASSPHRASE=$(</root/backupkey)" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
1024 
   echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
 1033 
   echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
1025 
   echo 'if [ ! $SERVER_NAME ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
 1034 
   echo 'if [ ! $SERVER_NAME ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
1026 
   echo "    echo '$RESTORE_FROM_FRIEND_SCRIPT_NAME [server]'" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
 1035 
   echo "    echo '$RESTORE_FROM_FRIEND_SCRIPT_NAME [server]'" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME