浏览代码

Merge branch 'stretch' of https://github.com/bashrc/freedombone

Bob Mottram 7 年前
父节点
当前提交
cd606bad3d

+ 2
- 2
doc/EN/app_bdsmail.org 查看文件

@@ -28,6 +28,6 @@ ssh into the system with:
28 28
 ssh myusername@mydomain.com -p 2222
29 29
 #+END_SRC
30 30
 
31
-Select *Administrator controls* then *App Settings* then *bdsmail*. It may take a while to install, due to the creation of keys.
31
+Select *Administrator controls* then *Add/Remove Apps* then *bdsmail*. It may take a while to install, due to the creation of keys.
32 32
 
33
-After installation if you exit from *Administrator controls* back to the user control panel then select the option to show your email address. You will now have a new bdsmail address which ends with /.b32.i2p/. If you then select *Use Email* to run the Mutt email client you'll notice that you now have a folder called *i2p*. If you select that folder (move up and down with /CTRL+n/ or /CTRL+p/ and open with /CTRL+o/) you can then send email from your new address, or receive mail to it. Just like ordinary email, but with a more random-looking address.
33
+After installation exit from *Administrator controls* back to the user control panel then select the option to *show your email address*. You will now have a new bdsmail address which ends with /.b32.i2p/. If you then select *Use Email* to run the Mutt email client you'll notice that you now have a folder called *i2p*. If you select that folder (move up and down with /CTRL+n/ or /CTRL+p/ and open with /CTRL+o/) you can then send email from your new address, or receive mail to it. Just like ordinary email, but with a more random-looking address.

+ 12
- 0
src/freedombone-app-pleroma 查看文件

@@ -744,6 +744,8 @@ function backup_local_pleroma {
744 744
         PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain")
745 745
     fi
746 746
 
747
+    systemctl stop pleroma
748
+
747 749
     function_check suspend_site
748 750
     suspend_site ${PLEROMA_DOMAIN_NAME}
749 751
 
@@ -757,6 +759,8 @@ function backup_local_pleroma {
757 759
 
758 760
     function_check restart_site
759 761
     restart_site
762
+
763
+    systemctl restart pleroma
760 764
 }
761 765
 
762 766
 function restore_local_pleroma {
@@ -769,6 +773,8 @@ function restore_local_pleroma {
769 773
         temp_restore_dir=/root/temppleroma
770 774
         pleroma_dir=$PLEROMA_DIR
771 775
 
776
+        systemctl stop pleroma
777
+
772 778
         PLEROMA_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_pleroma/hostname)
773 779
         function_check pleroma_create_database
774 780
         pleroma_create_database
@@ -797,6 +803,8 @@ function backup_remote_pleroma {
797 803
         PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain")
798 804
     fi
799 805
 
806
+    systemctl stop pleroma
807
+
800 808
     function_check suspend_site
801 809
     suspend_site ${PLEROMA_DOMAIN_NAME}
802 810
 
@@ -810,6 +818,8 @@ function backup_remote_pleroma {
810 818
 
811 819
     function_check restart_site
812 820
     restart_site
821
+
822
+    systemctl restart pleroma
813 823
 }
814 824
 
815 825
 function restore_remote_pleroma {
@@ -822,6 +832,8 @@ function restore_remote_pleroma {
822 832
         temp_restore_dir=/root/temppleroma
823 833
         pleroma_dir=$PLEROMA_DIR
824 834
 
835
+        systemctl stop pleroma
836
+
825 837
         PLEROMA_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_pleroma/hostname)
826 838
         function_check pleroma_create_database
827 839
         pleroma_create_database

+ 3
- 1
src/freedombone-backup-local 查看文件

@@ -113,7 +113,6 @@ function backup_users {
113 113
     for d in /home/*/ ; do
114 114
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
115 115
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
116
-
117 116
             # Backup any gpg keys
118 117
             if [ -d /home/$USERNAME/.gnupg ]; then
119 118
                 echo $"Backing up gpg keys for $USERNAME"
@@ -212,6 +211,8 @@ function backup_users {
212 211
                 cp /home/$USERNAME/.procmailrc /home/$USERNAME/tempbackup
213 212
                 backup_directory_to_usb /home/$USERNAME/tempbackup procmail/$USERNAME
214 213
             fi
214
+
215
+            gpg_agent_enable $USERNAME
215 216
         fi
216 217
     done
217 218
 }
@@ -373,6 +374,7 @@ if [[ $1 == "remove" ]]; then
373 374
     remove_option=$1
374 375
 fi
375 376
 
377
+gpg_agent_setup root
376 378
 backup_mount_drive $1 $2
377 379
 remove_backup_directory $remove_option
378 380
 make_backup_directory

+ 3
- 2
src/freedombone-backup-remote 查看文件

@@ -13,7 +13,7 @@
13 13
 # License
14 14
 # =======
15 15
 #
16
-# Copyright (C) 2015-2016 Bob Mottram <bob@freedombone.net>
16
+# Copyright (C) 2015-2018 Bob Mottram <bob@freedombone.net>
17 17
 #
18 18
 # This program is free software: you can redistribute it and/or modify
19 19
 # it under the terms of the GNU Affero General Public License as published by
@@ -157,7 +157,6 @@ function backup_users {
157 157
     for d in /home/*/ ; do
158 158
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
159 159
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
160
-
161 160
             # personal settings
162 161
             if [ -d /home/$USERNAME/personal ]; then
163 162
                 echo $"Backing up personal settings for $USERNAME"
@@ -266,6 +265,7 @@ function backup_users {
266 265
                 echo $"Backing up emails for $USERNAME"
267 266
                 backup_directory_to_friend /root/backupemail/$USERNAME mail/$USERNAME
268 267
             fi
268
+            gpg_agent_enable $USERNAME
269 269
         fi
270 270
     done
271 271
 }
@@ -430,6 +430,7 @@ if [[ "$1" == "test" ]]; then
430 430
     TEST_MODE="yes"
431 431
 fi
432 432
 
433
+gpg_agent_setup root
433 434
 backup_configfiles
434 435
 if [[ $TEST_MODE == "no" ]]; then
435 436
     backup_blocklist

+ 9
- 0
src/freedombone-controlpanel-user 查看文件

@@ -894,6 +894,15 @@ function show_your_email_address {
894 894
         dialog --title $"Show your Email Address" \
895 895
                --backtitle $"Freedombone User Control Panel" \
896 896
                --msgbox $"\nYou can press SHIFT and then drag the mouse and right click to copy.\n\nEmail Address: $MY_EMAIL_ADDRESS\n\nKey ID: $GPG_ID\n\nFingerprint: $GPG_FINGERPRINT\n\nCreated: $GPG_DATE\n\nI2P Address: ${bdsmail_address}" 17 90
897
+        clear
898
+        echo ''
899
+        echo $'Your bdsmail address as a QR code'
900
+        echo ''
901
+        echo -n "${bdsmail_address}" | qrencode -t UTF8
902
+        echo ''
903
+        echo "${bdsmail_address}"
904
+        echo ''
905
+        any_key
897 906
     fi
898 907
 }
899 908
 

+ 1
- 0
src/freedombone-restore-local 查看文件

@@ -956,6 +956,7 @@ backup_mount_drive ${1} ${ADMIN_USERNAME} ${2}
956 956
 check_backup_exists
957 957
 check_admin_user
958 958
 copy_gpg_keys
959
+gpg_agent_setup root
959 960
 restore_blocklist
960 961
 restore_configfiles
961 962
 same_admin_user

+ 1
- 0
src/freedombone-restore-remote 查看文件

@@ -857,6 +857,7 @@ function restore_email {
857 857
 ${PROJECT_NAME}-recoverkey -u ${ADMIN_USERNAME} -l $BACKUP_LIST
858 858
 
859 859
 copy_gpg_keys
860
+gpg_agent_setup root
860 861
 restore_blocklist
861 862
 restore_configfiles
862 863
 restore_passwordstore

+ 4
- 4
src/freedombone-utils-backup 查看文件

@@ -282,7 +282,7 @@ function backup_database_local_usb {
282 282
 
283 283
 function backup_directory_to_usb_duplicity {
284 284
     create_backups_temp_directory
285
-    echo "$BACKUP_DUMMY_PASSWORD" | duplicity full --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --encrypt-key $MY_BACKUP_KEY_ID --full-if-older-than 4W --exclude-other-filesystems ${1} file://$USB_MOUNT/backup/${2}
285
+    echo "$BACKUP_DUMMY_PASSWORD" | duplicity full --use-agent --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --encrypt-key $MY_BACKUP_KEY_ID --full-if-older-than 4W --exclude-other-filesystems ${1} file://$USB_MOUNT/backup/${2}
286 286
     if [ ! "$?" = "0" ]; then
287 287
         umount $USB_MOUNT
288 288
         rm -rf $USB_MOUNT
@@ -296,7 +296,7 @@ function backup_directory_to_usb_duplicity {
296 296
         exit 8352925
297 297
     fi
298 298
     if [[ $ENABLE_BACKUP_VERIFICATION == "yes" ]]; then
299
-        echo "$BACKUP_DUMMY_PASSWORD" | duplicity verify --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --encrypt-key $MY_BACKUP_KEY_ID --full-if-older-than 4W --exclude-other-filesystems ${1} file://$USB_MOUNT/backup/${2}
299
+        echo "$BACKUP_DUMMY_PASSWORD" | duplicity verify --use-agent --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --encrypt-key $MY_BACKUP_KEY_ID --full-if-older-than 4W --exclude-other-filesystems ${1} file://$USB_MOUNT/backup/${2}
300 300
         if [ ! "$?" = "0" ]; then
301 301
             umount $USB_MOUNT
302 302
             rm -rf $USB_MOUNT
@@ -412,7 +412,7 @@ function set_user_permissions {
412 412
 
413 413
 function backup_directory_to_friend_duplicity {
414 414
     create_backups_temp_directory
415
-    echo "$BACKUP_DUMMY_PASSWORD" | duplicity full --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --ssh-askpass --encrypt-key ${ADMIN_BACKUP_KEY_ID} --full-if-older-than 4W --exclude-other-filesystems ${1} $SERVER_DIRECTORY/backup/${2}
415
+    echo "$BACKUP_DUMMY_PASSWORD" | duplicity full --use-agent --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --ssh-askpass --encrypt-key ${ADMIN_BACKUP_KEY_ID} --full-if-older-than 4W --exclude-other-filesystems ${1} $SERVER_DIRECTORY/backup/${2}
416 416
     if [ ! "$?" = "0" ]; then
417 417
         if [[ ${1} == "/root/temp"* || ${1} == *"tempbackup" ]]; then
418 418
             shred -zu ${1}/*
@@ -424,7 +424,7 @@ function backup_directory_to_friend_duplicity {
424 424
         exit 5293526
425 425
     fi
426 426
     if [[ $ENABLE_BACKUP_VERIFICATION == "yes" ]]; then
427
-        echo "$BACKUP_DUMMY_PASSWORD" | duplicity verify --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --ssh-askpass --encrypt-key ${ADMIN_BACKUP_KEY_ID} --full-if-older-than 4W --exclude-other-filesystems ${1} $SERVER_DIRECTORY/backup/${2}
427
+        echo "$BACKUP_DUMMY_PASSWORD" | duplicity verify --use-agent --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --ssh-askpass --encrypt-key ${ADMIN_BACKUP_KEY_ID} --full-if-older-than 4W --exclude-other-filesystems ${1} $SERVER_DIRECTORY/backup/${2}
428 428
         if [ ! "$?" = "0" ]; then
429 429
             if [[ ${1} == "/root/temp"* || ${1} == *"tempbackup" ]]; then
430 430
                 shred -zu ${1}/*

+ 16
- 13
src/freedombone-utils-gpg 查看文件

@@ -228,17 +228,17 @@ function gpg_agent_setup {
228 228
             echo 'GPG_TTY=$(tty)' >> /root/.bashrc
229 229
             echo 'export GPG_TTY' >> /root/.bashrc
230 230
         fi
231
+        if grep -q '# use-agent' /root/.gnupg/gpg.conf; then
232
+            sed -i 's|# use-agent|use-agent|g' /root/.gnupg/gpg.conf
233
+        fi
231 234
         if ! grep -q 'use-agent' /root/.gnupg/gpg.conf; then
232 235
             echo 'use-agent' >> /root/.gnupg/gpg.conf
233 236
         fi
234
-        if ! grep -q 'pinentry-mode loopback' /root/.gnupg/gpg.conf; then
235
-            echo 'pinentry-mode loopback' >> /root/.gnupg/gpg.conf
236
-        fi
237
-        if [ ! -f /root/.gnupg/gpg-agent.conf ]; then
238
-            touch /root/.gnupg/gpg-agent.conf
239
-        fi
240
-        if ! grep -q 'allow-loopback-pinentry' /root/.gnupg/gpg-agent.conf; then
241
-            echo 'allow-loopback-pinentry' >> /root/.gnupg/gpg-agent.conf
237
+        echo 'default-cache-ttl 300' > /root/.gnupg/gpg-agent.conf
238
+        echo 'max-cache-ttl 999999' >> /root/.gnupg/gpg-agent.conf
239
+        echo 'allow-loopback-pinentry' >> /root/.gnupg/gpg-agent.conf
240
+        if [ -f /root/.gnupg/S.dirmngr ]; then
241
+            rm /root/.gnupg/S.dirmngr
242 242
         fi
243 243
         echo RELOADAGENT | gpg-connect-agent
244 244
     else
@@ -248,17 +248,20 @@ function gpg_agent_setup {
248 248
             echo 'export GPG_TTY' >> /home/$gpg_username/.bashrc
249 249
             chown $gpg_username:$gpg_username /home/$gpg_username/.bashrc
250 250
         fi
251
+        if grep -q '# use-agent' /home/$gpg_username/.gnupg/gpg.conf; then
252
+            sed -i 's|# use-agent|use-agent|g' /home/$gpg_username/.gnupg/gpg.conf
253
+        fi
251 254
         if ! grep -q 'use-agent' /home/$gpg_username/.gnupg/gpg.conf; then
252 255
             echo 'use-agent' >> /home/$gpg_username/.gnupg/gpg.conf
253 256
         fi
254 257
         if ! grep -q 'pinentry-mode loopback' /home/$gpg_username/.gnupg/gpg.conf; then
255 258
             echo 'pinentry-mode loopback' >> /home/$gpg_username/.gnupg/gpg.conf
256 259
         fi
257
-        if [ ! -f /home/$gpg_username/.gnupg/gpg-agent.conf ]; then
258
-            touch /home/$gpg_username/.gnupg/gpg-agent.conf
259
-        fi
260
-        if ! grep -q 'allow-loopback-pinentry' /home/$gpg_username/.gnupg/gpg-agent.conf; then
261
-            echo 'allow-loopback-pinentry' >> /home/$gpg_username/.gnupg/gpg-agent.conf
260
+        echo 'default-cache-ttl 300' > /home/$gpg_username/.gnupg/gpg-agent.conf
261
+        echo 'max-cache-ttl 999999' >> /home/$gpg_username/.gnupg/gpg-agent.conf
262
+        echo 'allow-loopback-pinentry' >> /home/$gpg_username/.gnupg/gpg-agent.conf
263
+        if [ -f /home/$gpg_username/.gnupg/S.dirmngr ]; then
264
+            rm /home/$gpg_username/.gnupg/S.dirmngr
262 265
         fi
263 266
         if [[ "$gpg_username" != "$USER" ]]; then
264 267
             su -c "echo RELOADAGENT | gpg-connect-agent" - $gpg_username

+ 6
- 6
website/EN/app_bdsmail.html 查看文件

@@ -3,7 +3,7 @@
3 3
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
4 4
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
5 5
 <head>
6
-<!-- 2018-02-16 Fri 10:42 -->
6
+<!-- 2018-02-16 Fri 11:55 -->
7 7
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
8 8
 <meta name="viewport" content="width=device-width, initial-scale=1" />
9 9
 <title>&lrm;</title>
@@ -256,9 +256,9 @@ BDS Mail (aka "Brain Dead Simple Mail") is an optional addition to the existing
256 256
 It's unlikely that many people will use this. If it's hard to persuade anyone to use GPG or Enigmail then it will be <i>next to impossible</i> to persuade them to switch to BDS Mail unless they're already obsessive about technical security. However, this provides yet another option for reasonably secure communications if other methods fail or are untrustable.
257 257
 </p>
258 258
 
259
-<div id="outline-container-org4d1584a" class="outline-2">
260
-<h2 id="org4d1584a">Installation</h2>
261
-<div class="outline-text-2" id="text-org4d1584a">
259
+<div id="outline-container-org6b531d9" class="outline-2">
260
+<h2 id="org6b531d9">Installation</h2>
261
+<div class="outline-text-2" id="text-org6b531d9">
262 262
 <p>
263 263
 ssh into the system with:
264 264
 </p>
@@ -269,11 +269,11 @@ ssh into the system with:
269 269
 </div>
270 270
 
271 271
 <p>
272
-Select <b>Administrator controls</b> then <b>App Settings</b> then <b>bdsmail</b>. It may take a while to install, due to the creation of keys.
272
+Select <b>Administrator controls</b> then <b>Add/Remove Apps</b> then <b>bdsmail</b>. It may take a while to install, due to the creation of keys.
273 273
 </p>
274 274
 
275 275
 <p>
276
-After installation if you exit from <b>Administrator controls</b> back to the user control panel then select the option to show your email address. You will now have a new bdsmail address which ends with <i>.b32.i2p</i>. If you then select <b>Use Email</b> to run the Mutt email client you'll notice that you now have a folder called <b>i2p</b>. If you select that folder (move up and down with <i>CTRL+n</i> or <i>CTRL+p</i> and open with <i>CTRL+o</i>) you can then send email from your new address, or receive mail to it. Just like ordinary email, but with a more random-looking address.
276
+After installation exit from <b>Administrator controls</b> back to the user control panel then select the option to <b>show your email address</b>. You will now have a new bdsmail address which ends with <i>.b32.i2p</i>. If you then select <b>Use Email</b> to run the Mutt email client you'll notice that you now have a folder called <b>i2p</b>. If you select that folder (move up and down with <i>CTRL+n</i> or <i>CTRL+p</i> and open with <i>CTRL+o</i>) you can then send email from your new address, or receive mail to it. Just like ordinary email, but with a more random-looking address.
277 277
 </p>
278 278
 </div>
279 279
 </div>