Merge branch 'stretch' of https://github.com/bashrc/freedombone

doc/EN/app_bdsmail.org

@@ -28,6 +28,6 @@ ssh into the system with:
 ssh myusername@mydomain.com -p 2222
 #+END_SRC
 
-Select *Administrator controls* then *App Settings* then *bdsmail*. It may take a while to install, due to the creation of keys.
+Select *Administrator controls* then *Add/Remove Apps* then *bdsmail*. It may take a while to install, due to the creation of keys.
 
-After installation if you exit from *Administrator controls* back to the user control panel then select the option to show your email address. You will now have a new bdsmail address which ends with /.b32.i2p/. If you then select *Use Email* to run the Mutt email client you'll notice that you now have a folder called *i2p*. If you select that folder (move up and down with /CTRL+n/ or /CTRL+p/ and open with /CTRL+o/) you can then send email from your new address, or receive mail to it. Just like ordinary email, but with a more random-looking address.
+After installation exit from *Administrator controls* back to the user control panel then select the option to *show your email address*. You will now have a new bdsmail address which ends with /.b32.i2p/. If you then select *Use Email* to run the Mutt email client you'll notice that you now have a folder called *i2p*. If you select that folder (move up and down with /CTRL+n/ or /CTRL+p/ and open with /CTRL+o/) you can then send email from your new address, or receive mail to it. Just like ordinary email, but with a more random-looking address.

src/freedombone-app-pleroma

@@ -744,6 +744,8 @@ function backup_local_pleroma {
         PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain")
     fi
 
+    systemctl stop pleroma
+
     function_check suspend_site
     suspend_site ${PLEROMA_DOMAIN_NAME}
 
@@ -757,6 +759,8 @@ function backup_local_pleroma {
 
     function_check restart_site
     restart_site
+
+    systemctl restart pleroma
 }
 
 function restore_local_pleroma {
@@ -769,6 +773,8 @@ function restore_local_pleroma {
         temp_restore_dir=/root/temppleroma
         pleroma_dir=$PLEROMA_DIR
 
+        systemctl stop pleroma
+
         PLEROMA_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_pleroma/hostname)
         function_check pleroma_create_database
         pleroma_create_database
@@ -797,6 +803,8 @@ function backup_remote_pleroma {
         PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain")
     fi
 
+    systemctl stop pleroma
+
     function_check suspend_site
     suspend_site ${PLEROMA_DOMAIN_NAME}
 
@@ -810,6 +818,8 @@ function backup_remote_pleroma {
 
     function_check restart_site
     restart_site
+
+    systemctl restart pleroma
 }
 
 function restore_remote_pleroma {
@@ -822,6 +832,8 @@ function restore_remote_pleroma {
         temp_restore_dir=/root/temppleroma
         pleroma_dir=$PLEROMA_DIR
 
+        systemctl stop pleroma
+
         PLEROMA_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_pleroma/hostname)
         function_check pleroma_create_database
         pleroma_create_database

src/freedombone-backup-local

@@ -113,7 +113,6 @@ function backup_users {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-
             # Backup any gpg keys
             if [ -d /home/$USERNAME/.gnupg ]; then
                 echo $"Backing up gpg keys for $USERNAME"
@@ -212,6 +211,8 @@ function backup_users {
                 cp /home/$USERNAME/.procmailrc /home/$USERNAME/tempbackup
                 backup_directory_to_usb /home/$USERNAME/tempbackup procmail/$USERNAME
             fi
+
+            gpg_agent_enable $USERNAME
         fi
     done
 }
@@ -373,6 +374,7 @@ if [[ $1 == "remove" ]]; then
     remove_option=$1
 fi
 
+gpg_agent_setup root
 backup_mount_drive $1 $2
 remove_backup_directory $remove_option
 make_backup_directory

src/freedombone-backup-remote

@@ -13,7 +13,7 @@
 # License
 # =======
 #
-# Copyright (C) 2015-2016 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2015-2018 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
@@ -157,7 +157,6 @@ function backup_users {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-
             # personal settings
             if [ -d /home/$USERNAME/personal ]; then
                 echo $"Backing up personal settings for $USERNAME"
@@ -266,6 +265,7 @@ function backup_users {
                 echo $"Backing up emails for $USERNAME"
                 backup_directory_to_friend /root/backupemail/$USERNAME mail/$USERNAME
             fi
+            gpg_agent_enable $USERNAME
         fi
     done
 }
@@ -430,6 +430,7 @@ if [[ "$1" == "test" ]]; then
     TEST_MODE="yes"
 fi
 
+gpg_agent_setup root
 backup_configfiles
 if [[ $TEST_MODE == "no" ]]; then
     backup_blocklist

src/freedombone-controlpanel-user

@@ -894,6 +894,15 @@ function show_your_email_address {
         dialog --title $"Show your Email Address" \
                --backtitle $"Freedombone User Control Panel" \
                --msgbox $"\nYou can press SHIFT and then drag the mouse and right click to copy.\n\nEmail Address: $MY_EMAIL_ADDRESS\n\nKey ID: $GPG_ID\n\nFingerprint: $GPG_FINGERPRINT\n\nCreated: $GPG_DATE\n\nI2P Address: ${bdsmail_address}" 17 90
+        clear
+        echo ''
+        echo $'Your bdsmail address as a QR code'
+        echo ''
+        echo -n "${bdsmail_address}" | qrencode -t UTF8
+        echo ''
+        echo "${bdsmail_address}"
+        echo ''
+        any_key
     fi
 }
 

src/freedombone-restore-local

@@ -956,6 +956,7 @@ backup_mount_drive ${1} ${ADMIN_USERNAME} ${2}
 check_backup_exists
 check_admin_user
 copy_gpg_keys
+gpg_agent_setup root
 restore_blocklist
 restore_configfiles
 same_admin_user

src/freedombone-restore-remote

@@ -857,6 +857,7 @@ function restore_email {
 ${PROJECT_NAME}-recoverkey -u ${ADMIN_USERNAME} -l $BACKUP_LIST
 
 copy_gpg_keys
+gpg_agent_setup root
 restore_blocklist
 restore_configfiles
 restore_passwordstore

src/freedombone-utils-backup

@@ -282,7 +282,7 @@ function backup_database_local_usb {
 
 function backup_directory_to_usb_duplicity {
     create_backups_temp_directory
-    echo "$BACKUP_DUMMY_PASSWORD" | duplicity full --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --encrypt-key $MY_BACKUP_KEY_ID --full-if-older-than 4W --exclude-other-filesystems ${1} file://$USB_MOUNT/backup/${2}
+    echo "$BACKUP_DUMMY_PASSWORD" | duplicity full --use-agent --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --encrypt-key $MY_BACKUP_KEY_ID --full-if-older-than 4W --exclude-other-filesystems ${1} file://$USB_MOUNT/backup/${2}
     if [ ! "$?" = "0" ]; then
         umount $USB_MOUNT
         rm -rf $USB_MOUNT
@@ -296,7 +296,7 @@ function backup_directory_to_usb_duplicity {
         exit 8352925
     fi
     if [[ $ENABLE_BACKUP_VERIFICATION == "yes" ]]; then
-        echo "$BACKUP_DUMMY_PASSWORD" | duplicity verify --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --encrypt-key $MY_BACKUP_KEY_ID --full-if-older-than 4W --exclude-other-filesystems ${1} file://$USB_MOUNT/backup/${2}
+        echo "$BACKUP_DUMMY_PASSWORD" | duplicity verify --use-agent --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --encrypt-key $MY_BACKUP_KEY_ID --full-if-older-than 4W --exclude-other-filesystems ${1} file://$USB_MOUNT/backup/${2}
         if [ ! "$?" = "0" ]; then
             umount $USB_MOUNT
             rm -rf $USB_MOUNT
@@ -412,7 +412,7 @@ function set_user_permissions {
 
 function backup_directory_to_friend_duplicity {
     create_backups_temp_directory
-    echo "$BACKUP_DUMMY_PASSWORD" | duplicity full --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --ssh-askpass --encrypt-key ${ADMIN_BACKUP_KEY_ID} --full-if-older-than 4W --exclude-other-filesystems ${1} $SERVER_DIRECTORY/backup/${2}
+    echo "$BACKUP_DUMMY_PASSWORD" | duplicity full --use-agent --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --ssh-askpass --encrypt-key ${ADMIN_BACKUP_KEY_ID} --full-if-older-than 4W --exclude-other-filesystems ${1} $SERVER_DIRECTORY/backup/${2}
     if [ ! "$?" = "0" ]; then
         if [[ ${1} == "/root/temp"* || ${1} == *"tempbackup" ]]; then
             shred -zu ${1}/*
@@ -424,7 +424,7 @@ function backup_directory_to_friend_duplicity {
         exit 5293526
     fi
     if [[ $ENABLE_BACKUP_VERIFICATION == "yes" ]]; then
-        echo "$BACKUP_DUMMY_PASSWORD" | duplicity verify --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --ssh-askpass --encrypt-key ${ADMIN_BACKUP_KEY_ID} --full-if-older-than 4W --exclude-other-filesystems ${1} $SERVER_DIRECTORY/backup/${2}
+        echo "$BACKUP_DUMMY_PASSWORD" | duplicity verify --use-agent --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --ssh-askpass --encrypt-key ${ADMIN_BACKUP_KEY_ID} --full-if-older-than 4W --exclude-other-filesystems ${1} $SERVER_DIRECTORY/backup/${2}
         if [ ! "$?" = "0" ]; then
             if [[ ${1} == "/root/temp"* || ${1} == *"tempbackup" ]]; then
                 shred -zu ${1}/*

src/freedombone-utils-gpg

@@ -228,17 +228,17 @@ function gpg_agent_setup {
             echo 'GPG_TTY=$(tty)' >> /root/.bashrc
             echo 'export GPG_TTY' >> /root/.bashrc
         fi
+        if grep -q '# use-agent' /root/.gnupg/gpg.conf; then
+            sed -i 's|# use-agent|use-agent|g' /root/.gnupg/gpg.conf
+        fi
         if ! grep -q 'use-agent' /root/.gnupg/gpg.conf; then
             echo 'use-agent' >> /root/.gnupg/gpg.conf
         fi
-        if ! grep -q 'pinentry-mode loopback' /root/.gnupg/gpg.conf; then
-            echo 'pinentry-mode loopback' >> /root/.gnupg/gpg.conf
-        fi
-        if [ ! -f /root/.gnupg/gpg-agent.conf ]; then
-            touch /root/.gnupg/gpg-agent.conf
-        fi
-        if ! grep -q 'allow-loopback-pinentry' /root/.gnupg/gpg-agent.conf; then
-            echo 'allow-loopback-pinentry' >> /root/.gnupg/gpg-agent.conf
+        echo 'default-cache-ttl 300' > /root/.gnupg/gpg-agent.conf
+        echo 'max-cache-ttl 999999' >> /root/.gnupg/gpg-agent.conf
+        echo 'allow-loopback-pinentry' >> /root/.gnupg/gpg-agent.conf
+        if [ -f /root/.gnupg/S.dirmngr ]; then
+            rm /root/.gnupg/S.dirmngr
         fi
         echo RELOADAGENT | gpg-connect-agent
     else
@@ -248,17 +248,20 @@ function gpg_agent_setup {
             echo 'export GPG_TTY' >> /home/$gpg_username/.bashrc
             chown $gpg_username:$gpg_username /home/$gpg_username/.bashrc
         fi
+        if grep -q '# use-agent' /home/$gpg_username/.gnupg/gpg.conf; then
+            sed -i 's|# use-agent|use-agent|g' /home/$gpg_username/.gnupg/gpg.conf
+        fi
         if ! grep -q 'use-agent' /home/$gpg_username/.gnupg/gpg.conf; then
             echo 'use-agent' >> /home/$gpg_username/.gnupg/gpg.conf
         fi
         if ! grep -q 'pinentry-mode loopback' /home/$gpg_username/.gnupg/gpg.conf; then
             echo 'pinentry-mode loopback' >> /home/$gpg_username/.gnupg/gpg.conf
         fi
-        if [ ! -f /home/$gpg_username/.gnupg/gpg-agent.conf ]; then
-            touch /home/$gpg_username/.gnupg/gpg-agent.conf
-        fi
-        if ! grep -q 'allow-loopback-pinentry' /home/$gpg_username/.gnupg/gpg-agent.conf; then
-            echo 'allow-loopback-pinentry' >> /home/$gpg_username/.gnupg/gpg-agent.conf
+        echo 'default-cache-ttl 300' > /home/$gpg_username/.gnupg/gpg-agent.conf
+        echo 'max-cache-ttl 999999' >> /home/$gpg_username/.gnupg/gpg-agent.conf
+        echo 'allow-loopback-pinentry' >> /home/$gpg_username/.gnupg/gpg-agent.conf
+        if [ -f /home/$gpg_username/.gnupg/S.dirmngr ]; then
+            rm /home/$gpg_username/.gnupg/S.dirmngr
         fi
         if [[ "$gpg_username" != "$USER" ]]; then
             su -c "echo RELOADAGENT | gpg-connect-agent" - $gpg_username

website/EN/app_bdsmail.html

@@ -3,7 +3,7 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2018-02-16 Fri 10:42 -->
+<!-- 2018-02-16 Fri 11:55 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title>&lrm;</title>
@@ -256,9 +256,9 @@ BDS Mail (aka "Brain Dead Simple Mail") is an optional addition to the existing
 It's unlikely that many people will use this. If it's hard to persuade anyone to use GPG or Enigmail then it will be <i>next to impossible</i> to persuade them to switch to BDS Mail unless they're already obsessive about technical security. However, this provides yet another option for reasonably secure communications if other methods fail or are untrustable.
 </p>
 
-<div id="outline-container-org4d1584a" class="outline-2">
-<h2 id="org4d1584a">Installation</h2>
-<div class="outline-text-2" id="text-org4d1584a">
+<div id="outline-container-org6b531d9" class="outline-2">
+<h2 id="org6b531d9">Installation</h2>
+<div class="outline-text-2" id="text-org6b531d9">
 <p>
 ssh into the system with:
 </p>
@@ -269,11 +269,11 @@ ssh into the system with:
 </div>
 
 <p>
-Select <b>Administrator controls</b> then <b>App Settings</b> then <b>bdsmail</b>. It may take a while to install, due to the creation of keys.
+Select <b>Administrator controls</b> then <b>Add/Remove Apps</b> then <b>bdsmail</b>. It may take a while to install, due to the creation of keys.
 </p>
 
 <p>
-After installation if you exit from <b>Administrator controls</b> back to the user control panel then select the option to show your email address. You will now have a new bdsmail address which ends with <i>.b32.i2p</i>. If you then select <b>Use Email</b> to run the Mutt email client you'll notice that you now have a folder called <b>i2p</b>. If you select that folder (move up and down with <i>CTRL+n</i> or <i>CTRL+p</i> and open with <i>CTRL+o</i>) you can then send email from your new address, or receive mail to it. Just like ordinary email, but with a more random-looking address.
+After installation exit from <b>Administrator controls</b> back to the user control panel then select the option to <b>show your email address</b>. You will now have a new bdsmail address which ends with <i>.b32.i2p</i>. If you then select <b>Use Email</b> to run the Mutt email client you'll notice that you now have a folder called <b>i2p</b>. If you select that folder (move up and down with <i>CTRL+n</i> or <i>CTRL+p</i> and open with <i>CTRL+o</i>) you can then send email from your new address, or receive mail to it. Just like ordinary email, but with a more random-looking address.
 </p>
 </div>
 </div>