Merge branch 'stretch' of https://github.com/bashrc/freedombone

doc/EN/app_bdsmail.org

 ssh myusername@mydomain.com -p 2222
 #+END_SRC
 
-Select *Administrator controls* then *App Settings* then *bdsmail*. It may take a while to install, due to the creation of keys.
+Select *Administrator controls* then *Add/Remove Apps* then *bdsmail*. It may take a while to install, due to the creation of keys.
 
-After installation if you exit from *Administrator controls* back to the user control panel then select the option to show your email address. You will now have a new bdsmail address which ends with /.b32.i2p/. If you then select *Use Email* to run the Mutt email client you'll notice that you now have a folder called *i2p*. If you select that folder (move up and down with /CTRL+n/ or /CTRL+p/ and open with /CTRL+o/) you can then send email from your new address, or receive mail to it. Just like ordinary email, but with a more random-looking address.
+After installation exit from *Administrator controls* back to the user control panel then select the option to *show your email address*. You will now have a new bdsmail address which ends with /.b32.i2p/. If you then select *Use Email* to run the Mutt email client you'll notice that you now have a folder called *i2p*. If you select that folder (move up and down with /CTRL+n/ or /CTRL+p/ and open with /CTRL+o/) you can then send email from your new address, or receive mail to it. Just like ordinary email, but with a more random-looking address.

src/freedombone-app-pleroma

         PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain")
     fi
 
+    systemctl stop pleroma
+
     function_check suspend_site
     suspend_site ${PLEROMA_DOMAIN_NAME}
 
 
     function_check restart_site
     restart_site
+
+    systemctl restart pleroma
 }
 
 function restore_local_pleroma {
         temp_restore_dir=/root/temppleroma
         pleroma_dir=$PLEROMA_DIR
 
+        systemctl stop pleroma
+
         PLEROMA_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_pleroma/hostname)
         function_check pleroma_create_database
         pleroma_create_database
         PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain")
     fi
 
+    systemctl stop pleroma
+
     function_check suspend_site
     suspend_site ${PLEROMA_DOMAIN_NAME}
 
 
     function_check restart_site
     restart_site
+
+    systemctl restart pleroma
 }
 
 function restore_remote_pleroma {
         temp_restore_dir=/root/temppleroma
         pleroma_dir=$PLEROMA_DIR
 
+        systemctl stop pleroma
+
         PLEROMA_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_pleroma/hostname)
         function_check pleroma_create_database
         pleroma_create_database

src/freedombone-backup-local

     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-
             # Backup any gpg keys
             if [ -d /home/$USERNAME/.gnupg ]; then
                 echo $"Backing up gpg keys for $USERNAME"
                 cp /home/$USERNAME/.procmailrc /home/$USERNAME/tempbackup
                 backup_directory_to_usb /home/$USERNAME/tempbackup procmail/$USERNAME
             fi
+
+            gpg_agent_enable $USERNAME
         fi
     done
 }
     remove_option=$1
 fi
 
+gpg_agent_setup root
 backup_mount_drive $1 $2
 remove_backup_directory $remove_option
 make_backup_directory

src/freedombone-backup-remote

 # License
 # =======
 #
-# Copyright (C) 2015-2016 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2015-2018 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-
             # personal settings
             if [ -d /home/$USERNAME/personal ]; then
                 echo $"Backing up personal settings for $USERNAME"
                 echo $"Backing up emails for $USERNAME"
                 backup_directory_to_friend /root/backupemail/$USERNAME mail/$USERNAME
             fi
+            gpg_agent_enable $USERNAME
         fi
     done
 }
     TEST_MODE="yes"
 fi
 
+gpg_agent_setup root
 backup_configfiles
 if [[ $TEST_MODE == "no" ]]; then
     backup_blocklist

src/freedombone-controlpanel-user

         dialog --title $"Show your Email Address" \
                --backtitle $"Freedombone User Control Panel" \
                --msgbox $"\nYou can press SHIFT and then drag the mouse and right click to copy.\n\nEmail Address: $MY_EMAIL_ADDRESS\n\nKey ID: $GPG_ID\n\nFingerprint: $GPG_FINGERPRINT\n\nCreated: $GPG_DATE\n\nI2P Address: ${bdsmail_address}" 17 90
+        clear
+        echo ''
+        echo $'Your bdsmail address as a QR code'
+        echo ''
+        echo -n "${bdsmail_address}" | qrencode -t UTF8
+        echo ''
+        echo "${bdsmail_address}"
+        echo ''
+        any_key
     fi
 }
 

src/freedombone-restore-local

 check_backup_exists
 check_admin_user
 copy_gpg_keys
+gpg_agent_setup root
 restore_blocklist
 restore_configfiles
 same_admin_user

src/freedombone-restore-remote

 ${PROJECT_NAME}-recoverkey -u ${ADMIN_USERNAME} -l $BACKUP_LIST
 
 copy_gpg_keys
+gpg_agent_setup root
 restore_blocklist
 restore_configfiles
 restore_passwordstore

src/freedombone-utils-backup

 
 function backup_directory_to_usb_duplicity {
     create_backups_temp_directory
-    echo "$BACKUP_DUMMY_PASSWORD" | duplicity full --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --encrypt-key $MY_BACKUP_KEY_ID --full-if-older-than 4W --exclude-other-filesystems ${1} file://$USB_MOUNT/backup/${2}
+    echo "$BACKUP_DUMMY_PASSWORD" | duplicity full --use-agent --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --encrypt-key $MY_BACKUP_KEY_ID --full-if-older-than 4W --exclude-other-filesystems ${1} file://$USB_MOUNT/backup/${2}
     if [ ! "$?" = "0" ]; then
         umount $USB_MOUNT
         rm -rf $USB_MOUNT
         exit 8352925
     fi
     if [[ $ENABLE_BACKUP_VERIFICATION == "yes" ]]; then
-        echo "$BACKUP_DUMMY_PASSWORD" | duplicity verify --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --encrypt-key $MY_BACKUP_KEY_ID --full-if-older-than 4W --exclude-other-filesystems ${1} file://$USB_MOUNT/backup/${2}
+        echo "$BACKUP_DUMMY_PASSWORD" | duplicity verify --use-agent --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --encrypt-key $MY_BACKUP_KEY_ID --full-if-older-than 4W --exclude-other-filesystems ${1} file://$USB_MOUNT/backup/${2}
         if [ ! "$?" = "0" ]; then
             umount $USB_MOUNT
             rm -rf $USB_MOUNT
 
 function backup_directory_to_friend_duplicity {
     create_backups_temp_directory
-    echo "$BACKUP_DUMMY_PASSWORD" | duplicity full --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --ssh-askpass --encrypt-key ${ADMIN_BACKUP_KEY_ID} --full-if-older-than 4W --exclude-other-filesystems ${1} $SERVER_DIRECTORY/backup/${2}
+    echo "$BACKUP_DUMMY_PASSWORD" | duplicity full --use-agent --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --ssh-askpass --encrypt-key ${ADMIN_BACKUP_KEY_ID} --full-if-older-than 4W --exclude-other-filesystems ${1} $SERVER_DIRECTORY/backup/${2}
     if [ ! "$?" = "0" ]; then
         if [[ ${1} == "/root/temp"* || ${1} == *"tempbackup" ]]; then
             shred -zu ${1}/*
         exit 5293526
     fi
     if [[ $ENABLE_BACKUP_VERIFICATION == "yes" ]]; then
-        echo "$BACKUP_DUMMY_PASSWORD" | duplicity verify --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --ssh-askpass --encrypt-key ${ADMIN_BACKUP_KEY_ID} --full-if-older-than 4W --exclude-other-filesystems ${1} $SERVER_DIRECTORY/backup/${2}
+        echo "$BACKUP_DUMMY_PASSWORD" | duplicity verify --use-agent --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --ssh-askpass --encrypt-key ${ADMIN_BACKUP_KEY_ID} --full-if-older-than 4W --exclude-other-filesystems ${1} $SERVER_DIRECTORY/backup/${2}
         if [ ! "$?" = "0" ]; then
             if [[ ${1} == "/root/temp"* || ${1} == *"tempbackup" ]]; then
                 shred -zu ${1}/*

src/freedombone-utils-gpg

             echo 'GPG_TTY=$(tty)' >> /root/.bashrc
             echo 'export GPG_TTY' >> /root/.bashrc
         fi
+        if grep -q '# use-agent' /root/.gnupg/gpg.conf; then
+            sed -i 's|# use-agent|use-agent|g' /root/.gnupg/gpg.conf
+        fi
         if ! grep -q 'use-agent' /root/.gnupg/gpg.conf; then
             echo 'use-agent' >> /root/.gnupg/gpg.conf
         fi
-        if ! grep -q 'pinentry-mode loopback' /root/.gnupg/gpg.conf; then
-            echo 'pinentry-mode loopback' >> /root/.gnupg/gpg.conf
-        fi
-        if [ ! -f /root/.gnupg/gpg-agent.conf ]; then
-            touch /root/.gnupg/gpg-agent.conf
-        fi
-        if ! grep -q 'allow-loopback-pinentry' /root/.gnupg/gpg-agent.conf; then
-            echo 'allow-loopback-pinentry' >> /root/.gnupg/gpg-agent.conf
+        echo 'default-cache-ttl 300' > /root/.gnupg/gpg-agent.conf
+        echo 'max-cache-ttl 999999' >> /root/.gnupg/gpg-agent.conf
+        echo 'allow-loopback-pinentry' >> /root/.gnupg/gpg-agent.conf
+        if [ -f /root/.gnupg/S.dirmngr ]; then
+            rm /root/.gnupg/S.dirmngr
         fi
         echo RELOADAGENT | gpg-connect-agent
     else
             echo 'export GPG_TTY' >> /home/$gpg_username/.bashrc
             chown $gpg_username:$gpg_username /home/$gpg_username/.bashrc
         fi
+        if grep -q '# use-agent' /home/$gpg_username/.gnupg/gpg.conf; then
+            sed -i 's|# use-agent|use-agent|g' /home/$gpg_username/.gnupg/gpg.conf
+        fi
         if ! grep -q 'use-agent' /home/$gpg_username/.gnupg/gpg.conf; then
             echo 'use-agent' >> /home/$gpg_username/.gnupg/gpg.conf
         fi
         if ! grep -q 'pinentry-mode loopback' /home/$gpg_username/.gnupg/gpg.conf; then
             echo 'pinentry-mode loopback' >> /home/$gpg_username/.gnupg/gpg.conf
         fi
-        if [ ! -f /home/$gpg_username/.gnupg/gpg-agent.conf ]; then
-            touch /home/$gpg_username/.gnupg/gpg-agent.conf
-        fi
-        if ! grep -q 'allow-loopback-pinentry' /home/$gpg_username/.gnupg/gpg-agent.conf; then
-            echo 'allow-loopback-pinentry' >> /home/$gpg_username/.gnupg/gpg-agent.conf
+        echo 'default-cache-ttl 300' > /home/$gpg_username/.gnupg/gpg-agent.conf
+        echo 'max-cache-ttl 999999' >> /home/$gpg_username/.gnupg/gpg-agent.conf
+        echo 'allow-loopback-pinentry' >> /home/$gpg_username/.gnupg/gpg-agent.conf
+        if [ -f /home/$gpg_username/.gnupg/S.dirmngr ]; then
+            rm /home/$gpg_username/.gnupg/S.dirmngr
         fi
         if [[ "$gpg_username" != "$USER" ]]; then
             su -c "echo RELOADAGENT | gpg-connect-agent" - $gpg_username

website/EN/app_bdsmail.html

 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2018-02-16 Fri 10:42 -->
+<!-- 2018-02-16 Fri 11:55 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title>&lrm;</title>
 It's unlikely that many people will use this. If it's hard to persuade anyone to use GPG or Enigmail then it will be <i>next to impossible</i> to persuade them to switch to BDS Mail unless they're already obsessive about technical security. However, this provides yet another option for reasonably secure communications if other methods fail or are untrustable.
 </p>
 
-<div id="outline-container-org4d1584a" class="outline-2">
-<h2 id="org4d1584a">Installation</h2>
-<div class="outline-text-2" id="text-org4d1584a">
+<div id="outline-container-org6b531d9" class="outline-2">
+<h2 id="org6b531d9">Installation</h2>
+<div class="outline-text-2" id="text-org6b531d9">
 <p>
 ssh into the system with:
 </p>
 </div>
 
 <p>
-Select <b>Administrator controls</b> then <b>App Settings</b> then <b>bdsmail</b>. It may take a while to install, due to the creation of keys.
+Select <b>Administrator controls</b> then <b>Add/Remove Apps</b> then <b>bdsmail</b>. It may take a while to install, due to the creation of keys.
 </p>
 
 <p>
-After installation if you exit from <b>Administrator controls</b> back to the user control panel then select the option to show your email address. You will now have a new bdsmail address which ends with <i>.b32.i2p</i>. If you then select <b>Use Email</b> to run the Mutt email client you'll notice that you now have a folder called <b>i2p</b>. If you select that folder (move up and down with <i>CTRL+n</i> or <i>CTRL+p</i> and open with <i>CTRL+o</i>) you can then send email from your new address, or receive mail to it. Just like ordinary email, but with a more random-looking address.
+After installation exit from <b>Administrator controls</b> back to the user control panel then select the option to <b>show your email address</b>. You will now have a new bdsmail address which ends with <i>.b32.i2p</i>. If you then select <b>Use Email</b> to run the Mutt email client you'll notice that you now have a folder called <b>i2p</b>. If you select that folder (move up and down with <i>CTRL+n</i> or <i>CTRL+p</i> and open with <i>CTRL+o</i>) you can then send email from your new address, or receive mail to it. Just like ordinary email, but with a more random-looking address.
 </p>
 </div>
 </div>