free
/
freedombone
Observar 1
Favorito 0
Fork 0
Código Issues 0 Pull Requests 0 Versões 0 Wiki Atividade
Ver código fonte

Don't shred 

In most cases we're writing to a microSSD or SSD, so shredding doesn't make sense
Bob Mottram 6 anos atrás
pai
f14cbe5777
commit
de13a2940c
23 arquivos alterados com 55 adições e 71 exclusões
Visão unificada Mostrar estatísticas do Diff
  1. 1
    1
      src/freedombone-adduser
  2. 2
    2
      src/freedombone-app-tahoelafs
  3. 1
    2
      src/freedombone-app-tox
  4. 2
    2
      src/freedombone-app-vpn
  5. 1
    1
      src/freedombone-backup-remote
  6. 2
    2
      src/freedombone-base-email
  7. 1
    1
      src/freedombone-clientcert
  8. 1
    1
      src/freedombone-config
  9. 1
    1
      src/freedombone-image-customise
  10. 1
    1
      src/freedombone-image-make
  11. 12
    13
      src/freedombone-image-mesh
  12. 0
    3
      src/freedombone-logging
  13. 1
    2
      src/freedombone-pass
  14. 2
    2
      src/freedombone-recoverkey
  15. 1
    1
      src/freedombone-renew-cert
  16. 1
    1
      src/freedombone-repair-database
  17. 2
    2
      src/freedombone-rmuser
  18. 8
    8
      src/freedombone-splitkey
  19. 7
    15
      src/freedombone-utils-backup
  20. 4
    4
      src/freedombone-utils-database
  21. 3
    3
      src/freedombone-utils-gpg
  22. 0
    2
      src/freedombone-utils-onion
  23. 1
    1
      src/freedombone-utils-postgresql

+ 1
- 1
src/freedombone-adduser Ver arquivo

142 
 chown "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/gpg-genkey.conf"
 142 
 chown "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/gpg-genkey.conf"
143 
 su -m root -c "gpg --homedir /home/$ADD_USERNAME/.gnupg --batch --full-gen-key /home/$ADD_USERNAME/gpg-genkey.conf" - "$ADD_USERNAME"
 143 
 su -m root -c "gpg --homedir /home/$ADD_USERNAME/.gnupg --batch --full-gen-key /home/$ADD_USERNAME/gpg-genkey.conf" - "$ADD_USERNAME"
144 
 chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.gnupg"
 144 
 chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.gnupg"
145 
-shred -zu "/home/$ADD_USERNAME/gpg-genkey.conf"
145 
+rm "/home/$ADD_USERNAME/gpg-genkey.conf"
146 
 MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$ADD_USERNAME" "$ADD_USERNAME@$HOSTNAME")
 146 
 MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$ADD_USERNAME" "$ADD_USERNAME@$HOSTNAME")
147 
 MY_GPG_PUBLIC_KEY="/home/$ADD_USERNAME/public_key.gpg"
 147 
 MY_GPG_PUBLIC_KEY="/home/$ADD_USERNAME/public_key.gpg"
148 
 su -m root -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - "$ADD_USERNAME"
 148 
 su -m root -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - "$ADD_USERNAME"

+ 2
- 2
src/freedombone-app-tahoelafs Ver arquivo

368
368
369 
 function reconfigure_tahoelafs {
 369 
 function reconfigure_tahoelafs {
370 
     if [ -f $tahoelafs_storage_file ]; then
 370 
     if [ -f $tahoelafs_storage_file ]; then
371 
-        shred -zu $tahoelafs_storage_file
371 
+        rm $tahoelafs_storage_file
372 
     fi
 372 
     fi
373 
     sed -i '/HidServAuth /d' /etc/tor/torrc
 373 
     sed -i '/HidServAuth /d' /etc/tor/torrc
374 
 }
 374 
 }
413 
     fi
 413 
     fi
414 
     remove_app tahoelafs
 414 
     remove_app tahoelafs
415 
     if [ -f /etc/nginx/.htpasswd-tahoelafs ]; then
 415 
     if [ -f /etc/nginx/.htpasswd-tahoelafs ]; then
416 
-        shred -zu /etc/nginx/.htpasswd-tahoelafs
416 
+        rm /etc/nginx/.htpasswd-tahoelafs
417 
     fi
 417 
     fi
418 
     onion_update
 418 
     onion_update
419 
 }
 419 
 }

+ 1
- 2
src/freedombone-app-tox Ver arquivo

74
74
75 
     if [ -d "/home/$remove_username/.config/tox" ]; then
 75 
     if [ -d "/home/$remove_username/.config/tox" ]; then
76 
         if [ -d "/home/$remove_username/.config/tox/chatlogs" ]; then
 76 
         if [ -d "/home/$remove_username/.config/tox/chatlogs" ]; then
77 
-            shred -zu "/home/$remove_username/.config/tox/chatlogs/"*
78 
             rm -rf "/home/$remove_username/.config/tox/chatlogs"
 77 
             rm -rf "/home/$remove_username/.config/tox/chatlogs"
79 
         fi
 78 
         fi
80 
-        shred -zu "/home/$remove_username/.config/tox/"*
79 
+        rm "/home/$remove_username/.config/tox/"*
81 
     fi
 80 
     fi
82 
 }
 81 
 }
83
82

+ 2
- 2
src/freedombone-app-vpn Ver arquivo

351 
     for d in /home/*/ ; do
 351 
     for d in /home/*/ ; do
352 
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
 352 
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
353 
         if [ -f "/home/$USERNAME/$OPENVPN_KEY_FILENAME" ]; then
 353 
         if [ -f "/home/$USERNAME/$OPENVPN_KEY_FILENAME" ]; then
354 
-            shred -zu "/home/$USERNAME/$OPENVPN_KEY_FILENAME"
354 
+            rm "/home/$USERNAME/$OPENVPN_KEY_FILENAME"
355 
         fi
 355 
         fi
356 
         rm "/home/$USERNAME/stunnel*"
 356 
         rm "/home/$USERNAME/stunnel*"
357 
     done
 357 
     done
448
448
449 
     #rm /etc/openvpn/easy-rsa/keys/$username.crt
 449 
     #rm /etc/openvpn/easy-rsa/keys/$username.crt
450 
     #rm /etc/openvpn/easy-rsa/keys/$username.csr
 450 
     #rm /etc/openvpn/easy-rsa/keys/$username.csr
451 
-    shred -zu "/etc/openvpn/easy-rsa/keys/$username.key"
451 
+    rm "/etc/openvpn/easy-rsa/keys/$username.key"
452
452
453 
     echo $"VPN key created at $user_vpn_cert_file"
 453 
     echo $"VPN key created at $user_vpn_cert_file"
454 
 }
 454 
 }

+ 1
- 1
src/freedombone-backup-remote Ver arquivo

419 
                 fi
 419 
                 fi
420
420
421 
                 # remove the temp file/directory
 421 
                 # remove the temp file/directory
422 
-                shred -zu "$temp_key_share_fragments/"*
422 
+                rm "$temp_key_share_fragments/"*
423 
                 rm -rf "$temp_key_share_dir"
 423 
                 rm -rf "$temp_key_share_dir"
424 
             fi
 424 
             fi
425 
         fi
 425 
         fi

+ 2
- 2
src/freedombone-base-email Ver arquivo

1473 
     su -m root -c "gpg --homedir /home/$MY_USERNAME/.gnupg --batch --full-gen-key /home/$MY_USERNAME/gpg-genkey.conf" - "$MY_USERNAME"
 1473 
     su -m root -c "gpg --homedir /home/$MY_USERNAME/.gnupg --batch --full-gen-key /home/$MY_USERNAME/gpg-genkey.conf" - "$MY_USERNAME"
1474 
     chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.gnupg"
 1474 
     chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.gnupg"
1475
1475
1476 
-    shred -zu "/home/$MY_USERNAME/gpg-genkey.conf"
1476 
+    rm "/home/$MY_USERNAME/gpg-genkey.conf"
1477
1477
1478 
     # shellcheck disable=SC2034
 1478 
     # shellcheck disable=SC2034
1479 
     MY_GPG_SUBKEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
 1479 
     MY_GPG_SUBKEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
1596 
         fi
 1596 
         fi
1597
1597
1598 
         # for security ensure that the private key file doesn't linger around
 1598 
         # for security ensure that the private key file doesn't linger around
1599 
-        shred -zu $MY_GPG_PRIVATE_KEY
1599 
+        rm $MY_GPG_PRIVATE_KEY
1600 
         MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
 1600 
         MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
1601 
         if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
 1601 
         if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
1602 
             echo $'GPG public key ID could not be obtained'
 1602 
             echo $'GPG public key ID could not be obtained'

+ 1
- 1
src/freedombone-clientcert Ver arquivo

162 
 chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/emailcert"
 162 
 chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/emailcert"
163 
 chmod +x "/home/$USERNAME/emailcert/install.sh"
 163 
 chmod +x "/home/$USERNAME/emailcert/install.sh"
164
164
165 
-shred -zu "/etc/ssl/requests/$USERNAME.csr"
165 
+rm "/etc/ssl/requests/$USERNAME.csr"
166
166
167 
 echo $'Email authentication certificate created. You can obtain it on the client with:'
 167 
 echo $'Email authentication certificate created. You can obtain it on the client with:'
168 
 echo ''
 168 
 echo ''

+ 1
- 1
src/freedombone-config Ver arquivo

986
986
987 
     # delete the temporary configuration file
 987 
     # delete the temporary configuration file
988 
     if [ -f temp.cfg ]; then
 988 
     if [ -f temp.cfg ]; then
989 
-        shred -zu temp.cfg
989 
+        rm temp.cfg
990 
     fi
 990 
     fi
991
991
992 
     # This file indicates that the configuration happened successfully
 992 
     # This file indicates that the configuration happened successfully

+ 1
- 1
src/freedombone-image-customise Ver arquivo

423 
       echo '                rm /root/.initial_setup';
 423 
       echo '                rm /root/.initial_setup';
424 
       echo '                rm /home/fbone/.initial_setup';
 424 
       echo '                rm /home/fbone/.initial_setup';
425 
       echo "                touch /root/.remove_${GENERIC_IMAGE_USERNAME}";
 425 
       echo "                touch /root/.remove_${GENERIC_IMAGE_USERNAME}";
426 
-      echo '                shred -zu ~/login.txt'; } >> "$rootdir/root/.bashrc"
426 
+      echo '                rm ~/login.txt'; } >> "$rootdir/root/.bashrc"
427 
     if [[ "$VARIANT" != "mesh"* && "$VARIANT" != "usb" ]]; then
 427 
     if [[ "$VARIANT" != "mesh"* && "$VARIANT" != "usb" ]]; then
428 
         { echo "                SSH_ONION_HOSTNAME=\$(cat /var/lib/tor/hidden_service_ssh/hostname)";
 428 
         { echo "                SSH_ONION_HOSTNAME=\$(cat /var/lib/tor/hidden_service_ssh/hostname)";
429
429

+ 1
- 1
src/freedombone-image-make Ver arquivo

276 
      $pkgopts
 276 
      $pkgopts
277
277
278 
 echo $'Removing customised customisation script'
 278 
 echo $'Removing customised customisation script'
279 
-sudo shred -zu $TEMP_CUSTOMISE
279 
+sudo rm $TEMP_CUSTOMISE

+ 12
- 13
src/freedombone-image-mesh Ver arquivo

870 
       echo "MY_USERNAME=\$1";
 870 
       echo "MY_USERNAME=\$1";
871 
       echo 'tomb slam all';
 871 
       echo 'tomb slam all';
872 
       echo "if [ -f /home/${MY_USERNAME}/.bash_history ]; then";
 872 
       echo "if [ -f /home/${MY_USERNAME}/.bash_history ]; then";
873 
-      echo "    shred -zu /home/${MY_USERNAME}/.bash_history";
873 
+      echo "    rm /home/${MY_USERNAME}/.bash_history";
874 
       echo 'fi';
 874 
       echo 'fi';
875 
       echo "if [ -f /home/${MY_USERNAME}/.xsession-errors ]; then";
 875 
       echo "if [ -f /home/${MY_USERNAME}/.xsession-errors ]; then";
876 
-      echo "    shred -zu /home/${MY_USERNAME}/.xsession-errors";
876 
+      echo "    rm /home/${MY_USERNAME}/.xsession-errors";
877 
       echo 'fi';
 877 
       echo 'fi';
878 
       echo '';
 878 
       echo '';
879 
       echo 'exit 0'; } > /usr/bin/amnesic
 879 
       echo 'exit 0'; } > /usr/bin/amnesic
944
944
945 
     # clear crypttab
 945 
     # clear crypttab
946 
     if [ -f /etc/crypttab ]; then
 946 
     if [ -f /etc/crypttab ]; then
947 
-        shred -zu /etc/crypttab
947 
+        rm /etc/crypttab
948 
         touch /etc/crypttab
 948 
         touch /etc/crypttab
949 
     fi
 949 
     fi
950
950
977 
             fi
 977 
             fi
978 
         fi
 978 
         fi
979 
         if [ -d /var/lib/tox-bootstrapd ]; then
 979 
         if [ -d /var/lib/tox-bootstrapd ]; then
980 
-            shred -zu /var/lib/tox-bootstrapd/*
981 
             rm -rf /var/lib/tox-bootstrapd
 980 
             rm -rf /var/lib/tox-bootstrapd
982 
         fi
 981 
         fi
983 
         ln -s /media/${tomb_name} /var/lib/tox-bootstrapd
 982 
         ln -s /media/${tomb_name} /var/lib/tox-bootstrapd
1018 
     su -c "systemctl --user enable ipfs" - $MY_USERNAME
 1017 
     su -c "systemctl --user enable ipfs" - $MY_USERNAME
1019
1018
1020 
     if [ -f $CURRENT_BLOG_INDEX ]; then
 1019 
     if [ -f $CURRENT_BLOG_INDEX ]; then
1021 
-        shred -zu $CURRENT_BLOG_INDEX
1020 
+        rm $CURRENT_BLOG_INDEX
1022 
     fi
 1021 
     fi
1023
1022
1024 
     if [ -d /home/$MY_USERNAME/Public ]; then
 1023 
     if [ -d /home/$MY_USERNAME/Public ]; then
1027 
     fi
 1026 
     fi
1028
1027
1029 
     if [ -d /home/$MY_USERNAME/CreateBlog/content/images ]; then
 1028 
     if [ -d /home/$MY_USERNAME/CreateBlog/content/images ]; then
1030 
-        shred -zu /home/$MY_USERNAME/CreateBlog/content/images/*
1029 
+        rm /home/$MY_USERNAME/CreateBlog/content/images/*
1031 
     fi
 1030 
     fi
1032
1031
1033 
     if [ -d /home/$MY_USERNAME/CreateBlog/content ]; then
 1032 
     if [ -d /home/$MY_USERNAME/CreateBlog/content ]; then
1034 
-        shred -zu /home/$MY_USERNAME/CreateBlog/content/*
1033 
+        rm /home/$MY_USERNAME/CreateBlog/content/*
1035 
         if grep -q "THEME=" /home/$MY_USERNAME/CreateBlog/pelicanconf.py; then
 1034 
         if grep -q "THEME=" /home/$MY_USERNAME/CreateBlog/pelicanconf.py; then
1036 
             sed -i "s|THEME=.*|THEME='themes/nice-blog'|g" /home/$MY_USERNAME/CreateBlog/pelicanconf.py
 1035 
             sed -i "s|THEME=.*|THEME='themes/nice-blog'|g" /home/$MY_USERNAME/CreateBlog/pelicanconf.py
1037 
         else
 1036 
         else
1040 
     fi
 1039 
     fi
1041
1040
1042 
     if [ -d /home/$MY_USERNAME/.ipfs ]; then
 1041 
     if [ -d /home/$MY_USERNAME/.ipfs ]; then
1043 
-        shred -zu /home/$MY_USERNAME/.ipfs/config
1042 
+        rm /home/$MY_USERNAME/.ipfs/config
1044 
         rm -rf /home/$MY_USERNAME/.ipfs
 1043 
         rm -rf /home/$MY_USERNAME/.ipfs
1045 
         su -c "systemctl --user restart ipfs" - $MY_USERNAME
 1044 
         su -c "systemctl --user restart ipfs" - $MY_USERNAME
1046 
     else
 1045 
     else
1048 
     fi
 1047 
     fi
1049
1048
1050 
     if [ -f /home/$MY_USERNAME/.blog-index ]; then
 1049 
     if [ -f /home/$MY_USERNAME/.blog-index ]; then
1051 
-        shred -zu /home/$MY_USERNAME/.blog-index
1050 
+        rm /home/$MY_USERNAME/.blog-index
1052 
     fi
 1051 
     fi
1053
1052
1054 
     if [ -f /home/$MY_USERNAME/.blog-theme-index ]; then
 1053 
     if [ -f /home/$MY_USERNAME/.blog-theme-index ]; then
1055 
-        shred -zu /home/$MY_USERNAME/.blog-theme-index
1054 
+        rm /home/$MY_USERNAME/.blog-theme-index
1056 
     fi
 1055 
     fi
1057
1056
1058 
     if [ -f /home/$MY_USERNAME/.ipfs-id ]; then
 1057 
     if [ -f /home/$MY_USERNAME/.ipfs-id ]; then
1059 
-        shred -zu /home/$MY_USERNAME/.ipfs-id
1058 
+        rm /home/$MY_USERNAME/.ipfs-id
1060 
     fi
 1059 
     fi
1061
1060
1062 
     if [ -f /home/$MY_USERNAME/.ipfs-public ]; then
 1061 
     if [ -f /home/$MY_USERNAME/.ipfs-public ]; then
1063 
-        shred -zu /home/$MY_USERNAME/.ipfs-public
1062 
+        rm /home/$MY_USERNAME/.ipfs-public
1064 
     fi
 1063 
     fi
1065
1064
1066 
     chmod 755 $IPFS_COMMAND
 1065 
     chmod 755 $IPFS_COMMAND
1204
1203
1205 
     #rm /etc/openvpn/easy-rsa/keys/$username.crt
 1204 
     #rm /etc/openvpn/easy-rsa/keys/$username.crt
1206 
     #rm /etc/openvpn/easy-rsa/keys/$username.csr
 1205 
     #rm /etc/openvpn/easy-rsa/keys/$username.csr
1207 
-    shred -zu "/etc/openvpn/easy-rsa/keys/$username.key"
1206 
+    rm "/etc/openvpn/easy-rsa/keys/$username.key"
1208
1207
1209 
     echo $"VPN key created at $user_vpn_cert_file" >> "/var/log/${PROJECT_NAME}.log"
 1208 
     echo $"VPN key created at $user_vpn_cert_file" >> "/var/log/${PROJECT_NAME}.log"
1210 
 }
 1209 
 }

+ 0
- 3
src/freedombone-logging Ver arquivo

33
33
34 
 WEBSERVER_LOG_LEVEL='warn'
 34 
 WEBSERVER_LOG_LEVEL='warn'
35
35
36 
-# Shredding could be used here, but especially on microSD
37 
-# or SSD it's debatable how useful shredding really is.
38 
-# Also the shred command can be very slow on Beaglebone Black
39 
 REMOVE_FILES_COMMAND='rm -rf'
 36 
 REMOVE_FILES_COMMAND='rm -rf'
40
37
41 
 source /usr/local/bin/${PROJECT_NAME}-vars
 38 
 source /usr/local/bin/${PROJECT_NAME}-vars

+ 1
- 2
src/freedombone-pass Ver arquivo

139 
     for d in /root/.passwords/*/ ; do
 139 
     for d in /root/.passwords/*/ ; do
140 
         USERNAME=$(echo "$d" | awk -F '/' '{print $4}')
 140 
         USERNAME=$(echo "$d" | awk -F '/' '{print $4}')
141 
         if [[ "$USERNAME" != 'root' ]]; then
 141 
         if [[ "$USERNAME" != 'root' ]]; then
142 
-            shred -zu "/root/.passwords/$USERNAME/"*
143 
             rm -rf "/root/.passwords/$USERNAME"
 142 
             rm -rf "/root/.passwords/$USERNAME"
144 
         fi
 143 
         fi
145 
     done
 144 
     done
287
286
288 
 if [ "${REMOVE_APP}" ]; then
 287 
 if [ "${REMOVE_APP}" ]; then
289 
     if [ -d "${HOME}/.passwords/${CURR_USERNAME}/${REMOVE_APP}" ]; then
 288 
     if [ -d "${HOME}/.passwords/${CURR_USERNAME}/${REMOVE_APP}" ]; then
290 
-        shred -zu "${HOME}/.passwords/${CURR_USERNAME}/${REMOVE_APP}"
289 
+        rm "${HOME}/.passwords/${CURR_USERNAME}/${REMOVE_APP}"
291 
     fi
 290 
     fi
292 
     exit 0
 291 
     exit 0
293 
 fi
 292 
 fi

+ 2
- 2
src/freedombone-recoverkey Ver arquivo

165 
 # import the gpg key
 165 
 # import the gpg key
166 
 if ! gpg --homedir="/home/$MY_USERNAME/.gnupg" --allow-secret-key-import --import "$KEYS_FILE"; then
 166 
 if ! gpg --homedir="/home/$MY_USERNAME/.gnupg" --allow-secret-key-import --import "$KEYS_FILE"; then
167 
     echo $'Unable to import gpg key'
 167 
     echo $'Unable to import gpg key'
168 
-    shred -zu "$KEYS_FILE"
168 
+    rm "$KEYS_FILE"
169 
     exit 3682
 169 
     exit 3682
170 
 fi
 170 
 fi
171 
-shred -zu "$KEYS_FILE"
171 
+rm "$KEYS_FILE"
172 
 chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.gnupg"
 172 
 chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.gnupg"
173 
 chmod -R 600 "/home/$MY_USERNAME/.gnupg"
 173 
 chmod -R 600 "/home/$MY_USERNAME/.gnupg"
174
174

+ 1
- 1
src/freedombone-renew-cert Ver arquivo

100 
         # remove the password from the private cert
 100 
         # remove the password from the private cert
101 
         openssl rsa -in /etc/ssl/private/$HOSTNAME.key -out /etc/ssl/private/$HOSTNAME.new.key
 101 
         openssl rsa -in /etc/ssl/private/$HOSTNAME.key -out /etc/ssl/private/$HOSTNAME.new.key
102 
         cp /etc/ssl/private/$HOSTNAME.new.key /etc/ssl/private/$HOSTNAME.key
 102 
         cp /etc/ssl/private/$HOSTNAME.new.key /etc/ssl/private/$HOSTNAME.key
103 
-        shred -zu /etc/ssl/private/$HOSTNAME.new.key
103 
+        rm /etc/ssl/private/$HOSTNAME.new.key
104
104
105 
         # bundle the cert
 105 
         # bundle the cert
106 
         cat /etc/ssl/certs/$HOSTNAME.crt /etc/ssl/chains/startssl-sub.class1.server.ca.pem > /etc/ssl/certs/$HOSTNAME.bundle.crt
 106 
         cat /etc/ssl/certs/$HOSTNAME.crt /etc/ssl/chains/startssl-sub.class1.server.ca.pem > /etc/ssl/certs/$HOSTNAME.bundle.crt

+ 1
- 1
src/freedombone-repair-database Ver arquivo

50 
     ${PROJECT_NAME}-pass -u root -a mariadb -p "$MARIADB_PASSWORD"
 50 
     ${PROJECT_NAME}-pass -u root -a mariadb -p "$MARIADB_PASSWORD"
51 
     stored_password=$(${PROJECT_NAME}-pass -u root -a mariadb)
 51 
     stored_password=$(${PROJECT_NAME}-pass -u root -a mariadb)
52 
     if [[ "$stored_password" == "$MARIADB_PASSWORD" ]]; then
 52 
     if [[ "$stored_password" == "$MARIADB_PASSWORD" ]]; then
53 
-        shred -zu $DATABASE_PASSWORD_FILE
53 
+        rm $DATABASE_PASSWORD_FILE
54 
     fi
 54 
     fi
55 
 fi
 55 
 fi
56
56

+ 2
- 2
src/freedombone-rmuser Ver arquivo

110
110
111 
 # remove gpg keys
 111 
 # remove gpg keys
112 
 if [ -d "/home/$REMOVE_USERNAME/.gnupg" ]; then
 112 
 if [ -d "/home/$REMOVE_USERNAME/.gnupg" ]; then
113 
-    shred -zu "/home/$REMOVE_USERNAME/.gnupg/"*
113 
+    rm "/home/$REMOVE_USERNAME/.gnupg/"*
114 
 fi
 114 
 fi
115
115
116 
 # remove ssh keys
 116 
 # remove ssh keys
117 
 if [ -d "/home/$REMOVE_USERNAME/.ssh" ]; then
 117 
 if [ -d "/home/$REMOVE_USERNAME/.ssh" ]; then
118 
-    shred -zu "/home/$REMOVE_USERNAME/.ssh/"*
118 
+    rm "/home/$REMOVE_USERNAME/.ssh/"*
119 
 fi
 119 
 fi
120
120
121 
 echo $'Detecting installed apps...'
 121 
 echo $'Detecting installed apps...'

+ 8
- 8
src/freedombone-splitkey Ver arquivo

155 
 fi
 155 
 fi
156 
 if ! gpg --output "$FRAGMENTS_DIR/backup_pubkey.txt" \
 156 
 if ! gpg --output "$FRAGMENTS_DIR/backup_pubkey.txt" \
157 
     --armor --export "$MY_BACKUP_KEY_ID"; then
 157 
     --armor --export "$MY_BACKUP_KEY_ID"; then
158 
-    shred -zu "$FRAGMENTS_DIR/privkey.txt"
158 
+    rm "$FRAGMENTS_DIR/privkey.txt"
159 
     echo $"Unable to extract backup public key for $MY_BACKUP_KEY_ID"
 159 
     echo $"Unable to extract backup public key for $MY_BACKUP_KEY_ID"
160 
     exit 62928
 160 
     exit 62928
161 
 fi
 161 
 fi
163 
 if ! gpg --output "$FRAGMENTS_DIR/backup_privkey.txt" \
 163 
 if ! gpg --output "$FRAGMENTS_DIR/backup_privkey.txt" \
164 
         --batch --passphrase-fd 0 \
 164 
         --batch --passphrase-fd 0 \
165 
         --armor --export-secret-key "$MY_BACKUP_KEY_ID"; then
 165 
         --armor --export-secret-key "$MY_BACKUP_KEY_ID"; then
166 
-    shred -zu "$FRAGMENTS_DIR/privkey.txt"
166 
+    rm "$FRAGMENTS_DIR/privkey.txt"
167 
     echo $"Unable to extract backup private key for $MY_BACKUP_KEY_ID"
 167 
     echo $"Unable to extract backup private key for $MY_BACKUP_KEY_ID"
168 
     exit 13783
 168 
     exit 13783
169 
 fi
 169 
 fi
176 
     "$FRAGMENTS_DIR/privkey.txt" \
 176 
     "$FRAGMENTS_DIR/privkey.txt" \
177 
     "$FRAGMENTS_DIR/backup_pubkey.txt" \
 177 
     "$FRAGMENTS_DIR/backup_pubkey.txt" \
178 
     "$FRAGMENTS_DIR/backup_privkey.txt" > "$KEYS_FILE"
 178 
     "$FRAGMENTS_DIR/backup_privkey.txt" > "$KEYS_FILE"
179 
-shred -zu "$FRAGMENTS_DIR/privkey.txt"
180 
-shred -zu "$FRAGMENTS_DIR/pubkey.txt"
181 
-shred -zu "$FRAGMENTS_DIR/backup_privkey.txt"
182 
-shred -zu "$FRAGMENTS_DIR/backup_pubkey.txt"
179 
+rm "$FRAGMENTS_DIR/privkey.txt"
180 
+rm "$FRAGMENTS_DIR/pubkey.txt"
181 
+rm "$FRAGMENTS_DIR/backup_privkey.txt"
182 
+rm "$FRAGMENTS_DIR/backup_pubkey.txt"
183
183
184 
 KEY_SHARES=$((KEY_FRAGMENTS * 2))
 184 
 KEY_SHARES=$((KEY_FRAGMENTS * 2))
185 
 if ! gfsplit -n "$KEY_FRAGMENTS" -m $KEY_SHARES "$KEYS_FILE"; then
 185 
 if ! gfsplit -n "$KEY_FRAGMENTS" -m $KEY_SHARES "$KEYS_FILE"; then
186 
     echo $"Unable to split the gpg key"
 186 
     echo $"Unable to split the gpg key"
187 
     rm -rf "$FRAGMENTS_DIR"
 187 
     rm -rf "$FRAGMENTS_DIR"
188 
     if [ -f "$KEYS_FILE" ]; then
 188 
     if [ -f "$KEYS_FILE" ]; then
189 
-        shred -zu "$KEYS_FILE"
189 
+        rm "$KEYS_FILE"
190 
     fi
 190 
     fi
191 
     exit 63028
 191 
     exit 63028
192 
 fi
 192 
 fi
193 
-shred -zu "$KEYS_FILE"
193 
+rm "$KEYS_FILE"
194
194
195 
 # set permissions
 195 
 # set permissions
196 
 chown -R "$MY_USERNAME":"$MY_USERNAME" "$FRAGMENTS_DIR"
 196 
 chown -R "$MY_USERNAME":"$MY_USERNAME" "$FRAGMENTS_DIR"

+ 7
- 15
src/freedombone-utils-backup Ver arquivo

97 
         su -m root -c "gpg --homedir /home/$MY_USERNAME/.gnupg --batch --full-gen-key /home/$MY_USERNAME/gpg-genkey.conf" - "$MY_USERNAME"
 97 
         su -m root -c "gpg --homedir /home/$MY_USERNAME/.gnupg --batch --full-gen-key /home/$MY_USERNAME/gpg-genkey.conf" - "$MY_USERNAME"
98 
         chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.gnupg"
 98 
         chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.gnupg"
99
99
100 
-        shred -zu "/home/$MY_USERNAME/gpg-genkey.conf"
100 
+        rm "/home/$MY_USERNAME/gpg-genkey.conf"
101 
         echo $'Checking that the Backup key was created'
 101 
         echo $'Checking that the Backup key was created'
102 
         BACKUP_KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_NAME (backup key)")
 102 
         BACKUP_KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_NAME (backup key)")
103 
         if [[ $BACKUP_KEY_EXISTS == "no" ]]; then
 103 
         if [[ $BACKUP_KEY_EXISTS == "no" ]]; then
127 
     gpg --import --import "${MY_BACKUP_KEY}_public.asc"
 127 
     gpg --import --import "${MY_BACKUP_KEY}_public.asc"
128 
     echo "$BACKUP_DUMMY_PASSWORD" | gpg --batch --passphrase-fd 0 --allow-secret-key-import --import "${MY_BACKUP_KEY}_private.asc"
 128 
     echo "$BACKUP_DUMMY_PASSWORD" | gpg --batch --passphrase-fd 0 --allow-secret-key-import --import "${MY_BACKUP_KEY}_private.asc"
129
129
130 
-    shred -zu "${MY_BACKUP_KEY}_public.asc"
131 
-    shred -zu "${MY_BACKUP_KEY}_private.asc"
130 
+    rm "${MY_BACKUP_KEY}_public.asc"
131 
+    rm "${MY_BACKUP_KEY}_private.asc"
132
132
133 
     mark_completed "${FUNCNAME[0]}"
 133 
     mark_completed "${FUNCNAME[0]}"
134 
 }
 134 
 }
258 
     if [ -f "${local_database_dir}/${1}.${database_file_extension}" ]; then
 258 
     if [ -f "${local_database_dir}/${1}.${database_file_extension}" ]; then
259 
         if [ ! -s "${local_database_dir}/${1}.${database_file_extension}" ]; then
 259 
         if [ ! -s "${local_database_dir}/${1}.${database_file_extension}" ]; then
260 
             echo $"${1} database could not be saved"
 260 
             echo $"${1} database could not be saved"
261 
-            shred -zu "${local_database_dir}/"*
262 
             rm -rf "${local_database_dir}"
 261 
             rm -rf "${local_database_dir}"
263 
             umount "$USB_MOUNT"
 262 
             umount "$USB_MOUNT"
264 
             rm -rf "$USB_MOUNT"
 263 
             rm -rf "$USB_MOUNT"
284 
         umount "$USB_MOUNT"
 283 
         umount "$USB_MOUNT"
285 
         rm -rf "$USB_MOUNT"
 284 
         rm -rf "$USB_MOUNT"
286 
         if [[ ${1} == "/root/temp"* || ${1} == *"tempbackup" ]]; then
 285 
         if [[ ${1} == "/root/temp"* || ${1} == *"tempbackup" ]]; then
287 
-            shred -zu "${1}/"*
288 
             rm -rf "${1}"
 286 
             rm -rf "${1}"
289 
         fi
 287 
         fi
290 
         function_check restart_site
 288 
         function_check restart_site
299 
             umount "$USB_MOUNT"
 297 
             umount "$USB_MOUNT"
300 
             rm -rf "$USB_MOUNT"
 298 
             rm -rf "$USB_MOUNT"
301 
             if [[ ${1} == "/root/temp"* || ${1} == *"tempbackup" ]]; then
 299 
             if [[ ${1} == "/root/temp"* || ${1} == *"tempbackup" ]]; then
302 
-                shred -zu "${1}/"*
303 
                 rm -rf "${1}"
 300 
                 rm -rf "${1}"
304 
             fi
 301 
             fi
305 
             function_check restart_site
 302 
             function_check restart_site
332 
         backup_directory_to_usb_duplicity "${1}" "${2}"
 329 
         backup_directory_to_usb_duplicity "${1}" "${2}"
333
330
334 
         if [[ ${1} == "/root/temp"* || ${1} == *"tempbackup" ]]; then
 331 
         if [[ ${1} == "/root/temp"* || ${1} == *"tempbackup" ]]; then
335 
-            shred -zu "${1}/"*
336 
             rm -rf "${1}"
 332 
             rm -rf "${1}"
337 
         fi
 333 
         fi
338 
     fi
 334 
     fi
414 
     # shellcheck disable=SC2181
 410 
     # shellcheck disable=SC2181
415 
     if [ ! "$?" = "0" ]; then
 411 
     if [ ! "$?" = "0" ]; then
416 
         if [[ "${1}" == "/root/temp"* || ${1} == *"tempbackup" ]]; then
 412 
         if [[ "${1}" == "/root/temp"* || ${1} == *"tempbackup" ]]; then
417 
-            shred -zu "${1}/"*
418 
             rm -rf "${1}"
 413 
             rm -rf "${1}"
419 
         fi
 414 
         fi
420 
         function_check restart_site
 415 
         function_check restart_site
427 
         # shellcheck disable=SC2181
 422 
         # shellcheck disable=SC2181
428 
         if [ ! "$?" = "0" ]; then
 423 
         if [ ! "$?" = "0" ]; then
429 
             if [[ "${1}" == "/root/temp"* || ${1} == *"tempbackup" ]]; then
 424 
             if [[ "${1}" == "/root/temp"* || ${1} == *"tempbackup" ]]; then
430 
-                shred -zu "${1}/"*
431 
                 rm -rf "${1}"
 425 
                 rm -rf "${1}"
432 
             fi
 426 
             fi
433 
             function_check restart_site
 427 
             function_check restart_site
457 
     backup_directory_to_friend_duplicity "${1}" "${2}"
 451 
     backup_directory_to_friend_duplicity "${1}" "${2}"
458
452
459 
     if [[ "${1}" == "/root/temp"* || ${1} == *"tempbackup" ]]; then
 453 
     if [[ "${1}" == "/root/temp"* || ${1} == *"tempbackup" ]]; then
460 
-        shred -zu "/root/temp${2}/"*
461 
         rm -rf "/root/temp${2}"
 454 
         rm -rf "/root/temp${2}"
462 
     fi
 455 
     fi
463 
 }
 456 
 }
508 
     if [ -f "${local_database_dir}/${1}.${database_file_extension}" ]; then
 501 
     if [ -f "${local_database_dir}/${1}.${database_file_extension}" ]; then
509 
         if [ ! -s "${local_database_dir}/${1}.${database_file_extension}" ]; then
 502 
         if [ ! -s "${local_database_dir}/${1}.${database_file_extension}" ]; then
510 
             echo $"${1} database could not be saved"
 503 
             echo $"${1} database could not be saved"
511 
-            shred -zu "${local_database_dir}/"*
512 
             rm -rf "${local_database_dir}"
 504 
             rm -rf "${local_database_dir}"
513 
             # Send a warning email
 505 
             # Send a warning email
514 
             echo $"Unable to export ${1} database" | mail -s $"${PROJECT_NAME} backup to friends" "$ADMIN_EMAIL_ADDRESS"
 506 
             echo $"Unable to export ${1} database" | mail -s $"${PROJECT_NAME} backup to friends" "$ADMIN_EMAIL_ADDRESS"
629 
             exit 8735271
 621 
             exit 8735271
630 
         fi
 622 
         fi
631 
         if [ -d "${local_database_dir}/${RESTORE_SUBDIR}/temp${1}data" ]; then
 623 
         if [ -d "${local_database_dir}/${RESTORE_SUBDIR}/temp${1}data" ]; then
632 
-            shred -zu "${local_database_dir}/${RESTORE_SUBDIR}/temp${1}data/"*
624 
+            rm "${local_database_dir}/${RESTORE_SUBDIR}/temp${1}data/"*
633 
         else
 625 
         else
634 
-            shred -zu "${local_database_dir}/*.${database_file_extension}"
626 
+            rm "${local_database_dir}/*.${database_file_extension}"
635 
         fi
 627 
         fi
636 
         rm -rf "${local_database_dir}"
 628 
         rm -rf "${local_database_dir}"
637 
         echo $"Restoring ${1} installation"
 629 
         echo $"Restoring ${1} installation"
739 
             exit 482638995
 731 
             exit 482638995
740 
         fi
 732 
         fi
741 
         if [ -d "${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data" ]; then
 733 
         if [ -d "${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data" ]; then
742 
-            shred -zu "${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data/"*
734 
+            rm "${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data/"*
743 
         else
 735 
         else
744 
-            shred -zu "${local_database_dir}/*.${database_file_extension}"
736 
+            rm "${local_database_dir}/*.${database_file_extension}"
745 
         fi
 737 
         fi
746
738
747 
         rm -rf "${local_database_dir}"
 739 
         rm -rf "${local_database_dir}"

+ 4
- 4
src/freedombone-utils-database Ver arquivo

139 
         "${PROJECT_NAME}-pass" -u root -a mariadb -p "$MARIADB_PASSWORD"
 139 
         "${PROJECT_NAME}-pass" -u root -a mariadb -p "$MARIADB_PASSWORD"
140 
         stored_password=$("${PROJECT_NAME}-pass" -u root -a mariadb)
 140 
         stored_password=$("${PROJECT_NAME}-pass" -u root -a mariadb)
141 
         if [[ "$stored_password" == "$MARIADB_PASSWORD" ]]; then
 141 
         if [[ "$stored_password" == "$MARIADB_PASSWORD" ]]; then
142 
-            shred -zu $DATABASE_PASSWORD_FILE
142 
+            rm $DATABASE_PASSWORD_FILE
143 
             echo $'MariaDB password moved into password store'
 143 
             echo $'MariaDB password moved into password store'
144 
             return
 144 
             return
145 
         fi
 145 
         fi
311 
     chmod 600 "$INSTALL_DIR/batch.sql"
 311 
     chmod 600 "$INSTALL_DIR/batch.sql"
312 
     keep_database_running
 312 
     keep_database_running
313 
     mysql -u root --password="$MARIADB_PASSWORD" < "$INSTALL_DIR/batch.sql"
 313 
     mysql -u root --password="$MARIADB_PASSWORD" < "$INSTALL_DIR/batch.sql"
314 
-    shred -zu "$INSTALL_DIR/batch.sql"
314 
+    rm "$INSTALL_DIR/batch.sql"
315 
 }
 315 
 }
316
316
317 
 function initialise_database {
 317 
 function initialise_database {
359 
     chmod 600 "$INSTALL_DIR/batch.sql"
 359 
     chmod 600 "$INSTALL_DIR/batch.sql"
360 
     keep_database_running
 360 
     keep_database_running
361 
     mysql -u root --password="$MARIADB_PASSWORD" < "$INSTALL_DIR/batch.sql"
 361 
     mysql -u root --password="$MARIADB_PASSWORD" < "$INSTALL_DIR/batch.sql"
362 
-    shred -zu "$INSTALL_DIR/batch.sql"
362 
+    rm "$INSTALL_DIR/batch.sql"
363 
 }
 363 
 }
364
364
365 
 function run_query_with_output {
 365 
 function run_query_with_output {
385 
     chmod 600 "$INSTALL_DIR/batch.sql"
 385 
     chmod 600 "$INSTALL_DIR/batch.sql"
386 
     keep_database_running
 386 
     keep_database_running
387 
     mysql -u root --password="$MARIADB_PASSWORD" < "$INSTALL_DIR/batch.sql"
 387 
     mysql -u root --password="$MARIADB_PASSWORD" < "$INSTALL_DIR/batch.sql"
388 
-    shred -zu "$INSTALL_DIR/batch.sql"
388 
+    rm "$INSTALL_DIR/batch.sql"
389 
 }
 389 
 }
390
390
391
391

+ 3
- 3
src/freedombone-utils-gpg Ver arquivo

118 
         echo $"A GPG key for $MY_EMAIL_ADDRESS could not be created"
 118 
         echo $"A GPG key for $MY_EMAIL_ADDRESS could not be created"
119 
         exit 63621
 119 
         exit 63621
120 
     fi
 120 
     fi
121 
-    shred -zu "/home/$key_username/gpg-genkey.conf"
121 
+    rm "/home/$key_username/gpg-genkey.conf"
122 
     CURR_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$key_username" "$MY_EMAIL_ADDRESS")
 122 
     CURR_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$key_username" "$MY_EMAIL_ADDRESS")
123 
     if [ ${#CURR_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
 123 
     if [ ${#CURR_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
124 
         echo $"GPG public key ID could not be obtained for $MY_EMAIL_ADDRESS"
 124 
         echo $"GPG public key ID could not be obtained for $MY_EMAIL_ADDRESS"
196 
     fi
 196 
     fi
197
197
198 
     if ! gpg --homedir="/home/$key_username/.gnupg" --allow-secret-key-import --import "$KEYS_FILE"; then
 198 
     if ! gpg --homedir="/home/$key_username/.gnupg" --allow-secret-key-import --import "$KEYS_FILE"; then
199 
-        shred -zu "$KEYS_FILE"
199 
+        rm "$KEYS_FILE"
200 
         rm -rf "/home/$key_username/.tempgnupg"
 200 
         rm -rf "/home/$key_username/.tempgnupg"
201 
         if [ "$key_interactive" ]; then
 201 
         if [ "$key_interactive" ]; then
202 
             dialog --title $"Recover Encryption Keys" --msgbox $'Unable to import gpg key' 6 70
 202 
             dialog --title $"Recover Encryption Keys" --msgbox $'Unable to import gpg key' 6 70
205 
         fi
 205 
         fi
206 
         exit 96547
 206 
         exit 96547
207 
     fi
 207 
     fi
208 
-    shred -zu "$KEYS_FILE"
208 
+    rm "$KEYS_FILE"
209
209
210 
     gpg_set_permissions "$key_username"
 210 
     gpg_set_permissions "$key_username"
211
211

+ 0
- 2
src/freedombone-utils-onion Ver arquivo

136 
         fi
 136 
         fi
137 
     fi
 137 
     fi
138 
     if [ -d "${HIDDEN_SERVICE_PATH}${onion_service_name}" ]; then
 138 
     if [ -d "${HIDDEN_SERVICE_PATH}${onion_service_name}" ]; then
139 
-        shred -zu "${HIDDEN_SERVICE_PATH}${onion_service_name}/"*
140 
         rm -rf "${HIDDEN_SERVICE_PATH}${onion_service_name}"
 139 
         rm -rf "${HIDDEN_SERVICE_PATH}${onion_service_name}"
141 
     fi
 140 
     fi
142 
     if [ -d "${HIDDEN_SERVICE_PATH}${onion_service_name}_mobile" ]; then
 141 
     if [ -d "${HIDDEN_SERVICE_PATH}${onion_service_name}_mobile" ]; then
143 
-        shred -zu "${HIDDEN_SERVICE_PATH}${onion_service_name}_mobile/"*
144 
         rm -rf "${HIDDEN_SERVICE_PATH}${onion_service_name}_mobile"
 142 
         rm -rf "${HIDDEN_SERVICE_PATH}${onion_service_name}_mobile"
145 
     fi
 143 
     fi
146 
     remove_completion_param "${onion_service_name} onion domain"
 144 
     remove_completion_param "${onion_service_name} onion domain"

+ 1
- 1
src/freedombone-utils-postgresql Ver arquivo

202 
     chmod 600 "$INSTALL_DIR/batch.sql"
 202 
     chmod 600 "$INSTALL_DIR/batch.sql"
203 
     cd /etc/postgresql || exit 247284684
 203 
     cd /etc/postgresql || exit 247284684
204 
     sudo -u postgres psql -d "$database_name" --file="$INSTALL_DIR/batch.sql"
 204 
     sudo -u postgres psql -d "$database_name" --file="$INSTALL_DIR/batch.sql"
205 
-    shred -zu "$INSTALL_DIR/batch.sql"
205 
+    rm "$INSTALL_DIR/batch.sql"
206 
 }
 206 
 }
207
207
208 
 # NOTE: deliberately there is no "exit 0"
 208 
 # NOTE: deliberately there is no "exit 0"