-
Notifications
You must be signed in to change notification settings - Fork 1
/
safe.sh
executable file
·167 lines (151 loc) · 3.73 KB
/
safe.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
#!/bin/bash
#
# safe.sh - wrapper to interact with my encrypted file archive
error() {
echo Error: $@
exit 1
}
usage() {
cat << EOF
Usage: $(basename $0) OPTION
Options:
-l list contents
-C create the safe
-x extract contents
-b backup (scp) to SAFE_REMOTE_HOST defined in ~/.saferc
-c compare date of remote backup on SAFE_REMOTE_HOST defined in ~/.saferc
-o FILE cat FILE from inside the safe
-v show version
The following options create a temporary plaintext copy of the safe
-e edit safe contents
-a FILE add FILE to the safe and shred the original
-A FILE add FILE to the safe but do not shred the original
-r FILE remove FILE from the safe
EOF
}
is_or_die() {
if [ ! -d ${1:-$TAR_ENC} -a ! -f ${1:-$TAR_ENC} ]; then
error Unknown or missing: ${1:-$TAR_ENC}
fi
}
shred_source_dir() {
chmod -R u+w $SOURCE_DIR
find $SOURCE_DIR -type f | xargs shred -u
rm -fr $SOURCE_DIR
}
list_safe() {
is_or_die
gpg --batch -q -d $TAR_ENC | tar -zt | sort
}
# cat the file if passed in as an arg.
# otherwise, just extract the dir
extract_safe() {
is_or_die
OPTS=" -zx"
[ $# -eq 1 ] && OPTS+=" $SOURCE_BASE/${1#*/} -O"
gpg --batch -q -d $TAR_ENC | $TAR $OPTS
}
create_safe() {
is_or_die $SOURCE_DIR
$TAR -cz $SOURCE_BASE | gpg -ear $MY_GPG_KEY --yes -o $TAR_ENC
shred_source_dir
auto_backup
}
search_safe() {
is_or_die
FILE=${1#*/}
for f in $(list_safe); do
ARCHIVE_FILE=${f#${SOURCE_BASE}/}
[ "$ARCHIVE_FILE" == "$FILE" ] && return
done
false
}
auto_backup() {
[[ "$SAFE_AUTO_BACKUP" -eq 1 ]] && backup_safe
}
backup_safe() {
is_or_die
echo -n "Backup to ${SAFE_REMOTE_HOST}: "
scp $TAR_ENC ${SAFE_REMOTE_HOST}: &> /dev/null
[[ $? -eq 0 ]] && echo OK || echo Failed
}
edit_safe() {
extract_safe
$EDITOR $SOURCE_DIR
create_safe
}
[ $# -ge 1 ] || { usage; exit 1; }
CONF=${HOME}/.saferc
[ -f $CONF ] && . $CONF
[ -z "$SOURCE_DIR" ] && SOURCE_DIR=${HOME}/safe
VERSION=1.4.0
SOURCE_BASE=$(basename $SOURCE_DIR)
TAR_ENC=$HOME/${SOURCE_BASE}.tar.gz.asc
TAR="tar -C $(dirname $SOURCE_DIR)"
[ -z "$MY_GPG_KEY" ] && MY_GPG_KEY=$(whoami)
while getopts "hvlxBCecba:A:r:o:" opt; do
case $opt in
x)
extract_safe
;;
a|A)
[ -f $OPTARG ] || error $OPTARG is not a file
search_safe $(basename $OPTARG) && error Duplicate in $TAR_ENC: $FILE
extract_safe
cp $OPTARG $SOURCE_DIR
[ "$1" == "-a" ] && {
chmod u+w $OPTARG
shred -u $OPTARG
}
create_safe
;;
r)
search_safe $OPTARG || {
error File not found in $TAR_ENC: $FILE
}
extract_safe
chmod u+w ${SOURCE_DIR}/$FILE
shred -u ${SOURCE_DIR}/$FILE
create_safe
;;
l)
list_safe
;;
e)
[[ -n $EDITOR ]] || error Please set \$EDITOR in your shell
edit_safe
;;
C)
# we could support an optarg here to encrypt to a different reciever
# and fall back to whomai if not used.
create_safe
;;
o)
search_safe $OPTARG || error File not found in $TAR_ENC: $FILE
extract_safe $OPTARG
;;
b)
[[ -n "$SAFE_REMOTE_HOST" ]] || error SAFE_REMOTE_HOST missing in $CONF
backup_safe
;;
c)
[[ -n "$SAFE_REMOTE_HOST" ]] || error SAFE_REMOTE_HOST missing in $CONF
is_or_die
TIMESTAMP_REMOTE=$(ssh ${SAFE_REMOTE_HOST} ls -l --time-style=long-iso $TAR_ENC | awk '{print $6, $7}')
TIMESTAMP_LOCAL=$(ls -l --time-style=long-iso $TAR_ENC | awk '{print $6, $7}')
echo $TIMESTAMP_REMOTE $SAFE_REMOTE_HOST
echo $TIMESTAMP_LOCAL local
;;
v)
echo "Version $VERSION"
;;
h)
usage
exit 0
;;
*)
usage
exit 1
;;
esac
done