summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAaron Ball <nullspoon@oper.io>2018-10-14 13:33:32 -0600
committerAaron Ball <nullspoon@oper.io>2018-10-14 13:35:11 -0600
commit6630d72fe9bd813e5272d1c85b723346a42900ff (patch)
tree5257f0582b4571720ba5a1d22780aa25b9645c4a
parent0dbb12eefe4837aed741adf49d9822b3c783bd71 (diff)
downloadgpgsecure-master.tar.gz
gpgsecure-master.tar.xz
Use gpgtar instead of gpg | tar and change write to moveHEADmaster
Added pathtoabs function to convert relative paths to absolute. This is used now because we have to change dir contexts to use gpgtar, since it doesn't support the tar change dir functionality. Variablized sleep time. Changed archive write process to a move process. This is safer and faster (though still somewhat dangerous given we write to memory and move to storage). Previoiusly, we tarred the /tmp/dec- directory, piped to gpg, and redirected stdout to the gpg archive. This was incredibly dangerous, because on larger archives, loss of power or process crash could yield a corrupted destination archive. Now we encrypte the entire archive to memory so processing time is minimally a factor, then move to storage over the old one. This significantly speeds up write operations for large archives.
-rwxr-xr-xgpgsecure.sh70
1 files changed, 62 insertions, 8 deletions
diff --git a/gpgsecure.sh b/gpgsecure.sh
index 261d046..3d0628a 100755
--- a/gpgsecure.sh
+++ b/gpgsecure.sh
@@ -24,7 +24,9 @@ trap shutdown SIGINT SIGTERM SIGKILL SIGQUIT SIGHUP
shutdown() {
- tar -C "${TMP}" -c . | gpg -e --recipient "${KEY}" > "${DIR}.tar.gpg"
+ gpgtar -e --recipient "${KEY}" -o "${DIR}.tar.gpg" .
+ cd - 2>/dev/null 1>/dev/null
+
# Shred all files in memory
find "${TMP}" -type f -exec shred -n 100 -f -u "{}" \;
# Delete the link
@@ -38,16 +40,51 @@ shutdown() {
writeback() {
trap shutdown SIGINT SIGTERM SIGKILL SIGQUIT SIGHUP
- # Sync back to disk every 10 seconds
+ local tmp # Temp file in memory to write re-encrypted container to. This is
+ # used for faster writebacks to storage for bigger containers.
+ # This also protects data, bigger containers take longer to write
+ # to storage, leaving a bigger window for data corruption.
+ local sleep=20
+ local perms # Permissions of the dest encrypted file. Used for setting perms
+ # on temp archive to avoid overwriting permissions on move
+
+ # Read dest archive permissions, if it exists, else set to 700
+ if [ -f "${DIR}.tar.gpg" ]; then
+ perms=$(stat -c %a "${DIR}.tar.gpg")
+ else
+ perms=700
+ fi
+
+ cd "${TMP}"
+
+ # Sync back to disk every ${sleep} seconds
while [ 0 ]; do
- #printf '%s Syncing back to encrypted storage\n' "$(date '+%F %T')"
- tar -C "${TMP}" -c . | gpg -e --recipient "${KEY}" > "${DIR}.tar.gpg"
+ # Create temp archive for writing back so we don't risk corrupting the
+ # actual destination archive in case of crash. Protect with 700 perms.
+ tmp="$(mktemp /tmp/XXXXXXXXXXXX)"
+ chmod 700 "${tmp}"
+
+ # Write encrypted archive to temp file
+ gpgtar -e --recipient "${KEY}" -o "${tmp}" .
+ if [ $? -gt 0 ]; then
+ printf 'WARNING: Something went wrong syncing back to encrypted storage\n'
+ printf 'Your data is likely in danger.\n'
+ printf 'If you see this message more than once, take a manual backup\n'
+ fi
+
+ # Update perms of temp file to match destination archive so we don't
+ # overwrite those of the destination archive on move
+ # TODO: This is a split second of permissions danger. We should find a way
+ # to remediate this. Set perms on dest archive *after* move instead?
+ chmod "${perms}" "${tmp}"
+ mv "${tmp}" "${DIR}.tar.gpg"
if [ $? -gt 0 ]; then
printf 'WARNING: Something went wrong syncing back to encrypted storage\n'
printf 'Your data is likely in danger.\n'
printf 'If you see this message more than once, take a manual backup\n'
fi
- sleep 20 &
+
+ sleep ${sleep} &
wait $!
done
}
@@ -64,13 +101,13 @@ open() {
export TMP=$(mktemp -d /tmp/dec-XXXXXXXXXXXXXX)
# Link!
ln -s "${TMP}" "${dir}"
-
+
if [ ! -f "${dir}.tar.gpg" ]; then
# Tell the user if that encrypted archive does not exist.
printf 'Encrypted archive does not exist. Creating.\n'
else
# Extract the encrypted tarchive if it exists
- gpg -d "${dir}.tar.gpg" | tar -C "${TMP}" -x
+ gpgtar --decrypt --directory "${TMP}" "${dir}.tar.gpg"
fi
writeback &
@@ -129,6 +166,23 @@ close() {
}
+pathtoabs() {
+ local path="${1}"
+
+ if [ -f "${path}" ]; then
+ cd $(dirname ${path})
+ printf "%s/%s\n" "$(pwd)" "$(basename ${path})"
+ return 0
+ elif [ -d "${path}" ]; then
+ cd ${path} && pwd
+ return 0
+ elif [ ! -e "${path}" ]; then
+ printf -- "%s/%s\n" "$(pwd)" "${path}"
+ return 0
+ fi
+ return 1
+}
+
main() {
local action="${1}"
local archive="${2}"
@@ -156,7 +210,7 @@ main() {
local dirname="$(dirname ${archive})"
local basename="$(basename ${archive})"
- export DIR="${dirname}/${basename}"
+ export DIR="$(pathtoabs ${dirname}/${basename})"
if [ "${action}" = 'open' ]; then
# Check if already open

Generated by cgit