diff options
| author | Aaron Ball <nullspoon@oper.io> | 2018-10-14 13:33:32 -0600 |
|---|---|---|
| committer | Aaron Ball <nullspoon@oper.io> | 2018-10-14 13:35:11 -0600 |
| commit | 6630d72fe9bd813e5272d1c85b723346a42900ff (patch) | |
| tree | 5257f0582b4571720ba5a1d22780aa25b9645c4a | |
| parent | 0dbb12eefe4837aed741adf49d9822b3c783bd71 (diff) | |
| download | gpgsecure-6630d72fe9bd813e5272d1c85b723346a42900ff.tar.gz gpgsecure-6630d72fe9bd813e5272d1c85b723346a42900ff.tar.xz | |
Added pathtoabs function to convert relative paths to absolute. This is
used now because we have to change dir contexts to use gpgtar, since it
doesn't support the tar change dir functionality.
Variablized sleep time.
Changed archive write process to a move process. This is safer and
faster (though still somewhat dangerous given we write to memory and
move to storage). Previoiusly, we tarred the /tmp/dec- directory, piped
to gpg, and redirected stdout to the gpg archive. This was incredibly
dangerous, because on larger archives, loss of power or process crash
could yield a corrupted destination archive. Now we encrypte the entire
archive to memory so processing time is minimally a factor, then move to
storage over the old one. This significantly speeds up write operations
for large archives.
| -rwxr-xr-x | gpgsecure.sh | 70 |
1 files changed, 62 insertions, 8 deletions
diff --git a/gpgsecure.sh b/gpgsecure.sh index 261d046..3d0628a 100755 --- a/gpgsecure.sh +++ b/gpgsecure.sh @@ -24,7 +24,9 @@ trap shutdown SIGINT SIGTERM SIGKILL SIGQUIT SIGHUP shutdown() { - tar -C "${TMP}" -c . | gpg -e --recipient "${KEY}" > "${DIR}.tar.gpg" + gpgtar -e --recipient "${KEY}" -o "${DIR}.tar.gpg" . + cd - 2>/dev/null 1>/dev/null + # Shred all files in memory find "${TMP}" -type f -exec shred -n 100 -f -u "{}" \; # Delete the link @@ -38,16 +40,51 @@ shutdown() { writeback() { trap shutdown SIGINT SIGTERM SIGKILL SIGQUIT SIGHUP - # Sync back to disk every 10 seconds + local tmp # Temp file in memory to write re-encrypted container to. This is + # used for faster writebacks to storage for bigger containers. + # This also protects data, bigger containers take longer to write + # to storage, leaving a bigger window for data corruption. + local sleep=20 + local perms # Permissions of the dest encrypted file. Used for setting perms + # on temp archive to avoid overwriting permissions on move + + # Read dest archive permissions, if it exists, else set to 700 + if [ -f "${DIR}.tar.gpg" ]; then + perms=$(stat -c %a "${DIR}.tar.gpg") + else + perms=700 + fi + + cd "${TMP}" + + # Sync back to disk every ${sleep} seconds while [ 0 ]; do - #printf '%s Syncing back to encrypted storage\n' "$(date '+%F %T')" - tar -C "${TMP}" -c . | gpg -e --recipient "${KEY}" > "${DIR}.tar.gpg" + # Create temp archive for writing back so we don't risk corrupting the + # actual destination archive in case of crash. Protect with 700 perms. + tmp="$(mktemp /tmp/XXXXXXXXXXXX)" + chmod 700 "${tmp}" + + # Write encrypted archive to temp file + gpgtar -e --recipient "${KEY}" -o "${tmp}" . + if [ $? -gt 0 ]; then + printf 'WARNING: Something went wrong syncing back to encrypted storage\n' + printf 'Your data is likely in danger.\n' + printf 'If you see this message more than once, take a manual backup\n' + fi + + # Update perms of temp file to match destination archive so we don't + # overwrite those of the destination archive on move + # TODO: This is a split second of permissions danger. We should find a way + # to remediate this. Set perms on dest archive *after* move instead? + chmod "${perms}" "${tmp}" + mv "${tmp}" "${DIR}.tar.gpg" if [ $? -gt 0 ]; then printf 'WARNING: Something went wrong syncing back to encrypted storage\n' printf 'Your data is likely in danger.\n' printf 'If you see this message more than once, take a manual backup\n' fi - sleep 20 & + + sleep ${sleep} & wait $! done } @@ -64,13 +101,13 @@ open() { export TMP=$(mktemp -d /tmp/dec-XXXXXXXXXXXXXX) # Link! ln -s "${TMP}" "${dir}" - + if [ ! -f "${dir}.tar.gpg" ]; then # Tell the user if that encrypted archive does not exist. printf 'Encrypted archive does not exist. Creating.\n' else # Extract the encrypted tarchive if it exists - gpg -d "${dir}.tar.gpg" | tar -C "${TMP}" -x + gpgtar --decrypt --directory "${TMP}" "${dir}.tar.gpg" fi writeback & @@ -129,6 +166,23 @@ close() { } +pathtoabs() { + local path="${1}" + + if [ -f "${path}" ]; then + cd $(dirname ${path}) + printf "%s/%s\n" "$(pwd)" "$(basename ${path})" + return 0 + elif [ -d "${path}" ]; then + cd ${path} && pwd + return 0 + elif [ ! -e "${path}" ]; then + printf -- "%s/%s\n" "$(pwd)" "${path}" + return 0 + fi + return 1 +} + main() { local action="${1}" local archive="${2}" @@ -156,7 +210,7 @@ main() { local dirname="$(dirname ${archive})" local basename="$(basename ${archive})" - export DIR="${dirname}/${basename}" + export DIR="$(pathtoabs ${dirname}/${basename})" if [ "${action}" = 'open' ]; then # Check if already open |