summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAaron Ball <nullspoon@oper.io>2018-04-07 10:20:40 -0600
committerAaron Ball <nullspoon@oper.io>2018-04-07 10:20:40 -0600
commite1e47e71c325f4283fa5befe094757aca4d1f1dc (patch)
tree4d1952f4e41711bf09ea07ab259f13aca2adb1cd
parent6f342ac6d0af9daacf76be5e096a04b5b646320f (diff)
downloadgpgsecure-e1e47e71c325f4283fa5befe094757aca4d1f1dc.tar.gz
gpgsecure-e1e47e71c325f4283fa5befe094757aca4d1f1dc.tar.xz
Added backgrounded writeback
This allows the user to open the encrypted archive and detach from the polling operation. Because of this, the command line syntax has changed a bit. We now require an action before the archive name: open, close, and status. Open (obviously) opens the archive and close the opposite. Status will tell if the archive is opened or close. It will also detect stale pidfiles and clean them up of the corresponding process is not running. Note that default writeback duration is 15 seconds and it not configurable [yet].
-rwxr-xr-xgpgsecure.sh144
1 files changed, 123 insertions, 21 deletions
diff --git a/gpgsecure.sh b/gpgsecure.sh
index bcb974d..261d046 100755
--- a/gpgsecure.sh
+++ b/gpgsecure.sh
@@ -35,23 +35,111 @@ shutdown() {
exit
}
+
writeback() {
+ trap shutdown SIGINT SIGTERM SIGKILL SIGQUIT SIGHUP
+ # Sync back to disk every 10 seconds
while [ 0 ]; do
- printf '%s Syncing back to encrypted storage\n' "$(date '+%F %T')"
+ #printf '%s Syncing back to encrypted storage\n' "$(date '+%F %T')"
tar -C "${TMP}" -c . | gpg -e --recipient "${KEY}" > "${DIR}.tar.gpg"
if [ $? -gt 0 ]; then
printf 'WARNING: Something went wrong syncing back to encrypted storage\n'
printf 'Your data is likely in danger.\n'
printf 'If you see this message more than once, take a manual backup\n'
fi
- sleep 15
+ sleep 20 &
+ wait $!
done
}
+
+open() {
+ local archive="${1}"
+
+ # Convert DIR to absolute path to avoid cd issues
+ local dirname="$(cd $(dirname ${archive}) && pwd)"
+ local basename="$(basename ${archive})"
+ local dir="${dirname}/${basename}"
+ # Create a temp dir in memory to extract to for safety
+ export TMP=$(mktemp -d /tmp/dec-XXXXXXXXXXXXXX)
+ # Link!
+ ln -s "${TMP}" "${dir}"
+
+ if [ ! -f "${dir}.tar.gpg" ]; then
+ # Tell the user if that encrypted archive does not exist.
+ printf 'Encrypted archive does not exist. Creating.\n'
+ else
+ # Extract the encrypted tarchive if it exists
+ gpg -d "${dir}.tar.gpg" | tar -C "${TMP}" -x
+ fi
+
+ writeback &
+ echo $! > "${dirname}/.${basename}.pid"
+}
+
+
+status() {
+ local archive=${1}
+
+ local dirname="$(dirname ${archive})"
+ local basename="$(basename ${archive})"
+ local pidfile="${dirname}/.${basename}.pid"
+
+ # If no pidfile, assume closed
+ if [ ! -f "${pidfile}" ]; then
+ printf '%s is closed\n' "${archive}"
+ return 0
+ fi
+
+ local pid="$(cat ${pidfile})"
+
+ ps "${pid}" 2>/dev/null 1>/dev/null
+ if [ $? -eq 0 ]; then
+ printf '%s is open\n' "${archive}"
+ elif [ $? -gt 0 ]; then
+ printf '%s is closed but a stale pidfile was found. Removing\n' "${archive}"
+ rm -f "${pidfile}"
+ else
+ printf '%s is closed\n' "${archive}"
+ fi
+}
+
+
+close() {
+ local archive=${1}
+
+ local dirname="$(dirname ${archive})"
+ local basename="$(basename ${archive})"
+ local pidfile="${dirname}/.${basename}.pid"
+ local pid="$(cat ${pidfile})"
+
+ ps "${pid}" 2>/dev/null 1>/dev/null
+ if [ $? -gt 0 ]; then
+ printf "Stale pidfile detected but share is not open. Removing\n"
+ rm -f "${pidfile}"
+ return 1
+ else
+ # Send SIGTERM (15) to tell the process to exit cleanly
+ kill -15 "${pid}"
+ [ $? -eq 0 ] && rm "${pidfile}" && return 0
+
+ printf 'Error closing archive "%s"\n' "${archive}"
+ return 1
+ fi
+}
+
+
main() {
- DIR="${1}"
- if [ -z "${DIR:-}" ]; then
- printf 'Directory to decrypt required\n'
+ local action="${1}"
+ local archive="${2}"
+
+ # Input validation
+ if [ -z "${action:-}" ]; then
+ printf 'Action (open, close, or status) required\n'
+ return 1
+ fi
+ if [ -z "${archive:-}" ]; then
+ printf 'Archive to decrypt required\n'
return 1
fi
@@ -66,24 +154,38 @@ main() {
return 1
fi
- # Convert DIR to absolute path to avoid cd issues
- DIR="$(cd $(dirname ${DIR}) && pwd)/$(basename ${DIR})"
- # Create a temp dir in memory to extract to for safety
- TMP=$(mktemp -d /tmp/dec-XXXXXXXXXXXXXX)
- # Link!
- ln -s "${TMP}" "${DIR}"
-
- if [ ! -f "${DIR}.tar.gpg" ]; then
- # Tell the user if that encrypted archive does not exist.
- printf 'Encrypted archive does not exist. Creating.\n'
- else
- # Extract the encrypted tarchive if it exists
- gpg -d ${DIR}.tar.gpg | tar -C "${TMP}" -x
+ local dirname="$(dirname ${archive})"
+ local basename="$(basename ${archive})"
+ export DIR="${dirname}/${basename}"
+
+ if [ "${action}" = 'open' ]; then
+ # Check if already open
+ if [ -f "${dirname}/.${basename}.pid" ]; then
+ printf 'ERROR: Archive "%s" is already open\n' "${archive}"
+ return 1
+ else
+ printf 'Opening!\n'
+ open "${archive}"
+ return $?
+ fi
+ elif [ "${action}" = 'close' ]; then
+ # Check if already closed
+ if [ ! -f "${dirname}/.${basename}.pid" ]; then
+ printf 'ERROR: Archive "%s" is not open\n' "${archive}"
+ exit 1
+ else
+ printf 'Closing!\n'
+ close "${archive}"
+ return $?
+ fi
+ elif [ "${action}" = 'status' ]; then
+ status "${archive}"
+ return $?
fi
- writeback
- shutdown
- return $?
+ # If we make it here, something went wrong.
+ printf 'ERROR: Unknown action "%s"\n' "${action}"
+ return 1
}
main ${@}

Generated by cgit