mirror of https://github.com/octoleo/Purse.git
Safer archive backups
This commit is contained in:
drduh
parent
02b910b326
commit
f429a52625
|
|
@ -78,8 +78,8 @@ Variable | Description | Default | Values
|
|||
`PURSE_INDEX` | index file name | `purse.index` | any valid string
|
||||
`PURSE_BACKUP` | backup archive file name | `purse.$hostname.$today.tar` | any valid string
|
||||
|
||||
**Note** For additional privacy, the recipient key ID is **not** included in metadata (`throw-keyids` option).
|
||||
**Note** For additional privacy, the recipient key ID is **not** included in metadata (GnuPG `throw-keyids` option).
|
||||
|
||||
The password index file can also be encrypted by changing the `encrypt_index` variable to `true` in the script, although two touches will be required for two separate decryption operations.
|
||||
The password index file can also be encrypted by changing the `encrypt_index` variable to `true` in the script, however 2 YubiKey touches will be required (for 2 separate decryption operations).
|
||||
|
||||
See [config/gpg.conf](https://github.com/drduh/config/blob/master/gpg.conf) for additional GnuPG options.
|
||||
|
|
|
|||
22
purse.sh
22
purse.sh
|
|
@ -104,7 +104,6 @@ read_pass () {
|
|||
tail -1 | cut -d ":" -f2)
|
||||
fi
|
||||
|
||||
set -x
|
||||
prompt_key "password"
|
||||
if [[ -s "${spath}" ]] ; then
|
||||
decrypt "${spath}" || fail "Failed to decrypt ${spath}"
|
||||
|
|
@ -175,13 +174,15 @@ list_entry () {
|
|||
backup () {
|
||||
# Archive index, safe and configuration.
|
||||
|
||||
if [[ -f "${safe_ix}" && -d "${safe_dir}" ]] ; then
|
||||
cp "${gpg_conf}" "gpg.conf.${today}"
|
||||
tar cf "${safe_backup}" "${safe_ix}" "${safe_dir}" \
|
||||
"${BASH_SOURCE}" "gpg.conf.${today}" && \
|
||||
printf "\nArchived %s\n" "${safe_backup}"
|
||||
rm -f "gpg.conf.${today}"
|
||||
else fail "Nothing to archive" ; fi
|
||||
if [[ ! -f ${safe_backup} ]] ; then
|
||||
if [[ -f "${safe_ix}" && -d "${safe_dir}" ]] ; then
|
||||
cp "${gpg_conf}" "gpg.conf.${today}"
|
||||
tar cf "${safe_backup}" "${safe_ix}" "${safe_dir}" \
|
||||
"${BASH_SOURCE}" "gpg.conf.${today}" && \
|
||||
printf "\nArchived %s\n" "${safe_backup}"
|
||||
rm -f "gpg.conf.${today}"
|
||||
else fail "Nothing to archive" ; fi
|
||||
else warn "${safe_backup} exists, skipping archive" ; fi
|
||||
}
|
||||
|
||||
clip () {
|
||||
|
|
@ -192,14 +193,13 @@ clip () {
|
|||
else "${copy}" < "${1}" ; fi
|
||||
|
||||
printf "\n"
|
||||
while [ "${clip_timeout}" -gt 0 ] ; do
|
||||
while [[ "${clip_timeout}" -gt 0 ]] ; do
|
||||
printf "\r\033[K Password on %s! Clearing in %.d" \
|
||||
"${clip_dest}" "$((clip_timeout--))" ; sleep 1
|
||||
done
|
||||
printf "\r\033[K Clearing password from %s ..." "${clip_dest}"
|
||||
|
||||
if [[ "${clip_dest}" = "screen" ]] ; then
|
||||
clear
|
||||
if [[ "${clip_dest}" = "screen" ]] ; then clear
|
||||
else printf "\n" ; printf "" | "${copy}" ; fi
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue