mirror of
https://github.com/octoleo/Purse.git
synced 2025-01-01 05:31:47 +00:00
Safer archive backups
This commit is contained in:
parent
02b910b326
commit
f429a52625
@ -78,8 +78,8 @@ Variable | Description | Default | Values
|
|||||||
`PURSE_INDEX` | index file name | `purse.index` | any valid string
|
`PURSE_INDEX` | index file name | `purse.index` | any valid string
|
||||||
`PURSE_BACKUP` | backup archive file name | `purse.$hostname.$today.tar` | any valid string
|
`PURSE_BACKUP` | backup archive file name | `purse.$hostname.$today.tar` | any valid string
|
||||||
|
|
||||||
**Note** For additional privacy, the recipient key ID is **not** included in metadata (`throw-keyids` option).
|
**Note** For additional privacy, the recipient key ID is **not** included in metadata (GnuPG `throw-keyids` option).
|
||||||
|
|
||||||
The password index file can also be encrypted by changing the `encrypt_index` variable to `true` in the script, although two touches will be required for two separate decryption operations.
|
The password index file can also be encrypted by changing the `encrypt_index` variable to `true` in the script, however 2 YubiKey touches will be required (for 2 separate decryption operations).
|
||||||
|
|
||||||
See [config/gpg.conf](https://github.com/drduh/config/blob/master/gpg.conf) for additional GnuPG options.
|
See [config/gpg.conf](https://github.com/drduh/config/blob/master/gpg.conf) for additional GnuPG options.
|
||||||
|
8
purse.sh
8
purse.sh
@ -104,7 +104,6 @@ read_pass () {
|
|||||||
tail -1 | cut -d ":" -f2)
|
tail -1 | cut -d ":" -f2)
|
||||||
fi
|
fi
|
||||||
|
|
||||||
set -x
|
|
||||||
prompt_key "password"
|
prompt_key "password"
|
||||||
if [[ -s "${spath}" ]] ; then
|
if [[ -s "${spath}" ]] ; then
|
||||||
decrypt "${spath}" || fail "Failed to decrypt ${spath}"
|
decrypt "${spath}" || fail "Failed to decrypt ${spath}"
|
||||||
@ -175,6 +174,7 @@ list_entry () {
|
|||||||
backup () {
|
backup () {
|
||||||
# Archive index, safe and configuration.
|
# Archive index, safe and configuration.
|
||||||
|
|
||||||
|
if [[ ! -f ${safe_backup} ]] ; then
|
||||||
if [[ -f "${safe_ix}" && -d "${safe_dir}" ]] ; then
|
if [[ -f "${safe_ix}" && -d "${safe_dir}" ]] ; then
|
||||||
cp "${gpg_conf}" "gpg.conf.${today}"
|
cp "${gpg_conf}" "gpg.conf.${today}"
|
||||||
tar cf "${safe_backup}" "${safe_ix}" "${safe_dir}" \
|
tar cf "${safe_backup}" "${safe_ix}" "${safe_dir}" \
|
||||||
@ -182,6 +182,7 @@ backup () {
|
|||||||
printf "\nArchived %s\n" "${safe_backup}"
|
printf "\nArchived %s\n" "${safe_backup}"
|
||||||
rm -f "gpg.conf.${today}"
|
rm -f "gpg.conf.${today}"
|
||||||
else fail "Nothing to archive" ; fi
|
else fail "Nothing to archive" ; fi
|
||||||
|
else warn "${safe_backup} exists, skipping archive" ; fi
|
||||||
}
|
}
|
||||||
|
|
||||||
clip () {
|
clip () {
|
||||||
@ -192,14 +193,13 @@ clip () {
|
|||||||
else "${copy}" < "${1}" ; fi
|
else "${copy}" < "${1}" ; fi
|
||||||
|
|
||||||
printf "\n"
|
printf "\n"
|
||||||
while [ "${clip_timeout}" -gt 0 ] ; do
|
while [[ "${clip_timeout}" -gt 0 ]] ; do
|
||||||
printf "\r\033[K Password on %s! Clearing in %.d" \
|
printf "\r\033[K Password on %s! Clearing in %.d" \
|
||||||
"${clip_dest}" "$((clip_timeout--))" ; sleep 1
|
"${clip_dest}" "$((clip_timeout--))" ; sleep 1
|
||||||
done
|
done
|
||||||
printf "\r\033[K Clearing password from %s ..." "${clip_dest}"
|
printf "\r\033[K Clearing password from %s ..." "${clip_dest}"
|
||||||
|
|
||||||
if [[ "${clip_dest}" = "screen" ]] ; then
|
if [[ "${clip_dest}" = "screen" ]] ; then clear
|
||||||
clear
|
|
||||||
else printf "\n" ; printf "" | "${copy}" ; fi
|
else printf "\n" ; printf "" | "${copy}" ; fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user