1
0
mirror of https://github.com/octoleo/Purse.git synced 2025-01-01 05:31:47 +00:00

Safer archive backups

This commit is contained in:
drduh 2024-03-26 14:32:02 -07:00
parent 02b910b326
commit f429a52625
2 changed files with 13 additions and 13 deletions

View File

@ -78,8 +78,8 @@ Variable | Description | Default | Values
`PURSE_INDEX` | index file name | `purse.index` | any valid string `PURSE_INDEX` | index file name | `purse.index` | any valid string
`PURSE_BACKUP` | backup archive file name | `purse.$hostname.$today.tar` | any valid string `PURSE_BACKUP` | backup archive file name | `purse.$hostname.$today.tar` | any valid string
**Note** For additional privacy, the recipient key ID is **not** included in metadata (`throw-keyids` option). **Note** For additional privacy, the recipient key ID is **not** included in metadata (GnuPG `throw-keyids` option).
The password index file can also be encrypted by changing the `encrypt_index` variable to `true` in the script, although two touches will be required for two separate decryption operations. The password index file can also be encrypted by changing the `encrypt_index` variable to `true` in the script, however 2 YubiKey touches will be required (for 2 separate decryption operations).
See [config/gpg.conf](https://github.com/drduh/config/blob/master/gpg.conf) for additional GnuPG options. See [config/gpg.conf](https://github.com/drduh/config/blob/master/gpg.conf) for additional GnuPG options.

View File

@ -104,7 +104,6 @@ read_pass () {
tail -1 | cut -d ":" -f2) tail -1 | cut -d ":" -f2)
fi fi
set -x
prompt_key "password" prompt_key "password"
if [[ -s "${spath}" ]] ; then if [[ -s "${spath}" ]] ; then
decrypt "${spath}" || fail "Failed to decrypt ${spath}" decrypt "${spath}" || fail "Failed to decrypt ${spath}"
@ -175,6 +174,7 @@ list_entry () {
backup () { backup () {
# Archive index, safe and configuration. # Archive index, safe and configuration.
if [[ ! -f ${safe_backup} ]] ; then
if [[ -f "${safe_ix}" && -d "${safe_dir}" ]] ; then if [[ -f "${safe_ix}" && -d "${safe_dir}" ]] ; then
cp "${gpg_conf}" "gpg.conf.${today}" cp "${gpg_conf}" "gpg.conf.${today}"
tar cf "${safe_backup}" "${safe_ix}" "${safe_dir}" \ tar cf "${safe_backup}" "${safe_ix}" "${safe_dir}" \
@ -182,6 +182,7 @@ backup () {
printf "\nArchived %s\n" "${safe_backup}" printf "\nArchived %s\n" "${safe_backup}"
rm -f "gpg.conf.${today}" rm -f "gpg.conf.${today}"
else fail "Nothing to archive" ; fi else fail "Nothing to archive" ; fi
else warn "${safe_backup} exists, skipping archive" ; fi
} }
clip () { clip () {
@ -192,14 +193,13 @@ clip () {
else "${copy}" < "${1}" ; fi else "${copy}" < "${1}" ; fi
printf "\n" printf "\n"
while [ "${clip_timeout}" -gt 0 ] ; do while [[ "${clip_timeout}" -gt 0 ]] ; do
printf "\r\033[K Password on %s! Clearing in %.d" \ printf "\r\033[K Password on %s! Clearing in %.d" \
"${clip_dest}" "$((clip_timeout--))" ; sleep 1 "${clip_dest}" "$((clip_timeout--))" ; sleep 1
done done
printf "\r\033[K Clearing password from %s ..." "${clip_dest}" printf "\r\033[K Clearing password from %s ..." "${clip_dest}"
if [[ "${clip_dest}" = "screen" ]] ; then if [[ "${clip_dest}" = "screen" ]] ; then clear
clear
else printf "\n" ; printf "" | "${copy}" ; fi else printf "\n" ; printf "" | "${copy}" ; fi
} }