mirror of
https://github.com/TheLocehiliosan/yadm
synced 2025-06-13 13:03:58 +00:00
Initial support for alternative cyphers.
This patch implements an OpenSSL cypher (via openssl enc command). It has to be enabled using yadm.cypher configuration key. Some rough edges: - archive file refers to GPG (.gpg extension) - no test cases
This commit is contained in:
Luis López
Tim Byrne
parent
09a018ea5a
commit
baaeb88628
113
yadm
113
yadm
@ -34,6 +34,7 @@ HOOK_COMMAND=""
|
||||
FULL_COMMAND=""
|
||||
|
||||
GPG_PROGRAM="gpg"
|
||||
OPENSSL_PROGRAM="openssl"
|
||||
GIT_PROGRAM="git"
|
||||
ENVTPL_PROGRAM="envtpl"
|
||||
LSB_RELEASE_PROGRAM="lsb_release"
|
||||
@ -388,9 +389,88 @@ EOF
|
||||
|
||||
}
|
||||
|
||||
function _decrypt_from() {
|
||||
|
||||
local output_archive
|
||||
output_archive="$1"
|
||||
|
||||
local yadm_crypher
|
||||
yadm_crypher="$(config yadm.cypher)"
|
||||
if [ -z "$yadm_crypher" ]; then
|
||||
yadm_crypher="gpg"
|
||||
fi
|
||||
|
||||
case "$yadm_crypher" in
|
||||
gpg)
|
||||
require_gpg
|
||||
|
||||
$GPG_PROGRAM -d "$output_archive"
|
||||
;;
|
||||
|
||||
openssl)
|
||||
require_openssl
|
||||
|
||||
$OPENSSL_PROGRAM enc -d -aes256 -in "$output_archive"
|
||||
;;
|
||||
|
||||
*)
|
||||
error_out "Unknown cypher '$yadm_crypher'"
|
||||
;;
|
||||
|
||||
esac
|
||||
|
||||
}
|
||||
|
||||
function _encrypt_to() {
|
||||
|
||||
local output_archive
|
||||
output_archive="$1"
|
||||
|
||||
local yadm_crypher
|
||||
yadm_crypher="$(config yadm.cypher)"
|
||||
if [ -z "$yadm_crypher" ]; then
|
||||
yadm_crypher="gpg"
|
||||
fi
|
||||
|
||||
case "$yadm_crypher" in
|
||||
gpg)
|
||||
require_gpg
|
||||
|
||||
#; Build gpg options for gpg
|
||||
GPG_KEY="$(config yadm.gpg-recipient)"
|
||||
if [ "$GPG_KEY" = "ASK" ]; then
|
||||
GPG_OPTS=("--no-default-recipient" "-e")
|
||||
elif [ "$GPG_KEY" != "" ]; then
|
||||
GPG_OPTS=("-e" "-r $GPG_KEY")
|
||||
else
|
||||
GPG_OPTS=("-c")
|
||||
fi
|
||||
|
||||
$GPG_PROGRAM --yes "${GPG_OPTS[@]}" --output "$output_archive"
|
||||
;;
|
||||
|
||||
openssl)
|
||||
require_openssl
|
||||
|
||||
#; Build openssl options for openssl
|
||||
OPENSSL_CIPHERNAME="$(config yadm.openssl-ciphername)"
|
||||
if [ -z "$OPENSSL_CIPHERNAME" ]; then
|
||||
OPENSSL_CIPHERNAME="aes256"
|
||||
fi
|
||||
|
||||
$OPENSSL_PROGRAM enc -"$OPENSSL_CIPHERNAME" -e -out "$output_archive"
|
||||
;;
|
||||
|
||||
*)
|
||||
error_out "Unknown cypher '$yadm_crypher'"
|
||||
;;
|
||||
|
||||
esac
|
||||
|
||||
}
|
||||
|
||||
function decrypt() {
|
||||
|
||||
require_gpg
|
||||
require_archive
|
||||
|
||||
YADM_WORK=$(unix_path "$("$GIT_PROGRAM" config core.worktree)")
|
||||
@ -402,7 +482,7 @@ function decrypt() {
|
||||
fi
|
||||
|
||||
#; decrypt the archive
|
||||
if ($GPG_PROGRAM -d "$YADM_ARCHIVE" || echo 1) | tar v${tar_option}f - -C "$YADM_WORK"; then
|
||||
if (_decrypt_from "$YADM_ARCHIVE" || echo 1) | tar v${tar_option}f - -C "$YADM_WORK"; then
|
||||
[ ! "$DO_LIST" = "YES" ] && echo "All files decrypted."
|
||||
else
|
||||
error_out "Unable to extract encrypted files."
|
||||
@ -414,29 +494,18 @@ function decrypt() {
|
||||
|
||||
function encrypt() {
|
||||
|
||||
require_gpg
|
||||
require_encrypt
|
||||
parse_encrypt
|
||||
|
||||
cd_work "Encryption" || return
|
||||
|
||||
#; Build gpg options for gpg
|
||||
GPG_KEY="$(config yadm.gpg-recipient)"
|
||||
if [ "$GPG_KEY" = "ASK" ]; then
|
||||
GPG_OPTS=("--no-default-recipient" "-e")
|
||||
elif [ "$GPG_KEY" != "" ]; then
|
||||
GPG_OPTS=("-e" "-r $GPG_KEY")
|
||||
else
|
||||
GPG_OPTS=("-c")
|
||||
fi
|
||||
|
||||
#; report which files will be encrypted
|
||||
echo "Encrypting the following files:"
|
||||
printf '%s\n' "${ENCRYPT_INCLUDE_FILES[@]}"
|
||||
echo
|
||||
|
||||
#; encrypt all files which match the globs
|
||||
if tar -f - -c "${ENCRYPT_INCLUDE_FILES[@]}" | $GPG_PROGRAM --yes "${GPG_OPTS[@]}" --output "$YADM_ARCHIVE"; then
|
||||
if tar -f - -c "${ENCRYPT_INCLUDE_FILES[@]}" | _encrypt_to "$YADM_ARCHIVE"; then
|
||||
echo "Wrote new file: $YADM_ARCHIVE"
|
||||
else
|
||||
error_out "Unable to write $YADM_ARCHIVE"
|
||||
@ -600,10 +669,12 @@ yadm.auto-alt
|
||||
yadm.auto-perms
|
||||
yadm.auto-private-dirs
|
||||
yadm.cygwin-copy
|
||||
yadm.cypher
|
||||
yadm.git-program
|
||||
yadm.gpg-perms
|
||||
yadm.gpg-program
|
||||
yadm.gpg-recipient
|
||||
yadm.openssl-program
|
||||
yadm.ssh-perms
|
||||
EOF
|
||||
}
|
||||
@ -1041,6 +1112,20 @@ function require_gpg() {
|
||||
command -v "$GPG_PROGRAM" >/dev/null 2>&1 || \
|
||||
error_out "This functionality requires GPG to be installed, but the command '$GPG_PROGRAM' cannot be located.$more_info"
|
||||
}
|
||||
function require_openssl() {
|
||||
local alt_openssl
|
||||
alt_openssl="$(config yadm.openssl-program)"
|
||||
|
||||
local more_info
|
||||
more_info=""
|
||||
|
||||
if [ "$alt_openssl" != "" ] ; then
|
||||
OPENSSL_PROGRAM="$alt_openssl"
|
||||
more_info="\nThis command has been set via the yadm.openssl-program configuration."
|
||||
fi
|
||||
command -v "$OPENSSL_PROGRAM" >/dev/null 2>&1 || \
|
||||
error_out "This functionality requires OpenSSL to be installed, but the command '$OPENSSL_PROGRAM' cannot be located.$more_info"
|
||||
}
|
||||
function require_repo() {
|
||||
[ -d "$YADM_REPO" ] || error_out "Git repo does not exist. did you forget to run 'init' or 'clone'?"
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user