Archives/TheLocehiliosan_yadm
1
0
Fork 0
mirror of https://github.com/TheLocehiliosan/yadm synced 2024-10-27 20:34:27 +00:00
Code Issues Releases Wiki Activity

Initial support for alternative cyphers.

Browse Source 
This patch implements an OpenSSL cypher (via openssl enc command). It has to be enabled using yadm.cypher configuration key.

Some rough edges:
- archive file refers to GPG (.gpg extension)
- no test cases
This commit is contained in:
Luis López 2019-01-09 12:05:06 +01:00 committed by Tim Byrne
parent 09a018ea5a
commit baaeb88628
No known key found for this signature in database
GPG Key ID: 14DB4FC2465A4B12
1 changed files with 99 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

127
yadm
View File

@ -34,6 +34,7 @@ HOOK_COMMAND=""
FULL_COMMAND="" FULL_COMMAND=""
GPG_PROGRAM="gpg" GPG_PROGRAM="gpg"
OPENSSL_PROGRAM="openssl"
GIT_PROGRAM="git" GIT_PROGRAM="git"
ENVTPL_PROGRAM="envtpl" ENVTPL_PROGRAM="envtpl"
LSB_RELEASE_PROGRAM="lsb_release" LSB_RELEASE_PROGRAM="lsb_release"
@ -388,37 +389,52 @@ EOF
} }
function decrypt() { function _decrypt_from() {
local output_archive
output_archive="$1"
local yadm_crypher
yadm_crypher="$(config yadm.cypher)"
if [ -z "$yadm_crypher" ]; then
yadm_crypher="gpg"
fi
case "$yadm_crypher" in
gpg)
require_gpg require_gpg
require_archive
YADM_WORK=$(unix_path "$("$GIT_PROGRAM" config core.worktree)") $GPG_PROGRAM -d "$output_archive"
;;
if [ "$DO_LIST" = "YES" ] ; then openssl)
tar_option="t" require_openssl
else
tar_option="x"
fi
#; decrypt the archive $OPENSSL_PROGRAM enc -d -aes256 -in "$output_archive"
if ($GPG_PROGRAM -d "$YADM_ARCHIVE" || echo 1) | tar v${tar_option}f - -C "$YADM_WORK"; then ;;
[ ! "$DO_LIST" = "YES" ] && echo "All files decrypted."
else
error_out "Unable to extract encrypted files."
fi
CHANGES_POSSIBLE=1 *)
error_out "Unknown cypher '$yadm_crypher'"
;;
esac
} }
function encrypt() { function _encrypt_to() {
local output_archive
output_archive="$1"
local yadm_crypher
yadm_crypher="$(config yadm.cypher)"
if [ -z "$yadm_crypher" ]; then
yadm_crypher="gpg"
fi
case "$yadm_crypher" in
gpg)
require_gpg require_gpg
require_encrypt
parse_encrypt
cd_work "Encryption" || return
#; Build gpg options for gpg #; Build gpg options for gpg
GPG_KEY="$(config yadm.gpg-recipient)" GPG_KEY="$(config yadm.gpg-recipient)"
@ -430,13 +446,66 @@ function encrypt() {
GPG_OPTS=("-c") GPG_OPTS=("-c")
fi fi
$GPG_PROGRAM --yes "${GPG_OPTS[@]}" --output "$output_archive"
;;
openssl)
require_openssl
#; Build openssl options for openssl
OPENSSL_CIPHERNAME="$(config yadm.openssl-ciphername)"
if [ -z "$OPENSSL_CIPHERNAME" ]; then
OPENSSL_CIPHERNAME="aes256"
fi
$OPENSSL_PROGRAM enc -"$OPENSSL_CIPHERNAME" -e -out "$output_archive"
;;
*)
error_out "Unknown cypher '$yadm_crypher'"
;;
esac
}
function decrypt() {
require_archive
YADM_WORK=$(unix_path "$("$GIT_PROGRAM" config core.worktree)")
if [ "$DO_LIST" = "YES" ] ; then
tar_option="t"
else
tar_option="x"
fi
#; decrypt the archive
if (_decrypt_from "$YADM_ARCHIVE" || echo 1) | tar v${tar_option}f - -C "$YADM_WORK"; then
[ ! "$DO_LIST" = "YES" ] && echo "All files decrypted."
else
error_out "Unable to extract encrypted files."
fi
CHANGES_POSSIBLE=1
}
function encrypt() {
require_encrypt
parse_encrypt
cd_work "Encryption" || return
#; report which files will be encrypted #; report which files will be encrypted
echo "Encrypting the following files:" echo "Encrypting the following files:"
printf '%s\n' "${ENCRYPT_INCLUDE_FILES[@]}" printf '%s\n' "${ENCRYPT_INCLUDE_FILES[@]}"
echo echo
#; encrypt all files which match the globs #; encrypt all files which match the globs
if tar -f - -c "${ENCRYPT_INCLUDE_FILES[@]}" | $GPG_PROGRAM --yes "${GPG_OPTS[@]}" --output "$YADM_ARCHIVE"; then if tar -f - -c "${ENCRYPT_INCLUDE_FILES[@]}" | _encrypt_to "$YADM_ARCHIVE"; then
echo "Wrote new file: $YADM_ARCHIVE" echo "Wrote new file: $YADM_ARCHIVE"
else else
error_out "Unable to write $YADM_ARCHIVE" error_out "Unable to write $YADM_ARCHIVE"
@ -600,10 +669,12 @@ yadm.auto-alt
yadm.auto-perms yadm.auto-perms
yadm.auto-private-dirs yadm.auto-private-dirs
yadm.cygwin-copy yadm.cygwin-copy
yadm.cypher
yadm.git-program yadm.git-program
yadm.gpg-perms yadm.gpg-perms
yadm.gpg-program yadm.gpg-program
yadm.gpg-recipient yadm.gpg-recipient
yadm.openssl-program
yadm.ssh-perms yadm.ssh-perms
EOF EOF
} }
@ -1041,6 +1112,20 @@ function require_gpg() {
command -v "$GPG_PROGRAM" >/dev/null 2>&1 || \ command -v "$GPG_PROGRAM" >/dev/null 2>&1 || \
error_out "This functionality requires GPG to be installed, but the command '$GPG_PROGRAM' cannot be located.$more_info" error_out "This functionality requires GPG to be installed, but the command '$GPG_PROGRAM' cannot be located.$more_info"
} }
function require_openssl() {
local alt_openssl
alt_openssl="$(config yadm.openssl-program)"
local more_info
more_info=""
if [ "$alt_openssl" != "" ] ; then
OPENSSL_PROGRAM="$alt_openssl"
more_info="\nThis command has been set via the yadm.openssl-program configuration."
fi
command -v "$OPENSSL_PROGRAM" >/dev/null 2>&1 || \
error_out "This functionality requires OpenSSL to be installed, but the command '$OPENSSL_PROGRAM' cannot be located.$more_info"
}
function require_repo() { function require_repo() {
[ -d "$YADM_REPO" ] || error_out "Git repo does not exist. did you forget to run 'init' or 'clone'?" [ -d "$YADM_REPO" ] || error_out "Git repo does not exist. did you forget to run 'init' or 'clone'?"
} }