Import keys to root for backup purposes

2014-10-02 15:21:47 +01:00 · 2014-10-02 15:21:47 +01:00 · 09bb9a3c7f
parent 93589120c9
commit 09bb9a3c7f
1 changed files with 24 additions and 6 deletions
--- a/install-freedombone.sh
+++ b/install-freedombone.sh
@ -311,6 +311,21 @@ function create_backup_script {
      MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_USERNAME@$DOMAIN_NAME | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
  fi

+  # make sure that the root user has access to your gpg public key
+  if [ $MY_GPG_PUBLIC_KEY_ID ]; then
+      if [ ! $MY_GPG_PUBLIC_KEY ]; then
+          MY_GPG_PUBLIC_KEY=/tmp/public_key.gpg
+      fi
+      # This is a compromise. backup needs access to things which the user
+      # doesn't have access to, but also needs to be able to encrypt as the user
+      # Perhaps there is some better way to do this.
+      su -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME
+      su -c "gpg --output ~/temp_private_key.txt --armor --export-secret-key $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME
+      gpg --import $MY_GPG_PUBLIC_KEY
+      gpg --allow-secret-key-import --import /home/$MY_USERNAME/temp_private_key.txt
+      shred -zu /home/$MY_USERNAME/temp_private_key.txt
+  fi
+
  echo '#!/bin/bash' > /usr/bin/$BACKUP_SCRIPT_NAME
  echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
  echo 'GPG_KEY=$1' >> /usr/bin/$BACKUP_SCRIPT_NAME
@ -397,9 +412,12 @@ function create_backup_script {
  echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME

  echo 'echo "Cleaning up backup files"' >> /usr/bin/$BACKUP_SCRIPT_NAME
-  echo "duplicity --force cleanup file://$USB_MOUNT/backup" >> /usr/bin/$BACKUP_SCRIPT_NAME
+  echo -n 'duplicity --encrypt-key $GPG_KEY --force cleanup '
+  echo "file://$USB_MOUNT/backup" >> /usr/bin/$BACKUP_SCRIPT_NAME
+
  echo 'echo "Removing old backups"' >> /usr/bin/$BACKUP_SCRIPT_NAME
-  echo "duplicity --force remove-all-but-n-full 2 file://$USB_MOUNT/backup" >> /usr/bin/$BACKUP_SCRIPT_NAME
+  echo -n 'duplicity --encrypt-key $GPG_KEY --force remove-all-but-n-full 2 '
+  echo "file://$USB_MOUNT/backup" >> /usr/bin/$BACKUP_SCRIPT_NAME

  echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
  echo '# Remove temporary files' >> /usr/bin/$BACKUP_SCRIPT_NAME