free
/
freedomboneeee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'stretch' of https://github.com/bashrc/freedombone

This commit is contained in:
Bob Mottram 2018-02-17 20:20:12 +00:00
parent 2784c6bd45 c9a92fd4f7
commit cd606bad3d
10 changed files with 57 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/EN/app_bdsmail.org
View File

@ -28,6 +28,6 @@ ssh into the system with:
ssh myusername@mydomain.com -p 2222
#+END_SRC
Select *Administrator controls* then *App Settings* then *bdsmail*. It may take a while to install, due to the creation of keys.
Select *Administrator controls* then *Add/Remove Apps* then *bdsmail*. It may take a while to install, due to the creation of keys.
After installation if you exit from *Administrator controls* back to the user control panel then select the option to show your email address. You will now have a new bdsmail address which ends with /.b32.i2p/. If you then select *Use Email* to run the Mutt email client you'll notice that you now have a folder called *i2p*. If you select that folder (move up and down with /CTRL+n/ or /CTRL+p/ and open with /CTRL+o/) you can then send email from your new address, or receive mail to it. Just like ordinary email, but with a more random-looking address.
After installation exit from *Administrator controls* back to the user control panel then select the option to *show your email address*. You will now have a new bdsmail address which ends with /.b32.i2p/. If you then select *Use Email* to run the Mutt email client you'll notice that you now have a folder called *i2p*. If you select that folder (move up and down with /CTRL+n/ or /CTRL+p/ and open with /CTRL+o/) you can then send email from your new address, or receive mail to it. Just like ordinary email, but with a more random-looking address.

12
src/freedombone-app-pleroma
View File

@ -744,6 +744,8 @@ function backup_local_pleroma {
PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain")
fi
systemctl stop pleroma
function_check suspend_site
suspend_site ${PLEROMA_DOMAIN_NAME}
@ -757,6 +759,8 @@ function backup_local_pleroma {
function_check restart_site
restart_site
systemctl restart pleroma
}
function restore_local_pleroma {
@ -769,6 +773,8 @@ function restore_local_pleroma {
temp_restore_dir=/root/temppleroma
pleroma_dir=$PLEROMA_DIR
systemctl stop pleroma
PLEROMA_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_pleroma/hostname)
function_check pleroma_create_database
pleroma_create_database
@ -797,6 +803,8 @@ function backup_remote_pleroma {
PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain")
fi
systemctl stop pleroma
function_check suspend_site
suspend_site ${PLEROMA_DOMAIN_NAME}
@ -810,6 +818,8 @@ function backup_remote_pleroma {
function_check restart_site
restart_site
systemctl restart pleroma
}
function restore_remote_pleroma {
@ -822,6 +832,8 @@ function restore_remote_pleroma {
temp_restore_dir=/root/temppleroma
pleroma_dir=$PLEROMA_DIR
systemctl stop pleroma
PLEROMA_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_pleroma/hostname)
function_check pleroma_create_database
pleroma_create_database

4
src/freedombone-backup-local
View File

@ -113,7 +113,6 @@ function backup_users {
for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
# Backup any gpg keys
if [ -d /home/$USERNAME/.gnupg ]; then
echo $"Backing up gpg keys for $USERNAME"
@ -212,6 +211,8 @@ function backup_users {
cp /home/$USERNAME/.procmailrc /home/$USERNAME/tempbackup
backup_directory_to_usb /home/$USERNAME/tempbackup procmail/$USERNAME
fi
gpg_agent_enable $USERNAME
fi
done
}
@ -373,6 +374,7 @@ if [[ $1 == "remove" ]]; then
remove_option=$1
fi
gpg_agent_setup root
backup_mount_drive $1 $2
remove_backup_directory $remove_option
make_backup_directory

5
src/freedombone-backup-remote
View File

@ -13,7 +13,7 @@
# License
# =======
#
# Copyright (C) 2015-2016 Bob Mottram <bob@freedombone.net>
# Copyright (C) 2015-2018 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
@ -157,7 +157,6 @@ function backup_users {
for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
# personal settings
if [ -d /home/$USERNAME/personal ]; then
echo $"Backing up personal settings for $USERNAME"
@ -266,6 +265,7 @@ function backup_users {
echo $"Backing up emails for $USERNAME"
backup_directory_to_friend /root/backupemail/$USERNAME mail/$USERNAME
fi
gpg_agent_enable $USERNAME
fi
done
}
@ -430,6 +430,7 @@ if [[ "$1" == "test" ]]; then
TEST_MODE="yes"
fi
gpg_agent_setup root
backup_configfiles
if [[ $TEST_MODE == "no" ]]; then
backup_blocklist

9
src/freedombone-controlpanel-user
View File

@ -894,6 +894,15 @@ function show_your_email_address {
dialog --title $"Show your Email Address" \
--backtitle $"Freedombone User Control Panel" \
--msgbox $"\nYou can press SHIFT and then drag the mouse and right click to copy.\n\nEmail Address: $MY_EMAIL_ADDRESS\n\nKey ID: $GPG_ID\n\nFingerprint: $GPG_FINGERPRINT\n\nCreated: $GPG_DATE\n\nI2P Address: ${bdsmail_address}" 17 90
clear
echo ''
echo $'Your bdsmail address as a QR code'
echo ''
echo -n "${bdsmail_address}" | qrencode -t UTF8
echo ''
echo "${bdsmail_address}"
echo ''
any_key
fi
}

1
src/freedombone-restore-local
View File

@ -956,6 +956,7 @@ backup_mount_drive ${1} ${ADMIN_USERNAME} ${2}
check_backup_exists
check_admin_user
copy_gpg_keys
gpg_agent_setup root
restore_blocklist
restore_configfiles
same_admin_user

1
src/freedombone-restore-remote
View File

@ -857,6 +857,7 @@ function restore_email {
${PROJECT_NAME}-recoverkey -u ${ADMIN_USERNAME} -l $BACKUP_LIST
copy_gpg_keys
gpg_agent_setup root
restore_blocklist
restore_configfiles
restore_passwordstore

8
src/freedombone-utils-backup
View File

@ -282,7 +282,7 @@ function backup_database_local_usb {
function backup_directory_to_usb_duplicity {
create_backups_temp_directory
echo "$BACKUP_DUMMY_PASSWORD" | duplicity full --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --encrypt-key $MY_BACKUP_KEY_ID --full-if-older-than 4W --exclude-other-filesystems ${1} file://$USB_MOUNT/backup/${2}
echo "$BACKUP_DUMMY_PASSWORD" | duplicity full --use-agent --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --encrypt-key $MY_BACKUP_KEY_ID --full-if-older-than 4W --exclude-other-filesystems ${1} file://$USB_MOUNT/backup/${2}
if [ ! "$?" = "0" ]; then
umount $USB_MOUNT
rm -rf $USB_MOUNT
@ -296,7 +296,7 @@ function backup_directory_to_usb_duplicity {
exit 8352925
fi
if [[ $ENABLE_BACKUP_VERIFICATION == "yes" ]]; then
echo "$BACKUP_DUMMY_PASSWORD" | duplicity verify --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --encrypt-key $MY_BACKUP_KEY_ID --full-if-older-than 4W --exclude-other-filesystems ${1} file://$USB_MOUNT/backup/${2}
echo "$BACKUP_DUMMY_PASSWORD" | duplicity verify --use-agent --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --encrypt-key $MY_BACKUP_KEY_ID --full-if-older-than 4W --exclude-other-filesystems ${1} file://$USB_MOUNT/backup/${2}
if [ ! "$?" = "0" ]; then
umount $USB_MOUNT
rm -rf $USB_MOUNT
@ -412,7 +412,7 @@ function set_user_permissions {
function backup_directory_to_friend_duplicity {
create_backups_temp_directory
echo "$BACKUP_DUMMY_PASSWORD" | duplicity full --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --ssh-askpass --encrypt-key ${ADMIN_BACKUP_KEY_ID} --full-if-older-than 4W --exclude-other-filesystems ${1} $SERVER_DIRECTORY/backup/${2}
echo "$BACKUP_DUMMY_PASSWORD" | duplicity full --use-agent --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --ssh-askpass --encrypt-key ${ADMIN_BACKUP_KEY_ID} --full-if-older-than 4W --exclude-other-filesystems ${1} $SERVER_DIRECTORY/backup/${2}
if [ ! "$?" = "0" ]; then
if [[ ${1} == "/root/temp"* || ${1} == *"tempbackup" ]]; then
shred -zu ${1}/*
@ -424,7 +424,7 @@ function backup_directory_to_friend_duplicity {
exit 5293526
fi
if [[ $ENABLE_BACKUP_VERIFICATION == "yes" ]]; then
echo "$BACKUP_DUMMY_PASSWORD" | duplicity verify --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --ssh-askpass --encrypt-key ${ADMIN_BACKUP_KEY_ID} --full-if-older-than 4W --exclude-other-filesystems ${1} $SERVER_DIRECTORY/backup/${2}
echo "$BACKUP_DUMMY_PASSWORD" | duplicity verify --use-agent --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --ssh-askpass --encrypt-key ${ADMIN_BACKUP_KEY_ID} --full-if-older-than 4W --exclude-other-filesystems ${1} $SERVER_DIRECTORY/backup/${2}
if [ ! "$?" = "0" ]; then
if [[ ${1} == "/root/temp"* || ${1} == *"tempbackup" ]]; then
shred -zu ${1}/*

29
src/freedombone-utils-gpg
View File

@ -228,17 +228,17 @@ function gpg_agent_setup {
echo 'GPG_TTY=$(tty)' >> /root/.bashrc
echo 'export GPG_TTY' >> /root/.bashrc
fi
if grep -q '# use-agent' /root/.gnupg/gpg.conf; then
sed -i 's|# use-agent|use-agent|g' /root/.gnupg/gpg.conf
fi
if ! grep -q 'use-agent' /root/.gnupg/gpg.conf; then
echo 'use-agent' >> /root/.gnupg/gpg.conf
fi
if ! grep -q 'pinentry-mode loopback' /root/.gnupg/gpg.conf; then
echo 'pinentry-mode loopback' >> /root/.gnupg/gpg.conf
fi
if [ ! -f /root/.gnupg/gpg-agent.conf ]; then
touch /root/.gnupg/gpg-agent.conf
fi
if ! grep -q 'allow-loopback-pinentry' /root/.gnupg/gpg-agent.conf; then
echo 'allow-loopback-pinentry' >> /root/.gnupg/gpg-agent.conf
echo 'default-cache-ttl 300' > /root/.gnupg/gpg-agent.conf
echo 'max-cache-ttl 999999' >> /root/.gnupg/gpg-agent.conf
echo 'allow-loopback-pinentry' >> /root/.gnupg/gpg-agent.conf
if [ -f /root/.gnupg/S.dirmngr ]; then
rm /root/.gnupg/S.dirmngr
fi
echo RELOADAGENT | gpg-connect-agent
else
@ -248,17 +248,20 @@ function gpg_agent_setup {
echo 'export GPG_TTY' >> /home/$gpg_username/.bashrc
chown $gpg_username:$gpg_username /home/$gpg_username/.bashrc
fi
if grep -q '# use-agent' /home/$gpg_username/.gnupg/gpg.conf; then
sed -i 's|# use-agent|use-agent|g' /home/$gpg_username/.gnupg/gpg.conf
fi
if ! grep -q 'use-agent' /home/$gpg_username/.gnupg/gpg.conf; then
echo 'use-agent' >> /home/$gpg_username/.gnupg/gpg.conf
fi
if ! grep -q 'pinentry-mode loopback' /home/$gpg_username/.gnupg/gpg.conf; then
echo 'pinentry-mode loopback' >> /home/$gpg_username/.gnupg/gpg.conf
fi
if [ ! -f /home/$gpg_username/.gnupg/gpg-agent.conf ]; then
touch /home/$gpg_username/.gnupg/gpg-agent.conf
fi
if ! grep -q 'allow-loopback-pinentry' /home/$gpg_username/.gnupg/gpg-agent.conf; then
echo 'allow-loopback-pinentry' >> /home/$gpg_username/.gnupg/gpg-agent.conf
echo 'default-cache-ttl 300' > /home/$gpg_username/.gnupg/gpg-agent.conf
echo 'max-cache-ttl 999999' >> /home/$gpg_username/.gnupg/gpg-agent.conf
echo 'allow-loopback-pinentry' >> /home/$gpg_username/.gnupg/gpg-agent.conf
if [ -f /home/$gpg_username/.gnupg/S.dirmngr ]; then
rm /home/$gpg_username/.gnupg/S.dirmngr
fi
if [[ "$gpg_username" != "$USER" ]]; then
su -c "echo RELOADAGENT | gpg-connect-agent" - $gpg_username

12
website/EN/app_bdsmail.html
View File

@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2018-02-16 Fri 10:42 -->
<!-- 2018-02-16 Fri 11:55 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>&lrm;</title>
@ -256,9 +256,9 @@ BDS Mail (aka "Brain Dead Simple Mail") is an optional addition to the existing
It's unlikely that many people will use this. If it's hard to persuade anyone to use GPG or Enigmail then it will be <i>next to impossible</i> to persuade them to switch to BDS Mail unless they're already obsessive about technical security. However, this provides yet another option for reasonably secure communications if other methods fail or are untrustable.
</p>
<div id="outline-container-org4d1584a" class="outline-2">
<h2 id="org4d1584a">Installation</h2>
<div class="outline-text-2" id="text-org4d1584a">
<div id="outline-container-org6b531d9" class="outline-2">
<h2 id="org6b531d9">Installation</h2>
<div class="outline-text-2" id="text-org6b531d9">
<p>
ssh into the system with:
</p>
@ -269,11 +269,11 @@ ssh into the system with:
</div>
<p>
Select <b>Administrator controls</b> then <b>App Settings</b> then <b>bdsmail</b>. It may take a while to install, due to the creation of keys.
Select <b>Administrator controls</b> then <b>Add/Remove Apps</b> then <b>bdsmail</b>. It may take a while to install, due to the creation of keys.
</p>
<p>
After installation if you exit from <b>Administrator controls</b> back to the user control panel then select the option to show your email address. You will now have a new bdsmail address which ends with <i>.b32.i2p</i>. If you then select <b>Use Email</b> to run the Mutt email client you'll notice that you now have a folder called <b>i2p</b>. If you select that folder (move up and down with <i>CTRL+n</i> or <i>CTRL+p</i> and open with <i>CTRL+o</i>) you can then send email from your new address, or receive mail to it. Just like ordinary email, but with a more random-looking address.
After installation exit from <b>Administrator controls</b> back to the user control panel then select the option to <b>show your email address</b>. You will now have a new bdsmail address which ends with <i>.b32.i2p</i>. If you then select <b>Use Email</b> to run the Mutt email client you'll notice that you now have a folder called <b>i2p</b>. If you select that folder (move up and down with <i>CTRL+n</i> or <i>CTRL+p</i> and open with <i>CTRL+o</i>) you can then send email from your new address, or receive mail to it. Just like ordinary email, but with a more random-looking address.
</p>
</div>
</div>