This commit is contained in:
Bob Mottram 2018-02-17 20:20:12 +00:00
commit cd606bad3d
10 changed files with 57 additions and 28 deletions

View File

@ -28,6 +28,6 @@ ssh into the system with:
ssh myusername@mydomain.com -p 2222 ssh myusername@mydomain.com -p 2222
#+END_SRC #+END_SRC
Select *Administrator controls* then *App Settings* then *bdsmail*. It may take a while to install, due to the creation of keys. Select *Administrator controls* then *Add/Remove Apps* then *bdsmail*. It may take a while to install, due to the creation of keys.
After installation if you exit from *Administrator controls* back to the user control panel then select the option to show your email address. You will now have a new bdsmail address which ends with /.b32.i2p/. If you then select *Use Email* to run the Mutt email client you'll notice that you now have a folder called *i2p*. If you select that folder (move up and down with /CTRL+n/ or /CTRL+p/ and open with /CTRL+o/) you can then send email from your new address, or receive mail to it. Just like ordinary email, but with a more random-looking address. After installation exit from *Administrator controls* back to the user control panel then select the option to *show your email address*. You will now have a new bdsmail address which ends with /.b32.i2p/. If you then select *Use Email* to run the Mutt email client you'll notice that you now have a folder called *i2p*. If you select that folder (move up and down with /CTRL+n/ or /CTRL+p/ and open with /CTRL+o/) you can then send email from your new address, or receive mail to it. Just like ordinary email, but with a more random-looking address.

View File

@ -744,6 +744,8 @@ function backup_local_pleroma {
PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain") PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain")
fi fi
systemctl stop pleroma
function_check suspend_site function_check suspend_site
suspend_site ${PLEROMA_DOMAIN_NAME} suspend_site ${PLEROMA_DOMAIN_NAME}
@ -757,6 +759,8 @@ function backup_local_pleroma {
function_check restart_site function_check restart_site
restart_site restart_site
systemctl restart pleroma
} }
function restore_local_pleroma { function restore_local_pleroma {
@ -769,6 +773,8 @@ function restore_local_pleroma {
temp_restore_dir=/root/temppleroma temp_restore_dir=/root/temppleroma
pleroma_dir=$PLEROMA_DIR pleroma_dir=$PLEROMA_DIR
systemctl stop pleroma
PLEROMA_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_pleroma/hostname) PLEROMA_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_pleroma/hostname)
function_check pleroma_create_database function_check pleroma_create_database
pleroma_create_database pleroma_create_database
@ -797,6 +803,8 @@ function backup_remote_pleroma {
PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain") PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain")
fi fi
systemctl stop pleroma
function_check suspend_site function_check suspend_site
suspend_site ${PLEROMA_DOMAIN_NAME} suspend_site ${PLEROMA_DOMAIN_NAME}
@ -810,6 +818,8 @@ function backup_remote_pleroma {
function_check restart_site function_check restart_site
restart_site restart_site
systemctl restart pleroma
} }
function restore_remote_pleroma { function restore_remote_pleroma {
@ -822,6 +832,8 @@ function restore_remote_pleroma {
temp_restore_dir=/root/temppleroma temp_restore_dir=/root/temppleroma
pleroma_dir=$PLEROMA_DIR pleroma_dir=$PLEROMA_DIR
systemctl stop pleroma
PLEROMA_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_pleroma/hostname) PLEROMA_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_pleroma/hostname)
function_check pleroma_create_database function_check pleroma_create_database
pleroma_create_database pleroma_create_database

View File

@ -113,7 +113,6 @@ function backup_users {
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
# Backup any gpg keys # Backup any gpg keys
if [ -d /home/$USERNAME/.gnupg ]; then if [ -d /home/$USERNAME/.gnupg ]; then
echo $"Backing up gpg keys for $USERNAME" echo $"Backing up gpg keys for $USERNAME"
@ -212,6 +211,8 @@ function backup_users {
cp /home/$USERNAME/.procmailrc /home/$USERNAME/tempbackup cp /home/$USERNAME/.procmailrc /home/$USERNAME/tempbackup
backup_directory_to_usb /home/$USERNAME/tempbackup procmail/$USERNAME backup_directory_to_usb /home/$USERNAME/tempbackup procmail/$USERNAME
fi fi
gpg_agent_enable $USERNAME
fi fi
done done
} }
@ -373,6 +374,7 @@ if [[ $1 == "remove" ]]; then
remove_option=$1 remove_option=$1
fi fi
gpg_agent_setup root
backup_mount_drive $1 $2 backup_mount_drive $1 $2
remove_backup_directory $remove_option remove_backup_directory $remove_option
make_backup_directory make_backup_directory

View File

@ -13,7 +13,7 @@
# License # License
# ======= # =======
# #
# Copyright (C) 2015-2016 Bob Mottram <bob@freedombone.net> # Copyright (C) 2015-2018 Bob Mottram <bob@freedombone.net>
# #
# This program is free software: you can redistribute it and/or modify # This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by # it under the terms of the GNU Affero General Public License as published by
@ -157,7 +157,6 @@ function backup_users {
for d in /home/*/ ; do for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}') USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
# personal settings # personal settings
if [ -d /home/$USERNAME/personal ]; then if [ -d /home/$USERNAME/personal ]; then
echo $"Backing up personal settings for $USERNAME" echo $"Backing up personal settings for $USERNAME"
@ -266,6 +265,7 @@ function backup_users {
echo $"Backing up emails for $USERNAME" echo $"Backing up emails for $USERNAME"
backup_directory_to_friend /root/backupemail/$USERNAME mail/$USERNAME backup_directory_to_friend /root/backupemail/$USERNAME mail/$USERNAME
fi fi
gpg_agent_enable $USERNAME
fi fi
done done
} }
@ -430,6 +430,7 @@ if [[ "$1" == "test" ]]; then
TEST_MODE="yes" TEST_MODE="yes"
fi fi
gpg_agent_setup root
backup_configfiles backup_configfiles
if [[ $TEST_MODE == "no" ]]; then if [[ $TEST_MODE == "no" ]]; then
backup_blocklist backup_blocklist

View File

@ -894,6 +894,15 @@ function show_your_email_address {
dialog --title $"Show your Email Address" \ dialog --title $"Show your Email Address" \
--backtitle $"Freedombone User Control Panel" \ --backtitle $"Freedombone User Control Panel" \
--msgbox $"\nYou can press SHIFT and then drag the mouse and right click to copy.\n\nEmail Address: $MY_EMAIL_ADDRESS\n\nKey ID: $GPG_ID\n\nFingerprint: $GPG_FINGERPRINT\n\nCreated: $GPG_DATE\n\nI2P Address: ${bdsmail_address}" 17 90 --msgbox $"\nYou can press SHIFT and then drag the mouse and right click to copy.\n\nEmail Address: $MY_EMAIL_ADDRESS\n\nKey ID: $GPG_ID\n\nFingerprint: $GPG_FINGERPRINT\n\nCreated: $GPG_DATE\n\nI2P Address: ${bdsmail_address}" 17 90
clear
echo ''
echo $'Your bdsmail address as a QR code'
echo ''
echo -n "${bdsmail_address}" | qrencode -t UTF8
echo ''
echo "${bdsmail_address}"
echo ''
any_key
fi fi
} }

View File

@ -956,6 +956,7 @@ backup_mount_drive ${1} ${ADMIN_USERNAME} ${2}
check_backup_exists check_backup_exists
check_admin_user check_admin_user
copy_gpg_keys copy_gpg_keys
gpg_agent_setup root
restore_blocklist restore_blocklist
restore_configfiles restore_configfiles
same_admin_user same_admin_user

View File

@ -857,6 +857,7 @@ function restore_email {
${PROJECT_NAME}-recoverkey -u ${ADMIN_USERNAME} -l $BACKUP_LIST ${PROJECT_NAME}-recoverkey -u ${ADMIN_USERNAME} -l $BACKUP_LIST
copy_gpg_keys copy_gpg_keys
gpg_agent_setup root
restore_blocklist restore_blocklist
restore_configfiles restore_configfiles
restore_passwordstore restore_passwordstore

View File

@ -282,7 +282,7 @@ function backup_database_local_usb {
function backup_directory_to_usb_duplicity { function backup_directory_to_usb_duplicity {
create_backups_temp_directory create_backups_temp_directory
echo "$BACKUP_DUMMY_PASSWORD" | duplicity full --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --encrypt-key $MY_BACKUP_KEY_ID --full-if-older-than 4W --exclude-other-filesystems ${1} file://$USB_MOUNT/backup/${2} echo "$BACKUP_DUMMY_PASSWORD" | duplicity full --use-agent --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --encrypt-key $MY_BACKUP_KEY_ID --full-if-older-than 4W --exclude-other-filesystems ${1} file://$USB_MOUNT/backup/${2}
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
umount $USB_MOUNT umount $USB_MOUNT
rm -rf $USB_MOUNT rm -rf $USB_MOUNT
@ -296,7 +296,7 @@ function backup_directory_to_usb_duplicity {
exit 8352925 exit 8352925
fi fi
if [[ $ENABLE_BACKUP_VERIFICATION == "yes" ]]; then if [[ $ENABLE_BACKUP_VERIFICATION == "yes" ]]; then
echo "$BACKUP_DUMMY_PASSWORD" | duplicity verify --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --encrypt-key $MY_BACKUP_KEY_ID --full-if-older-than 4W --exclude-other-filesystems ${1} file://$USB_MOUNT/backup/${2} echo "$BACKUP_DUMMY_PASSWORD" | duplicity verify --use-agent --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --encrypt-key $MY_BACKUP_KEY_ID --full-if-older-than 4W --exclude-other-filesystems ${1} file://$USB_MOUNT/backup/${2}
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
umount $USB_MOUNT umount $USB_MOUNT
rm -rf $USB_MOUNT rm -rf $USB_MOUNT
@ -412,7 +412,7 @@ function set_user_permissions {
function backup_directory_to_friend_duplicity { function backup_directory_to_friend_duplicity {
create_backups_temp_directory create_backups_temp_directory
echo "$BACKUP_DUMMY_PASSWORD" | duplicity full --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --ssh-askpass --encrypt-key ${ADMIN_BACKUP_KEY_ID} --full-if-older-than 4W --exclude-other-filesystems ${1} $SERVER_DIRECTORY/backup/${2} echo "$BACKUP_DUMMY_PASSWORD" | duplicity full --use-agent --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --ssh-askpass --encrypt-key ${ADMIN_BACKUP_KEY_ID} --full-if-older-than 4W --exclude-other-filesystems ${1} $SERVER_DIRECTORY/backup/${2}
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
if [[ ${1} == "/root/temp"* || ${1} == *"tempbackup" ]]; then if [[ ${1} == "/root/temp"* || ${1} == *"tempbackup" ]]; then
shred -zu ${1}/* shred -zu ${1}/*
@ -424,7 +424,7 @@ function backup_directory_to_friend_duplicity {
exit 5293526 exit 5293526
fi fi
if [[ $ENABLE_BACKUP_VERIFICATION == "yes" ]]; then if [[ $ENABLE_BACKUP_VERIFICATION == "yes" ]]; then
echo "$BACKUP_DUMMY_PASSWORD" | duplicity verify --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --ssh-askpass --encrypt-key ${ADMIN_BACKUP_KEY_ID} --full-if-older-than 4W --exclude-other-filesystems ${1} $SERVER_DIRECTORY/backup/${2} echo "$BACKUP_DUMMY_PASSWORD" | duplicity verify --use-agent --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --ssh-askpass --encrypt-key ${ADMIN_BACKUP_KEY_ID} --full-if-older-than 4W --exclude-other-filesystems ${1} $SERVER_DIRECTORY/backup/${2}
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
if [[ ${1} == "/root/temp"* || ${1} == *"tempbackup" ]]; then if [[ ${1} == "/root/temp"* || ${1} == *"tempbackup" ]]; then
shred -zu ${1}/* shred -zu ${1}/*

View File

@ -228,17 +228,17 @@ function gpg_agent_setup {
echo 'GPG_TTY=$(tty)' >> /root/.bashrc echo 'GPG_TTY=$(tty)' >> /root/.bashrc
echo 'export GPG_TTY' >> /root/.bashrc echo 'export GPG_TTY' >> /root/.bashrc
fi fi
if grep -q '# use-agent' /root/.gnupg/gpg.conf; then
sed -i 's|# use-agent|use-agent|g' /root/.gnupg/gpg.conf
fi
if ! grep -q 'use-agent' /root/.gnupg/gpg.conf; then if ! grep -q 'use-agent' /root/.gnupg/gpg.conf; then
echo 'use-agent' >> /root/.gnupg/gpg.conf echo 'use-agent' >> /root/.gnupg/gpg.conf
fi fi
if ! grep -q 'pinentry-mode loopback' /root/.gnupg/gpg.conf; then echo 'default-cache-ttl 300' > /root/.gnupg/gpg-agent.conf
echo 'pinentry-mode loopback' >> /root/.gnupg/gpg.conf echo 'max-cache-ttl 999999' >> /root/.gnupg/gpg-agent.conf
fi
if [ ! -f /root/.gnupg/gpg-agent.conf ]; then
touch /root/.gnupg/gpg-agent.conf
fi
if ! grep -q 'allow-loopback-pinentry' /root/.gnupg/gpg-agent.conf; then
echo 'allow-loopback-pinentry' >> /root/.gnupg/gpg-agent.conf echo 'allow-loopback-pinentry' >> /root/.gnupg/gpg-agent.conf
if [ -f /root/.gnupg/S.dirmngr ]; then
rm /root/.gnupg/S.dirmngr
fi fi
echo RELOADAGENT | gpg-connect-agent echo RELOADAGENT | gpg-connect-agent
else else
@ -248,17 +248,20 @@ function gpg_agent_setup {
echo 'export GPG_TTY' >> /home/$gpg_username/.bashrc echo 'export GPG_TTY' >> /home/$gpg_username/.bashrc
chown $gpg_username:$gpg_username /home/$gpg_username/.bashrc chown $gpg_username:$gpg_username /home/$gpg_username/.bashrc
fi fi
if grep -q '# use-agent' /home/$gpg_username/.gnupg/gpg.conf; then
sed -i 's|# use-agent|use-agent|g' /home/$gpg_username/.gnupg/gpg.conf
fi
if ! grep -q 'use-agent' /home/$gpg_username/.gnupg/gpg.conf; then if ! grep -q 'use-agent' /home/$gpg_username/.gnupg/gpg.conf; then
echo 'use-agent' >> /home/$gpg_username/.gnupg/gpg.conf echo 'use-agent' >> /home/$gpg_username/.gnupg/gpg.conf
fi fi
if ! grep -q 'pinentry-mode loopback' /home/$gpg_username/.gnupg/gpg.conf; then if ! grep -q 'pinentry-mode loopback' /home/$gpg_username/.gnupg/gpg.conf; then
echo 'pinentry-mode loopback' >> /home/$gpg_username/.gnupg/gpg.conf echo 'pinentry-mode loopback' >> /home/$gpg_username/.gnupg/gpg.conf
fi fi
if [ ! -f /home/$gpg_username/.gnupg/gpg-agent.conf ]; then echo 'default-cache-ttl 300' > /home/$gpg_username/.gnupg/gpg-agent.conf
touch /home/$gpg_username/.gnupg/gpg-agent.conf echo 'max-cache-ttl 999999' >> /home/$gpg_username/.gnupg/gpg-agent.conf
fi
if ! grep -q 'allow-loopback-pinentry' /home/$gpg_username/.gnupg/gpg-agent.conf; then
echo 'allow-loopback-pinentry' >> /home/$gpg_username/.gnupg/gpg-agent.conf echo 'allow-loopback-pinentry' >> /home/$gpg_username/.gnupg/gpg-agent.conf
if [ -f /home/$gpg_username/.gnupg/S.dirmngr ]; then
rm /home/$gpg_username/.gnupg/S.dirmngr
fi fi
if [[ "$gpg_username" != "$USER" ]]; then if [[ "$gpg_username" != "$USER" ]]; then
su -c "echo RELOADAGENT | gpg-connect-agent" - $gpg_username su -c "echo RELOADAGENT | gpg-connect-agent" - $gpg_username

View File

@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head> <head>
<!-- 2018-02-16 Fri 10:42 --> <!-- 2018-02-16 Fri 11:55 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" /> <meta name="viewport" content="width=device-width, initial-scale=1" />
<title>&lrm;</title> <title>&lrm;</title>
@ -256,9 +256,9 @@ BDS Mail (aka "Brain Dead Simple Mail") is an optional addition to the existing
It's unlikely that many people will use this. If it's hard to persuade anyone to use GPG or Enigmail then it will be <i>next to impossible</i> to persuade them to switch to BDS Mail unless they're already obsessive about technical security. However, this provides yet another option for reasonably secure communications if other methods fail or are untrustable. It's unlikely that many people will use this. If it's hard to persuade anyone to use GPG or Enigmail then it will be <i>next to impossible</i> to persuade them to switch to BDS Mail unless they're already obsessive about technical security. However, this provides yet another option for reasonably secure communications if other methods fail or are untrustable.
</p> </p>
<div id="outline-container-org4d1584a" class="outline-2"> <div id="outline-container-org6b531d9" class="outline-2">
<h2 id="org4d1584a">Installation</h2> <h2 id="org6b531d9">Installation</h2>
<div class="outline-text-2" id="text-org4d1584a"> <div class="outline-text-2" id="text-org6b531d9">
<p> <p>
ssh into the system with: ssh into the system with:
</p> </p>
@ -269,11 +269,11 @@ ssh into the system with:
</div> </div>
<p> <p>
Select <b>Administrator controls</b> then <b>App Settings</b> then <b>bdsmail</b>. It may take a while to install, due to the creation of keys. Select <b>Administrator controls</b> then <b>Add/Remove Apps</b> then <b>bdsmail</b>. It may take a while to install, due to the creation of keys.
</p> </p>
<p> <p>
After installation if you exit from <b>Administrator controls</b> back to the user control panel then select the option to show your email address. You will now have a new bdsmail address which ends with <i>.b32.i2p</i>. If you then select <b>Use Email</b> to run the Mutt email client you'll notice that you now have a folder called <b>i2p</b>. If you select that folder (move up and down with <i>CTRL+n</i> or <i>CTRL+p</i> and open with <i>CTRL+o</i>) you can then send email from your new address, or receive mail to it. Just like ordinary email, but with a more random-looking address. After installation exit from <b>Administrator controls</b> back to the user control panel then select the option to <b>show your email address</b>. You will now have a new bdsmail address which ends with <i>.b32.i2p</i>. If you then select <b>Use Email</b> to run the Mutt email client you'll notice that you now have a folder called <b>i2p</b>. If you select that folder (move up and down with <i>CTRL+n</i> or <i>CTRL+p</i> and open with <i>CTRL+o</i>) you can then send email from your new address, or receive mail to it. Just like ordinary email, but with a more random-looking address.
</p> </p>
</div> </div>
</div> </div>