From de13a2940cb3195e290838f5d546b4273088003b Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Wed, 13 Jun 2018 11:21:59 +0100 Subject: [PATCH] Don't shred In most cases we're writing to a microSSD or SSD, so shredding doesn't make sense --- src/freedombone-adduser | 2 +- src/freedombone-app-tahoelafs | 4 ++-- src/freedombone-app-tox | 3 +-- src/freedombone-app-vpn | 4 ++-- src/freedombone-backup-remote | 2 +- src/freedombone-base-email | 4 ++-- src/freedombone-clientcert | 2 +- src/freedombone-config | 2 +- src/freedombone-image-customise | 2 +- src/freedombone-image-make | 2 +- src/freedombone-image-mesh | 25 ++++++++++++------------- src/freedombone-logging | 3 --- src/freedombone-pass | 3 +-- src/freedombone-recoverkey | 4 ++-- src/freedombone-renew-cert | 2 +- src/freedombone-repair-database | 2 +- src/freedombone-rmuser | 4 ++-- src/freedombone-splitkey | 16 ++++++++-------- src/freedombone-utils-backup | 22 +++++++--------------- src/freedombone-utils-database | 8 ++++---- src/freedombone-utils-gpg | 6 +++--- src/freedombone-utils-onion | 2 -- src/freedombone-utils-postgresql | 2 +- 23 files changed, 55 insertions(+), 71 deletions(-) diff --git a/src/freedombone-adduser b/src/freedombone-adduser index a6e7facb..c36391c3 100755 --- a/src/freedombone-adduser +++ b/src/freedombone-adduser @@ -142,7 +142,7 @@ chmod 600 "/home/$ADD_USERNAME/.gnupg/"* chown "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/gpg-genkey.conf" su -m root -c "gpg --homedir /home/$ADD_USERNAME/.gnupg --batch --full-gen-key /home/$ADD_USERNAME/gpg-genkey.conf" - "$ADD_USERNAME" chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.gnupg" -shred -zu "/home/$ADD_USERNAME/gpg-genkey.conf" +rm "/home/$ADD_USERNAME/gpg-genkey.conf" MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$ADD_USERNAME" "$ADD_USERNAME@$HOSTNAME") MY_GPG_PUBLIC_KEY="/home/$ADD_USERNAME/public_key.gpg" su -m root -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - "$ADD_USERNAME" diff --git a/src/freedombone-app-tahoelafs b/src/freedombone-app-tahoelafs index 164ed162..567a1b87 100755 --- a/src/freedombone-app-tahoelafs +++ b/src/freedombone-app-tahoelafs @@ -368,7 +368,7 @@ function restore_remote_tahoelafs { function reconfigure_tahoelafs { if [ -f $tahoelafs_storage_file ]; then - shred -zu $tahoelafs_storage_file + rm $tahoelafs_storage_file fi sed -i '/HidServAuth /d' /etc/tor/torrc } @@ -413,7 +413,7 @@ function remove_tahoelafs { fi remove_app tahoelafs if [ -f /etc/nginx/.htpasswd-tahoelafs ]; then - shred -zu /etc/nginx/.htpasswd-tahoelafs + rm /etc/nginx/.htpasswd-tahoelafs fi onion_update } diff --git a/src/freedombone-app-tox b/src/freedombone-app-tox index deca39e4..9fb0effa 100755 --- a/src/freedombone-app-tox +++ b/src/freedombone-app-tox @@ -74,10 +74,9 @@ function remove_user_tox { if [ -d "/home/$remove_username/.config/tox" ]; then if [ -d "/home/$remove_username/.config/tox/chatlogs" ]; then - shred -zu "/home/$remove_username/.config/tox/chatlogs/"* rm -rf "/home/$remove_username/.config/tox/chatlogs" fi - shred -zu "/home/$remove_username/.config/tox/"* + rm "/home/$remove_username/.config/tox/"* fi } diff --git a/src/freedombone-app-vpn b/src/freedombone-app-vpn index 87945991..10373717 100755 --- a/src/freedombone-app-vpn +++ b/src/freedombone-app-vpn @@ -351,7 +351,7 @@ function remove_vpn { for d in /home/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $3}') if [ -f "/home/$USERNAME/$OPENVPN_KEY_FILENAME" ]; then - shred -zu "/home/$USERNAME/$OPENVPN_KEY_FILENAME" + rm "/home/$USERNAME/$OPENVPN_KEY_FILENAME" fi rm "/home/$USERNAME/stunnel*" done @@ -448,7 +448,7 @@ function create_user_vpn_key { #rm /etc/openvpn/easy-rsa/keys/$username.crt #rm /etc/openvpn/easy-rsa/keys/$username.csr - shred -zu "/etc/openvpn/easy-rsa/keys/$username.key" + rm "/etc/openvpn/easy-rsa/keys/$username.key" echo $"VPN key created at $user_vpn_cert_file" } diff --git a/src/freedombone-backup-remote b/src/freedombone-backup-remote index eeb75f18..7997990c 100755 --- a/src/freedombone-backup-remote +++ b/src/freedombone-backup-remote @@ -419,7 +419,7 @@ function disperse_key_shares { fi # remove the temp file/directory - shred -zu "$temp_key_share_fragments/"* + rm "$temp_key_share_fragments/"* rm -rf "$temp_key_share_dir" fi fi diff --git a/src/freedombone-base-email b/src/freedombone-base-email index 735bef34..84fbffdf 100755 --- a/src/freedombone-base-email +++ b/src/freedombone-base-email @@ -1473,7 +1473,7 @@ function create_gpg_subkey { su -m root -c "gpg --homedir /home/$MY_USERNAME/.gnupg --batch --full-gen-key /home/$MY_USERNAME/gpg-genkey.conf" - "$MY_USERNAME" chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.gnupg" - shred -zu "/home/$MY_USERNAME/gpg-genkey.conf" + rm "/home/$MY_USERNAME/gpg-genkey.conf" # shellcheck disable=SC2034 MY_GPG_SUBKEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS") @@ -1596,7 +1596,7 @@ function configure_gpg { fi # for security ensure that the private key file doesn't linger around - shred -zu $MY_GPG_PRIVATE_KEY + rm $MY_GPG_PRIVATE_KEY MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS") if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then echo $'GPG public key ID could not be obtained' diff --git a/src/freedombone-clientcert b/src/freedombone-clientcert index 051df90e..581af9ab 100755 --- a/src/freedombone-clientcert +++ b/src/freedombone-clientcert @@ -162,7 +162,7 @@ chmod -R 755 "/home/$USERNAME/emailcert" chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/emailcert" chmod +x "/home/$USERNAME/emailcert/install.sh" -shred -zu "/etc/ssl/requests/$USERNAME.csr" +rm "/etc/ssl/requests/$USERNAME.csr" echo $'Email authentication certificate created. You can obtain it on the client with:' echo '' diff --git a/src/freedombone-config b/src/freedombone-config index 9af5e4b3..dafe908a 100755 --- a/src/freedombone-config +++ b/src/freedombone-config @@ -986,7 +986,7 @@ function interactive_config { # delete the temporary configuration file if [ -f temp.cfg ]; then - shred -zu temp.cfg + rm temp.cfg fi # This file indicates that the configuration happened successfully diff --git a/src/freedombone-image-customise b/src/freedombone-image-customise index 2d10ce61..d0abf060 100755 --- a/src/freedombone-image-customise +++ b/src/freedombone-image-customise @@ -423,7 +423,7 @@ EOF echo ' rm /root/.initial_setup'; echo ' rm /home/fbone/.initial_setup'; echo " touch /root/.remove_${GENERIC_IMAGE_USERNAME}"; - echo ' shred -zu ~/login.txt'; } >> "$rootdir/root/.bashrc" + echo ' rm ~/login.txt'; } >> "$rootdir/root/.bashrc" if [[ "$VARIANT" != "mesh"* && "$VARIANT" != "usb" ]]; then { echo " SSH_ONION_HOSTNAME=\$(cat /var/lib/tor/hidden_service_ssh/hostname)"; diff --git a/src/freedombone-image-make b/src/freedombone-image-make index a78ffc90..d0272e41 100755 --- a/src/freedombone-image-make +++ b/src/freedombone-image-make @@ -276,4 +276,4 @@ sudo -H \ $pkgopts echo $'Removing customised customisation script' -sudo shred -zu $TEMP_CUSTOMISE +sudo rm $TEMP_CUSTOMISE diff --git a/src/freedombone-image-mesh b/src/freedombone-image-mesh index 5e30257b..f5535300 100755 --- a/src/freedombone-image-mesh +++ b/src/freedombone-image-mesh @@ -870,10 +870,10 @@ function mesh_amnesic { echo "MY_USERNAME=\$1"; echo 'tomb slam all'; echo "if [ -f /home/${MY_USERNAME}/.bash_history ]; then"; - echo " shred -zu /home/${MY_USERNAME}/.bash_history"; + echo " rm /home/${MY_USERNAME}/.bash_history"; echo 'fi'; echo "if [ -f /home/${MY_USERNAME}/.xsession-errors ]; then"; - echo " shred -zu /home/${MY_USERNAME}/.xsession-errors"; + echo " rm /home/${MY_USERNAME}/.xsession-errors"; echo 'fi'; echo ''; echo 'exit 0'; } > /usr/bin/amnesic @@ -944,7 +944,7 @@ function setup_amnesic_data { # clear crypttab if [ -f /etc/crypttab ]; then - shred -zu /etc/crypttab + rm /etc/crypttab touch /etc/crypttab fi @@ -977,7 +977,6 @@ function setup_amnesic_data { fi fi if [ -d /var/lib/tox-bootstrapd ]; then - shred -zu /var/lib/tox-bootstrapd/* rm -rf /var/lib/tox-bootstrapd fi ln -s /media/${tomb_name} /var/lib/tox-bootstrapd @@ -1018,7 +1017,7 @@ function setup_ipfs { su -c "systemctl --user enable ipfs" - $MY_USERNAME if [ -f $CURRENT_BLOG_INDEX ]; then - shred -zu $CURRENT_BLOG_INDEX + rm $CURRENT_BLOG_INDEX fi if [ -d /home/$MY_USERNAME/Public ]; then @@ -1027,11 +1026,11 @@ function setup_ipfs { fi if [ -d /home/$MY_USERNAME/CreateBlog/content/images ]; then - shred -zu /home/$MY_USERNAME/CreateBlog/content/images/* + rm /home/$MY_USERNAME/CreateBlog/content/images/* fi if [ -d /home/$MY_USERNAME/CreateBlog/content ]; then - shred -zu /home/$MY_USERNAME/CreateBlog/content/* + rm /home/$MY_USERNAME/CreateBlog/content/* if grep -q "THEME=" /home/$MY_USERNAME/CreateBlog/pelicanconf.py; then sed -i "s|THEME=.*|THEME='themes/nice-blog'|g" /home/$MY_USERNAME/CreateBlog/pelicanconf.py else @@ -1040,7 +1039,7 @@ function setup_ipfs { fi if [ -d /home/$MY_USERNAME/.ipfs ]; then - shred -zu /home/$MY_USERNAME/.ipfs/config + rm /home/$MY_USERNAME/.ipfs/config rm -rf /home/$MY_USERNAME/.ipfs su -c "systemctl --user restart ipfs" - $MY_USERNAME else @@ -1048,19 +1047,19 @@ function setup_ipfs { fi if [ -f /home/$MY_USERNAME/.blog-index ]; then - shred -zu /home/$MY_USERNAME/.blog-index + rm /home/$MY_USERNAME/.blog-index fi if [ -f /home/$MY_USERNAME/.blog-theme-index ]; then - shred -zu /home/$MY_USERNAME/.blog-theme-index + rm /home/$MY_USERNAME/.blog-theme-index fi if [ -f /home/$MY_USERNAME/.ipfs-id ]; then - shred -zu /home/$MY_USERNAME/.ipfs-id + rm /home/$MY_USERNAME/.ipfs-id fi if [ -f /home/$MY_USERNAME/.ipfs-public ]; then - shred -zu /home/$MY_USERNAME/.ipfs-public + rm /home/$MY_USERNAME/.ipfs-public fi chmod 755 $IPFS_COMMAND @@ -1204,7 +1203,7 @@ function create_user_vpn_key { #rm /etc/openvpn/easy-rsa/keys/$username.crt #rm /etc/openvpn/easy-rsa/keys/$username.csr - shred -zu "/etc/openvpn/easy-rsa/keys/$username.key" + rm "/etc/openvpn/easy-rsa/keys/$username.key" echo $"VPN key created at $user_vpn_cert_file" >> "/var/log/${PROJECT_NAME}.log" } diff --git a/src/freedombone-logging b/src/freedombone-logging index bb32adce..66a642d7 100755 --- a/src/freedombone-logging +++ b/src/freedombone-logging @@ -33,9 +33,6 @@ export TEXTDOMAINDIR="/usr/share/locale" WEBSERVER_LOG_LEVEL='warn' -# Shredding could be used here, but especially on microSD -# or SSD it's debatable how useful shredding really is. -# Also the shred command can be very slow on Beaglebone Black REMOVE_FILES_COMMAND='rm -rf' source /usr/local/bin/${PROJECT_NAME}-vars diff --git a/src/freedombone-pass b/src/freedombone-pass index eac4a7b1..73395bbb 100755 --- a/src/freedombone-pass +++ b/src/freedombone-pass @@ -139,7 +139,6 @@ function clear_passwords { for d in /root/.passwords/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $4}') if [[ "$USERNAME" != 'root' ]]; then - shred -zu "/root/.passwords/$USERNAME/"* rm -rf "/root/.passwords/$USERNAME" fi done @@ -287,7 +286,7 @@ fi if [ "${REMOVE_APP}" ]; then if [ -d "${HOME}/.passwords/${CURR_USERNAME}/${REMOVE_APP}" ]; then - shred -zu "${HOME}/.passwords/${CURR_USERNAME}/${REMOVE_APP}" + rm "${HOME}/.passwords/${CURR_USERNAME}/${REMOVE_APP}" fi exit 0 fi diff --git a/src/freedombone-recoverkey b/src/freedombone-recoverkey index facbc69a..8e3c1f81 100755 --- a/src/freedombone-recoverkey +++ b/src/freedombone-recoverkey @@ -165,10 +165,10 @@ echo $'Key fragments recombined' # import the gpg key if ! gpg --homedir="/home/$MY_USERNAME/.gnupg" --allow-secret-key-import --import "$KEYS_FILE"; then echo $'Unable to import gpg key' - shred -zu "$KEYS_FILE" + rm "$KEYS_FILE" exit 3682 fi -shred -zu "$KEYS_FILE" +rm "$KEYS_FILE" chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.gnupg" chmod -R 600 "/home/$MY_USERNAME/.gnupg" diff --git a/src/freedombone-renew-cert b/src/freedombone-renew-cert index b2a92c90..af3a43b4 100755 --- a/src/freedombone-renew-cert +++ b/src/freedombone-renew-cert @@ -100,7 +100,7 @@ function renew_startssl { # remove the password from the private cert openssl rsa -in /etc/ssl/private/$HOSTNAME.key -out /etc/ssl/private/$HOSTNAME.new.key cp /etc/ssl/private/$HOSTNAME.new.key /etc/ssl/private/$HOSTNAME.key - shred -zu /etc/ssl/private/$HOSTNAME.new.key + rm /etc/ssl/private/$HOSTNAME.new.key # bundle the cert cat /etc/ssl/certs/$HOSTNAME.crt /etc/ssl/chains/startssl-sub.class1.server.ca.pem > /etc/ssl/certs/$HOSTNAME.bundle.crt diff --git a/src/freedombone-repair-database b/src/freedombone-repair-database index 99274ba5..615d3341 100755 --- a/src/freedombone-repair-database +++ b/src/freedombone-repair-database @@ -50,7 +50,7 @@ if [ -f $DATABASE_PASSWORD_FILE ]; then ${PROJECT_NAME}-pass -u root -a mariadb -p "$MARIADB_PASSWORD" stored_password=$(${PROJECT_NAME}-pass -u root -a mariadb) if [[ "$stored_password" == "$MARIADB_PASSWORD" ]]; then - shred -zu $DATABASE_PASSWORD_FILE + rm $DATABASE_PASSWORD_FILE fi fi diff --git a/src/freedombone-rmuser b/src/freedombone-rmuser index f9e3abc4..c6c4160a 100755 --- a/src/freedombone-rmuser +++ b/src/freedombone-rmuser @@ -110,12 +110,12 @@ fi # remove gpg keys if [ -d "/home/$REMOVE_USERNAME/.gnupg" ]; then - shred -zu "/home/$REMOVE_USERNAME/.gnupg/"* + rm "/home/$REMOVE_USERNAME/.gnupg/"* fi # remove ssh keys if [ -d "/home/$REMOVE_USERNAME/.ssh" ]; then - shred -zu "/home/$REMOVE_USERNAME/.ssh/"* + rm "/home/$REMOVE_USERNAME/.ssh/"* fi echo $'Detecting installed apps...' diff --git a/src/freedombone-splitkey b/src/freedombone-splitkey index 5ef37f57..7bec25fc 100755 --- a/src/freedombone-splitkey +++ b/src/freedombone-splitkey @@ -155,7 +155,7 @@ if [ ! "$?" = "0" ]; then fi if ! gpg --output "$FRAGMENTS_DIR/backup_pubkey.txt" \ --armor --export "$MY_BACKUP_KEY_ID"; then - shred -zu "$FRAGMENTS_DIR/privkey.txt" + rm "$FRAGMENTS_DIR/privkey.txt" echo $"Unable to extract backup public key for $MY_BACKUP_KEY_ID" exit 62928 fi @@ -163,7 +163,7 @@ echo "$BACKUP_DUMMY_PASSWORD" | \ if ! gpg --output "$FRAGMENTS_DIR/backup_privkey.txt" \ --batch --passphrase-fd 0 \ --armor --export-secret-key "$MY_BACKUP_KEY_ID"; then - shred -zu "$FRAGMENTS_DIR/privkey.txt" + rm "$FRAGMENTS_DIR/privkey.txt" echo $"Unable to extract backup private key for $MY_BACKUP_KEY_ID" exit 13783 fi @@ -176,21 +176,21 @@ cat "$FRAGMENTS_DIR/pubkey.txt" \ "$FRAGMENTS_DIR/privkey.txt" \ "$FRAGMENTS_DIR/backup_pubkey.txt" \ "$FRAGMENTS_DIR/backup_privkey.txt" > "$KEYS_FILE" -shred -zu "$FRAGMENTS_DIR/privkey.txt" -shred -zu "$FRAGMENTS_DIR/pubkey.txt" -shred -zu "$FRAGMENTS_DIR/backup_privkey.txt" -shred -zu "$FRAGMENTS_DIR/backup_pubkey.txt" +rm "$FRAGMENTS_DIR/privkey.txt" +rm "$FRAGMENTS_DIR/pubkey.txt" +rm "$FRAGMENTS_DIR/backup_privkey.txt" +rm "$FRAGMENTS_DIR/backup_pubkey.txt" KEY_SHARES=$((KEY_FRAGMENTS * 2)) if ! gfsplit -n "$KEY_FRAGMENTS" -m $KEY_SHARES "$KEYS_FILE"; then echo $"Unable to split the gpg key" rm -rf "$FRAGMENTS_DIR" if [ -f "$KEYS_FILE" ]; then - shred -zu "$KEYS_FILE" + rm "$KEYS_FILE" fi exit 63028 fi -shred -zu "$KEYS_FILE" +rm "$KEYS_FILE" # set permissions chown -R "$MY_USERNAME":"$MY_USERNAME" "$FRAGMENTS_DIR" diff --git a/src/freedombone-utils-backup b/src/freedombone-utils-backup index 96b93ab9..63fa1f9b 100755 --- a/src/freedombone-utils-backup +++ b/src/freedombone-utils-backup @@ -97,7 +97,7 @@ function configure_backup_key { su -m root -c "gpg --homedir /home/$MY_USERNAME/.gnupg --batch --full-gen-key /home/$MY_USERNAME/gpg-genkey.conf" - "$MY_USERNAME" chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.gnupg" - shred -zu "/home/$MY_USERNAME/gpg-genkey.conf" + rm "/home/$MY_USERNAME/gpg-genkey.conf" echo $'Checking that the Backup key was created' BACKUP_KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_NAME (backup key)") if [[ $BACKUP_KEY_EXISTS == "no" ]]; then @@ -127,8 +127,8 @@ function configure_backup_key { gpg --import --import "${MY_BACKUP_KEY}_public.asc" echo "$BACKUP_DUMMY_PASSWORD" | gpg --batch --passphrase-fd 0 --allow-secret-key-import --import "${MY_BACKUP_KEY}_private.asc" - shred -zu "${MY_BACKUP_KEY}_public.asc" - shred -zu "${MY_BACKUP_KEY}_private.asc" + rm "${MY_BACKUP_KEY}_public.asc" + rm "${MY_BACKUP_KEY}_private.asc" mark_completed "${FUNCNAME[0]}" } @@ -258,7 +258,6 @@ function backup_database_local_usb { if [ -f "${local_database_dir}/${1}.${database_file_extension}" ]; then if [ ! -s "${local_database_dir}/${1}.${database_file_extension}" ]; then echo $"${1} database could not be saved" - shred -zu "${local_database_dir}/"* rm -rf "${local_database_dir}" umount "$USB_MOUNT" rm -rf "$USB_MOUNT" @@ -284,7 +283,6 @@ function backup_directory_to_usb_duplicity { umount "$USB_MOUNT" rm -rf "$USB_MOUNT" if [[ ${1} == "/root/temp"* || ${1} == *"tempbackup" ]]; then - shred -zu "${1}/"* rm -rf "${1}" fi function_check restart_site @@ -299,7 +297,6 @@ function backup_directory_to_usb_duplicity { umount "$USB_MOUNT" rm -rf "$USB_MOUNT" if [[ ${1} == "/root/temp"* || ${1} == *"tempbackup" ]]; then - shred -zu "${1}/"* rm -rf "${1}" fi function_check restart_site @@ -332,7 +329,6 @@ function backup_directory_to_usb { backup_directory_to_usb_duplicity "${1}" "${2}" if [[ ${1} == "/root/temp"* || ${1} == *"tempbackup" ]]; then - shred -zu "${1}/"* rm -rf "${1}" fi fi @@ -414,7 +410,6 @@ function backup_directory_to_friend_duplicity { # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then if [[ "${1}" == "/root/temp"* || ${1} == *"tempbackup" ]]; then - shred -zu "${1}/"* rm -rf "${1}" fi function_check restart_site @@ -427,7 +422,6 @@ function backup_directory_to_friend_duplicity { # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then if [[ "${1}" == "/root/temp"* || ${1} == *"tempbackup" ]]; then - shred -zu "${1}/"* rm -rf "${1}" fi function_check restart_site @@ -457,7 +451,6 @@ function backup_directory_to_friend { backup_directory_to_friend_duplicity "${1}" "${2}" if [[ "${1}" == "/root/temp"* || ${1} == *"tempbackup" ]]; then - shred -zu "/root/temp${2}/"* rm -rf "/root/temp${2}" fi } @@ -508,7 +501,6 @@ function backup_database_remote { if [ -f "${local_database_dir}/${1}.${database_file_extension}" ]; then if [ ! -s "${local_database_dir}/${1}.${database_file_extension}" ]; then echo $"${1} database could not be saved" - shred -zu "${local_database_dir}/"* rm -rf "${local_database_dir}" # Send a warning email echo $"Unable to export ${1} database" | mail -s $"${PROJECT_NAME} backup to friends" "$ADMIN_EMAIL_ADDRESS" @@ -629,9 +621,9 @@ function restore_database_from_friend { exit 8735271 fi if [ -d "${local_database_dir}/${RESTORE_SUBDIR}/temp${1}data" ]; then - shred -zu "${local_database_dir}/${RESTORE_SUBDIR}/temp${1}data/"* + rm "${local_database_dir}/${RESTORE_SUBDIR}/temp${1}data/"* else - shred -zu "${local_database_dir}/*.${database_file_extension}" + rm "${local_database_dir}/*.${database_file_extension}" fi rm -rf "${local_database_dir}" echo $"Restoring ${1} installation" @@ -739,9 +731,9 @@ function restore_database { exit 482638995 fi if [ -d "${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data" ]; then - shred -zu "${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data/"* + rm "${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data/"* else - shred -zu "${local_database_dir}/*.${database_file_extension}" + rm "${local_database_dir}/*.${database_file_extension}" fi rm -rf "${local_database_dir}" diff --git a/src/freedombone-utils-database b/src/freedombone-utils-database index 6d344ed4..53ae244c 100755 --- a/src/freedombone-utils-database +++ b/src/freedombone-utils-database @@ -139,7 +139,7 @@ function get_mariadb_password { "${PROJECT_NAME}-pass" -u root -a mariadb -p "$MARIADB_PASSWORD" stored_password=$("${PROJECT_NAME}-pass" -u root -a mariadb) if [[ "$stored_password" == "$MARIADB_PASSWORD" ]]; then - shred -zu $DATABASE_PASSWORD_FILE + rm $DATABASE_PASSWORD_FILE echo $'MariaDB password moved into password store' return fi @@ -311,7 +311,7 @@ quit" > "$INSTALL_DIR/batch.sql" chmod 600 "$INSTALL_DIR/batch.sql" keep_database_running mysql -u root --password="$MARIADB_PASSWORD" < "$INSTALL_DIR/batch.sql" - shred -zu "$INSTALL_DIR/batch.sql" + rm "$INSTALL_DIR/batch.sql" } function initialise_database { @@ -359,7 +359,7 @@ quit" > "$INSTALL_DIR/batch.sql" chmod 600 "$INSTALL_DIR/batch.sql" keep_database_running mysql -u root --password="$MARIADB_PASSWORD" < "$INSTALL_DIR/batch.sql" - shred -zu "$INSTALL_DIR/batch.sql" + rm "$INSTALL_DIR/batch.sql" } function run_query_with_output { @@ -385,7 +385,7 @@ quit" > "$INSTALL_DIR/batch.sql" chmod 600 "$INSTALL_DIR/batch.sql" keep_database_running mysql -u root --password="$MARIADB_PASSWORD" < "$INSTALL_DIR/batch.sql" - shred -zu "$INSTALL_DIR/batch.sql" + rm "$INSTALL_DIR/batch.sql" } diff --git a/src/freedombone-utils-gpg b/src/freedombone-utils-gpg index 1bbb7dd0..e4fbae69 100755 --- a/src/freedombone-utils-gpg +++ b/src/freedombone-utils-gpg @@ -118,7 +118,7 @@ function gpg_create_key { echo $"A GPG key for $MY_EMAIL_ADDRESS could not be created" exit 63621 fi - shred -zu "/home/$key_username/gpg-genkey.conf" + rm "/home/$key_username/gpg-genkey.conf" CURR_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$key_username" "$MY_EMAIL_ADDRESS") if [ ${#CURR_GPG_PUBLIC_KEY_ID} -lt 4 ]; then echo $"GPG public key ID could not be obtained for $MY_EMAIL_ADDRESS" @@ -196,7 +196,7 @@ function gpg_reconstruct_key { fi if ! gpg --homedir="/home/$key_username/.gnupg" --allow-secret-key-import --import "$KEYS_FILE"; then - shred -zu "$KEYS_FILE" + rm "$KEYS_FILE" rm -rf "/home/$key_username/.tempgnupg" if [ "$key_interactive" ]; then dialog --title $"Recover Encryption Keys" --msgbox $'Unable to import gpg key' 6 70 @@ -205,7 +205,7 @@ function gpg_reconstruct_key { fi exit 96547 fi - shred -zu "$KEYS_FILE" + rm "$KEYS_FILE" gpg_set_permissions "$key_username" diff --git a/src/freedombone-utils-onion b/src/freedombone-utils-onion index 2fc9224e..996e02e7 100755 --- a/src/freedombone-utils-onion +++ b/src/freedombone-utils-onion @@ -136,11 +136,9 @@ function remove_onion_service { fi fi if [ -d "${HIDDEN_SERVICE_PATH}${onion_service_name}" ]; then - shred -zu "${HIDDEN_SERVICE_PATH}${onion_service_name}/"* rm -rf "${HIDDEN_SERVICE_PATH}${onion_service_name}" fi if [ -d "${HIDDEN_SERVICE_PATH}${onion_service_name}_mobile" ]; then - shred -zu "${HIDDEN_SERVICE_PATH}${onion_service_name}_mobile/"* rm -rf "${HIDDEN_SERVICE_PATH}${onion_service_name}_mobile" fi remove_completion_param "${onion_service_name} onion domain" diff --git a/src/freedombone-utils-postgresql b/src/freedombone-utils-postgresql index 69c85211..eb7f8c86 100755 --- a/src/freedombone-utils-postgresql +++ b/src/freedombone-utils-postgresql @@ -202,7 +202,7 @@ quit" > "$INSTALL_DIR/batch.sql" chmod 600 "$INSTALL_DIR/batch.sql" cd /etc/postgresql || exit 247284684 sudo -u postgres psql -d "$database_name" --file="$INSTALL_DIR/batch.sql" - shred -zu "$INSTALL_DIR/batch.sql" + rm "$INSTALL_DIR/batch.sql" } # NOTE: deliberately there is no "exit 0"