1
0
mirror of https://github.com/deajan/obackup.git synced 2024-12-25 15:03:41 +01:00

Work in progress for encryption

This commit is contained in:
deajan 2016-08-31 23:32:21 +02:00
parent 2ac8b646a9
commit 084fd91005

View File

@ -5,7 +5,7 @@ PROGRAM="obackup"
AUTHOR="(C) 2013-2016 by Orsiris de Jong"
CONTACT="http://www.netpower.fr/obackup - ozy@netpower.fr"
PROGRAM_VERSION=2.1-dev
PROGRAM_BUILD=2016083003
PROGRAM_BUILD=2016083102
IS_STABLE=no
source "./ofunctions.sh"
@ -90,18 +90,29 @@ function CheckEnvironment {
fi
if [ "$FILE_BACKUP" != "no" ]; then
if [ "$ENCRYPTION" == "yes" ]; then
if ! type gpg > /dev/null 2>&1 ; then
Logger "gpg not present. Cannot encrypt backup files." "CRITICAL"
CAN_BACKUP_FILES=false
fi
else
if ! type rsync > /dev/null 2>&1 ; then
Logger "rsync not present. Cannot backup files." "CRITICAL"
CAN_BACKUP_FILES=false
fi
if ! type rsync > /dev/null 2>&1 ; then
Logger "rsync not present. Cannot backup files." "CRITICAL"
CAN_BACKUP_FILES=false
fi
fi
if [ "$ENCRYPTION" == "yes" ]; then
CheckDecrpytEnvironnment
fi
}
function CheckDecryptEnvironnment {
if ! type gpg2 > /dev/null 2>&1 ; then
if ! type gpg > /dev/null 2>&1; then
Logger "gpg2 nor gpg not present. Cannot encrypt backup files." "CRITICAL"
CAN_BACKUP_FILES=false
else
Logger "gpg2 not present, falling back to gpg." "NOTICE"
ENCRYPT_TOOL=gpg
fi
else
ENCRYPT_TOOL=gpg2
fi
}
function CheckCurrentConfig {
@ -836,6 +847,8 @@ function BackupDatabases {
function PrepareEncryptFiles {
local tmpPath="${2}"
#TODO: handle dryrun, do we need to create temp dir ?
__CheckArguments 1 $# ${FUNCNAME[0]} "$@" #__WITH_PARANOIA_DEBUG
if [ "$BACKUP_TYPE" == "local" ] || [ "$BACKUP_TYPE" == "push" ]; then
@ -858,6 +871,51 @@ function EncrpytFiles {
# Send files to remote, rotate & copy
}
function DecryptFiles {
local filePath="${1}" # Path to files to decrypt
local passphraseFile="${2}" # Passphrase file to decrypt files
local passphrase="${3}" # Passphrase to decrypt files
__CheckArguments 3 $# ${FUNCNAME[0]} "$@" #__WITH_PARANOIA_DEBUG
local secret
local successCounter=0
local errorCounter=0
local cryptFileExtension=".obackup.gpg"
if [ ! -w "$filePath" ]; then
Logger "Directory [$filePath] is not writable. Cannot decrypt files." "CRITICAL"
exit 1
fi
if [ -f "$passphraseFile" ]; then
secret="--passphrase-file $passphraseFile"
elif [ "$passphrase" != "" ]; then
secret="--passphrase $passphrase"
else
Logger "Invalid passphrase file or passphrase." "CRITICAL"
exit 1
fi
find "$filePath" -type f -iname "*$cryptFileExtension" -print0 | while IFS= read -r -d $'\0' encryptedFile; do
Logger "Decrypting [$encryptedFile]." "VERBOSE"
$ENCRYPT_TOOL --out "${encryptedFile%%$cryptFileExtension*}" --batch $secret --decrypt "$encryptedFile" > "$RUN_DIR/$PROGRAM.$FUNCNAME.$SCRIPT_PID" 2>&1
if [ $? != 0 ]; then
Logger "Cannot decrypt [$encryptedFile]." "ERROR"
errorCounter=$((errorCounter+1))
else
succesCounter=$((successCounter+1))
rm -f "$encryptedFile"
if [ $? != 0 ]; then
Logger "Cannot delete original file [$encryptedFile] after decryption." "ERROR"
Logger "Command output\n$(cat $RUN_DIR/$PROGRAM.$FUNCNAME.$SCRIPT_PID)" "ERROR"
fi
fi
done
Logger "Decrypted [$successCounter] files successfully. Failed to decrypt [$errorCounter] files." "NOTICE"
exit 0
}
function Rsync {
local backup_directory="${1}" # Which directory to backup
local is_recursive="${2}" # Backup only files at toplevel of directory
@ -892,10 +950,10 @@ function Rsync {
backup_directory=$(EscapeSpaces "$backup_directory")
rsync_cmd="$(type -p $RSYNC_EXECUTABLE) $RSYNC_ARGS $RSYNC_DRY_ARG $RSYNC_ATTR_ARGS $RSYNC_TYPE_ARGS $RSYNC_NO_RECURSE_ARGS $RSYNC_DELETE $RSYNC_PATTERNS $RSYNC_PARTIAL_EXCLUDE --rsync-path=\"$RSYNC_PATH\" -e \"$RSYNC_SSH_CMD\" \"$REMOTE_USER@$REMOTE_HOST:$backup_directory\" \"$file_storage_path\" > $RUN_DIR/$PROGRAM.${FUNCNAME[0]}.$SCRIPT_PID 2>&1"
elif [ "$BACKUP_TYPE" == "push" ]; then
CheckConnectivity3rdPartyHosts
CheckConnectivityRemoteHost
file_storage_path=$(EscapeSpaces "$file_storage_path")
_CreateDirectoryRemote "$file_storage_path"
CheckConnectivity3rdPartyHosts
CheckConnectivityRemoteHost
rsync_cmd="$(type -p $RSYNC_EXECUTABLE) $RSYNC_ARGS $RSYNC_DRY_ARG $RSYNC_ATTR_ARGS $RSYNC_TYPE_ARGS $RSYNC_NO_RECURSE_ARGS $RSYNC_DELETE $RSYNC_PATTERNS $RSYNC_PARTIAL_EXCLUDE --rsync-path=\"$RSYNC_PATH\" -e \"$RSYNC_SSH_CMD\" \"$backup_directory\" \"$REMOTE_USER@$REMOTE_HOST:$file_storage_path\" > $RUN_DIR/$PROGRAM.${FUNCNAME[0]}.$SCRIPT_PID 2>&1"
fi
@ -1175,6 +1233,11 @@ function RotateBackups {
fi
}
function SetTraps {
trap TrapStop INT QUIT TERM HUP
trap TrapQuit EXIT
}
function Init {
__CheckArguments 0 $# ${FUNCNAME[0]} "$@" #__WITH_PARANOIA_DEBUG
@ -1182,9 +1245,6 @@ function Init {
local hosturiandpath
local hosturi
trap TrapStop INT QUIT TERM HUP
trap TrapQuit EXIT
## Test if target dir is a ssh uri, and if yes, break it down it its values
if [ "${REMOTE_SYSTEM_URI:0:6}" == "ssh://" ] && [ "$BACKUP_TYPE" != "local" ]; then
REMOTE_OPERATION="yes"
@ -1289,7 +1349,7 @@ function Usage {
echo "$AUTHOR"
echo "$CONTACT"
echo ""
echo "usage: obackup.sh /path/to/backup.conf [OPTIONS]"
echo "usage: $0 /path/to/backup.conf [OPTIONS]"
echo ""
echo "OPTIONS:"
echo "--dry will run obackup without actually doing anything, just testing"
@ -1300,6 +1360,10 @@ function Usage {
echo "--no-maxtime disables any soft and hard execution time checks"
echo "--delete Deletes files on destination that vanished on source"
echo "--dontgetsize Does not try to evaluate backup size"
echo ""
echo -e "$PROGRAM may also be used to \e[93mdecrypt\e[0m a backup encrypted with $PROGRAM."
echo "usage: $0 --decrypt=/path/to/encrypted_backup --passphrase-file=/path/to/passphrase"
echo "usage: $0 --decrypt=/path/to/encrypted_backup --passphrase=MySecretPassPhrase (security risk)"
exit 128
}
@ -1309,6 +1373,9 @@ _SILENT=false
no_maxtime=false
stats=false
PARTIAL=no
_DECRYPT_MODE=false
DECRYPT_PATH=""
function GetCommandlineArguments {
if [ $# -eq 0 ]; then
@ -1344,11 +1411,26 @@ function GetCommandlineArguments {
--help|-h|--version|-v)
Usage
;;
--decrypt=*)
_DECRYPT_MODE=true
DECRYPT_PATH="${i##*=}"
;;
--passphrase=*)
PASSPHRASE="${i##*=}"
;;
--passphrase-file=*)
PASSPHRASE_FILE="${i##*=}"
;;
esac
done
}
SetTraps
GetCommandlineArguments "$@"
if [ "$_DECRYPT_MODE" == true ]; then
CheckDecryptEnvironnment
DecryptFiles "$DECRYPT_PATH" "$PASSPHRASE_FILE" "$PASSPHRASE"
fi
LoadConfigFile "$1"
if [ "$LOGFILE" == "" ]; then
if [ -w /var/log ]; then