From 7977df075594be0fe9d20d21ecfd570223932063 Mon Sep 17 00:00:00 2001 From: PrincessPi3 Date: Sat, 23 May 2026 06:17:02 -0600 Subject: [PATCH] cleanup --- ... (# Edit conflict 2026-05-23 y151erC #).sh | 124 ++++++++++++++++++ create-attributable-archive.sh | 7 +- 2 files changed, 130 insertions(+), 1 deletion(-) create mode 100644 create-attributable-archive (# Edit conflict 2026-05-23 y151erC #).sh diff --git a/create-attributable-archive (# Edit conflict 2026-05-23 y151erC #).sh b/create-attributable-archive (# Edit conflict 2026-05-23 y151erC #).sh new file mode 100644 index 0000000..78347c2 --- /dev/null +++ b/create-attributable-archive (# Edit conflict 2026-05-23 y151erC #).sh @@ -0,0 +1,124 @@ +#!/bin/bash +set -e + +unix_seconds=$(date +%s) +key_path="./private_ed25519_${unix_seconds}" +signature_tag="file-integrity" +out_dir="./out" +inner_dir="$out_dir/contents" + +mkdir -p "$inner_dir" + +checkcode () { + local retcode + if [ -z "$1" ]; then + echo -e "\n\e[31mERROR!\033[0m checkcode missing return code parameter\n" + exit 1 + else + retcode=$1 + fi + + if [ $retcode -ne 0 ]; then + echo -e "\e[31mERROR!\033[0m Response Code: $retcode" + else + printf ' \e[1;32mOK!\e[0m\n' + fi +} + +printf "setting up environment..." +bash reset.sh +checkcode $? + +printf "ssh-keygen: makin new key..." +ssh-keygen -t ed25519 -f "$key_path" -C "anonymous" +checkcode $? +printf "ssh-keygen: changing ownership on $key_path and $key_path.pub" +chown $USER:$USER "$key_path" "$key_path.pub" +printf "ssh-keygen: fixing perms on $key_path and $key_path.pub" +chmod 600 "$key_path" "$key_path.pub" +printf "ssh-keygen: creating $out_dir/anonymous_signer..." +echo "anonymous namespaces=\"$signature_tag\" $(cat "${key_path}.pub")" > "$out_dir/anonymous_signer" +checkcode $? + +printf "random: adding 1/2 random blocks of data to inner archive" +dd if=/dev/urandom of="$inner_dir/.$RANDOM" bs=1M count=1 > /dev/null 2>&1 +checkcode $? +printf "random: adding 2/3 random blocks of data to outer archive" +dd if=/dev/urandom of="$out_dir/.$RANDOM" bs=1M count=1 > /dev/null 2>&1 +checkcode $? + +printf "7z: compressing inner volume" +7z a "$out_dir/contents.7z" "$inner_dir" > /dev/null 2>&1 +checkcode $? + +printf "deleting $inner_dir" +rm -rf "$inner_dir" > /dev/null 2>&1 +checkcode $? + +printf "ssh: signing out/contents.7z" +ssh-keygen -Y sign -f "$key_path" -n "$signature_tag" "$out_dir/contents.7z" > /dev/null 2>&1 +checkcode $? + +printf "sha512: generating sha512 checksums of files in out" +sha512sum $out_dir/* > "$out_dir/checksums.sha512" +checkcode $? + +echo "Enter attribution passphrase:" +read -r -s attribution_passphrase +echo +echo "Enter attribution passphrase again:" +read -r -s attribution_passphrase_check +if [[ "$attribution_passphrase" != "$attribution_passphrase_check" ]]; then + echo -e "\n\n\033[0;31mAttribution passphrases do not match! Exiting!\033[0m\n\n" > /dev/null > /dev/null 2>&1 + exit 1 +else + echo -e "attribution_passphrase: \033[0;32mOK!\033[0m" + echo "$attribution_passphrase" > "attribution_passphrase_${unix_seconds}.txt" +fi +unset attribution_passphrase_check > /dev/null > /dev/null 2>&1 +unset attribution_passphrase > /dev/null > /dev/null 2>&1 +{ + printf '%s' "$attribution_passphrase" + cat "$out_dir/contents.7z" +} | sha512sum | awk '{print $1}' > "$out_dir/attribution-checksum.sha512" + +# printf "sanity checking: changing working directory to $out_dir" +# cd "$out_dir" +# checkcode $? +# printf "sanity checking: verification" +# bash verify-everything.sh +# checkcode $? +# printf "sanity checking: validate attribution passphrase" +# bash test_validation_passphrase.sh +# checkcode $? +# printf "sanity checking: returning" +# cd .. +# checkcode $? + +printf "7z archiving outer dir" +7z a "./out.7z" "$out_dir" > /dev/null > /dev/null 2>&1 +checkcode $? +printf "moving out.7z to archives" +mv out.7z "archives/verifiable_archive_${unix_seconds}.7z" > /dev/null 2>&1 +checkcode $? + +echo "input keystore passphrase" +read -r -s keystore_passphrase +echo +echo "input keystore passphrase (again)" +read -r -s keystore_passphrase_check +echo +if [[ "$keystore_passphrase" != "$keystore_passphrase_check" ]]; then + echo -e "\n\n\033[0;31mKeystore passphrases do not match! Exiting!\033[0m\n\n" > /dev/null 2>&1 + exit 1 +fi + +printf "archivin keys" +7z a "keystore/keystore_${unix_seconds}.7z" -p$keystore_passphrase "private_*" "private_*.pub" "attribution_passphrase_${unix_seconds}.txt" > /dev/null 2>&1 +checkcode $? + +printf "resetting environment..." +bash reset.sh +checkcode $? + +echo "done :3" diff --git a/create-attributable-archive.sh b/create-attributable-archive.sh index 6f994e1..dbccc44 100755 --- a/create-attributable-archive.sh +++ b/create-attributable-archive.sh @@ -112,9 +112,14 @@ if [[ "$keystore_passphrase" != "$keystore_passphrase_check" ]]; then echo -e "\n\n\033[0;31mKeystore passphrases do not match! Exiting!\033[0m\n\n" > /dev/null 2>&1 exit 1 fi +unset keystore_passphrase_check > /dev/null 2>&1 printf "archivin keys" -7z a "keystore/keystore_${unix_seconds}.7z" "private_*" "private_*.pub" "attribution_passphrase_${unix_seconds}.txt" > /dev/null 2>&1 +7z a "keystore/keystore_${unix_seconds}.7z" -p$keystore_passphrase "private_*" "private_*.pub" "attribution_passphrase_${unix_seconds}.txt" > /dev/null 2>&1 +checkcode $? + +printf "testing key archive" +7z t "keystore/keystore_${unix_seconds}.7z" -p$keystore_passphrase > /dev/null 2>&1 checkcode $? printf "resetting environment..."