Compare commits

...

6 Commits

Author SHA1 Message Date
PrincessPi e06274cb26 mayhappenz 2026-06-13 16:19:42 -06:00
PrincessPi 7a5d10ad45 mayhappenz 2026-06-13 15:32:25 -06:00
PrincessPi b9ce826c3c fix 2026-06-13 15:25:44 -06:00
PrincessPi b5d5b77149 fix 2026-06-13 15:20:52 -06:00
PrincessPi 255529e196 fix 2026-06-13 15:09:45 -06:00
PrincessPi 34fc3f4f9c fix 2026-06-13 13:24:11 -06:00
2 changed files with 22 additions and 18 deletions
+3 -1
View File
@@ -16,6 +16,8 @@ out/content/*
*/*.7z */*.7z
*/*.sha512 */*.sha512
*/*.sha256 */*.sha256
*/private_* */.private_*
*.attribution_*
*/*.sig */*.sig
*/checksums.txt
anonymous_signer anonymous_signer
+19 -17
View File
@@ -1,12 +1,12 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# packages: 7zip, shred, secure-delete, cracklib-runtime, openssl, curl set -o errtrace
# set -o errtrace set -o nounset
# set -o nounset set -o pipefail
# set -o pipefail
IFS=$'\n\t'
IFS=$'\n\t'
unix_seconds=$(date +%s) unix_seconds=$(date +%s)
key_path="keystore/private_ed25519_${unix_seconds}" key_path=".private_ed25519_${unix_seconds}"
attribution_keystore=".attribution_passphrase_${unix_seconds}"
signature_tag="file-integrity" signature_tag="file-integrity"
out_dir="./out" out_dir="./out"
inner_dir="$out_dir/contents" inner_dir="$out_dir/contents"
@@ -54,7 +54,7 @@ run_cmd() {
reset() { reset() {
printf 'Autoshredding known artifacts...\n' printf 'Autoshredding known artifacts...\n'
find . -maxdepth 1 -type f \( -name 'private_*' -o -name 'attribution_passphrase_*' -o -name '*.sha512' -o -name 'checksums*' -o -name '*.sig' -o -name '*.7z' -o -name 'anonymous_signer' \) -exec shred -uz {} + find . -maxdepth 1 -type f \( -name '.private_*' -o -name '.attribution_passphrase_*' -o -name '*.sha512' -o -name 'checksums*' -o -name '*.sig' -o -name '*.7z' -o -name 'anonymous_signer' \) -exec shred -uz {} +
checkcode $? checkcode $?
if compgen -G 'private_*' >/dev/null 2>&1; then if compgen -G 'private_*' >/dev/null 2>&1; then
@@ -99,7 +99,7 @@ reset() {
checkcode $? checkcode $?
find "$dir" -mindepth 1 -type d -exec srm -r -z -l '{}' + >/dev/null 2>&1 || true find "$dir" -mindepth 1 -type d -exec srm -r -z -l '{}' + >/dev/null 2>&1 || true
find "$dir" -type f \( -name 'private_ed25519_*' -o -name 'attribution_passphrase_*' \) -exec shred -uz '{}' + >/dev/null 2>&1 || true find "$dir" -type f \( -name '.private_*' -o -name '.attribution_*' \) -exec shred -uz '{}' + >/dev/null 2>&1 || true
find "$dir" -type f -exec chmod 600 '{}' + find "$dir" -type f -exec chmod 600 '{}' +
checkcode $? checkcode $?
fi fi
@@ -208,8 +208,6 @@ exit_cleanup() {
printf "cleaning up on exit" printf "cleaning up on exit"
reset > /dev/null 2>&1 reset > /dev/null 2>&1
checkcode $? checkcode $?
# todo: uset vars
} }
trap error_handle ERR trap error_handle ERR
@@ -224,7 +222,7 @@ read -n 1 -s -r -p "In another terminal/window, fill $inner_dir with whatever yo
printf '\n' printf '\n'
printf 'ssh-keygen: creating new key: %s...\n' "$key_path" printf 'ssh-keygen: creating new key: %s...\n' "$key_path"
ssh-keygen -t ed25519 -C 'anonymous' -N '' -f "$key_path" # >/dev/null 2>&1 ssh-keygen -t ed25519 -C 'anonymous' -N '' -f "$key_path" >/dev/null 2>&1
checkcode $? checkcode $?
printf 'ssh-keygen: fixing permissions on %s and %s...\n' "$key_path" "${key_path}.pub" printf 'ssh-keygen: fixing permissions on %s and %s...\n' "$key_path" "${key_path}.pub"
@@ -240,12 +238,12 @@ read -r random
if [[ -z "$random" || "$random" =~ ^[nN]$ ]]; then if [[ -z "$random" || "$random" =~ ^[nN]$ ]]; then
echo -e "No random data added. ${GREEN}OK!${RESET}\n" echo -e "No random data added. ${GREEN}OK!${RESET}\n"
else else
printf 'random: adding 1/2 random blocks of data (128 bytes) to outer archive...\n' printf 'random: adding 1/2 random blocks of data (32 bytes) to outer archive...\n'
openssl rand -out "$out_dir/.$RANDOM" 16 >/dev/null 2>&1 openssl rand -out "$out_dir/.$RANDOM" >/dev/null 2>&1
checkcode $? checkcode $?
printf 'random: adding 2/2 random blocks of data (128 bytes) to inner archive...\n' printf 'random: adding 2/2 random blocks of data (32 bytes) to inner archive...\n'
openssl rand -out "$inner_dir/.$RANDOM" 16 >/dev/null 2>&1 openssl rand -out "$inner_dir/.$RANDOM" 32 >/dev/null 2>&1
checkcode $? checkcode $?
fi fi
@@ -283,6 +281,10 @@ printf 'Auditing attribution passphrase...\n'
ret=`audit_passphrase "$attribution_passphrase" "$attribution_passphrase_check"` ret=`audit_passphrase "$attribution_passphrase" "$attribution_passphrase_check"`
echo "$ret" echo "$ret"
printf 'Saving Attribution Passphrase'
echo "$attribution_passphrase" > "$attribution_keystore"
checkcode $?
printf 'Unsetting attribution_passphrase_check...\n' printf 'Unsetting attribution_passphrase_check...\n'
unset attribution_passphrase_check unset attribution_passphrase_check
@@ -336,8 +338,8 @@ unset keystore_passphrase_check
printf 'Archiving keys...\n' printf 'Archiving keys...\n'
set +u set +u
shopt -s nullglob shopt -s nullglob
private_files=(private_*) private_files=(.private_*)
passphrase_files=(attribution_passphrase_*) passphrase_files=(.attribution_*)
shopt -u nullglob shopt -u nullglob
set -u set -u
if [[ ${#private_files[@]} -eq 0 && ${#passphrase_files[@]} -eq 0 ]]; then if [[ ${#private_files[@]} -eq 0 && ${#passphrase_files[@]} -eq 0 ]]; then