Compare commits
6 Commits
584d4e9075
..
main
| Author | SHA1 | Date | |
|---|---|---|---|
| e06274cb26 | |||
| 7a5d10ad45 | |||
| b9ce826c3c | |||
| b5d5b77149 | |||
| 255529e196 | |||
| 34fc3f4f9c |
+3
-1
@@ -16,6 +16,8 @@ out/content/*
|
|||||||
*/*.7z
|
*/*.7z
|
||||||
*/*.sha512
|
*/*.sha512
|
||||||
*/*.sha256
|
*/*.sha256
|
||||||
*/private_*
|
*/.private_*
|
||||||
|
*.attribution_*
|
||||||
*/*.sig
|
*/*.sig
|
||||||
|
*/checksums.txt
|
||||||
anonymous_signer
|
anonymous_signer
|
||||||
|
|||||||
@@ -1,12 +1,12 @@
|
|||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
# packages: 7zip, shred, secure-delete, cracklib-runtime, openssl, curl
|
set -o errtrace
|
||||||
# set -o errtrace
|
set -o nounset
|
||||||
# set -o nounset
|
set -o pipefail
|
||||||
# set -o pipefail
|
|
||||||
IFS=$'\n\t'
|
|
||||||
|
|
||||||
|
IFS=$'\n\t'
|
||||||
unix_seconds=$(date +%s)
|
unix_seconds=$(date +%s)
|
||||||
key_path="keystore/private_ed25519_${unix_seconds}"
|
key_path=".private_ed25519_${unix_seconds}"
|
||||||
|
attribution_keystore=".attribution_passphrase_${unix_seconds}"
|
||||||
signature_tag="file-integrity"
|
signature_tag="file-integrity"
|
||||||
out_dir="./out"
|
out_dir="./out"
|
||||||
inner_dir="$out_dir/contents"
|
inner_dir="$out_dir/contents"
|
||||||
@@ -54,7 +54,7 @@ run_cmd() {
|
|||||||
|
|
||||||
reset() {
|
reset() {
|
||||||
printf 'Autoshredding known artifacts...\n'
|
printf 'Autoshredding known artifacts...\n'
|
||||||
find . -maxdepth 1 -type f \( -name 'private_*' -o -name 'attribution_passphrase_*' -o -name '*.sha512' -o -name 'checksums*' -o -name '*.sig' -o -name '*.7z' -o -name 'anonymous_signer' \) -exec shred -uz {} +
|
find . -maxdepth 1 -type f \( -name '.private_*' -o -name '.attribution_passphrase_*' -o -name '*.sha512' -o -name 'checksums*' -o -name '*.sig' -o -name '*.7z' -o -name 'anonymous_signer' \) -exec shred -uz {} +
|
||||||
checkcode $?
|
checkcode $?
|
||||||
|
|
||||||
if compgen -G 'private_*' >/dev/null 2>&1; then
|
if compgen -G 'private_*' >/dev/null 2>&1; then
|
||||||
@@ -99,7 +99,7 @@ reset() {
|
|||||||
checkcode $?
|
checkcode $?
|
||||||
|
|
||||||
find "$dir" -mindepth 1 -type d -exec srm -r -z -l '{}' + >/dev/null 2>&1 || true
|
find "$dir" -mindepth 1 -type d -exec srm -r -z -l '{}' + >/dev/null 2>&1 || true
|
||||||
find "$dir" -type f \( -name 'private_ed25519_*' -o -name 'attribution_passphrase_*' \) -exec shred -uz '{}' + >/dev/null 2>&1 || true
|
find "$dir" -type f \( -name '.private_*' -o -name '.attribution_*' \) -exec shred -uz '{}' + >/dev/null 2>&1 || true
|
||||||
find "$dir" -type f -exec chmod 600 '{}' +
|
find "$dir" -type f -exec chmod 600 '{}' +
|
||||||
checkcode $?
|
checkcode $?
|
||||||
fi
|
fi
|
||||||
@@ -208,8 +208,6 @@ exit_cleanup() {
|
|||||||
printf "cleaning up on exit"
|
printf "cleaning up on exit"
|
||||||
reset > /dev/null 2>&1
|
reset > /dev/null 2>&1
|
||||||
checkcode $?
|
checkcode $?
|
||||||
|
|
||||||
# todo: uset vars
|
|
||||||
}
|
}
|
||||||
|
|
||||||
trap error_handle ERR
|
trap error_handle ERR
|
||||||
@@ -224,7 +222,7 @@ read -n 1 -s -r -p "In another terminal/window, fill $inner_dir with whatever yo
|
|||||||
printf '\n'
|
printf '\n'
|
||||||
|
|
||||||
printf 'ssh-keygen: creating new key: %s...\n' "$key_path"
|
printf 'ssh-keygen: creating new key: %s...\n' "$key_path"
|
||||||
ssh-keygen -t ed25519 -C 'anonymous' -N '' -f "$key_path" # >/dev/null 2>&1
|
ssh-keygen -t ed25519 -C 'anonymous' -N '' -f "$key_path" >/dev/null 2>&1
|
||||||
checkcode $?
|
checkcode $?
|
||||||
|
|
||||||
printf 'ssh-keygen: fixing permissions on %s and %s...\n' "$key_path" "${key_path}.pub"
|
printf 'ssh-keygen: fixing permissions on %s and %s...\n' "$key_path" "${key_path}.pub"
|
||||||
@@ -240,12 +238,12 @@ read -r random
|
|||||||
if [[ -z "$random" || "$random" =~ ^[nN]$ ]]; then
|
if [[ -z "$random" || "$random" =~ ^[nN]$ ]]; then
|
||||||
echo -e "No random data added. ${GREEN}OK!${RESET}\n"
|
echo -e "No random data added. ${GREEN}OK!${RESET}\n"
|
||||||
else
|
else
|
||||||
printf 'random: adding 1/2 random blocks of data (128 bytes) to outer archive...\n'
|
printf 'random: adding 1/2 random blocks of data (32 bytes) to outer archive...\n'
|
||||||
openssl rand -out "$out_dir/.$RANDOM" 16 >/dev/null 2>&1
|
openssl rand -out "$out_dir/.$RANDOM" >/dev/null 2>&1
|
||||||
checkcode $?
|
checkcode $?
|
||||||
|
|
||||||
printf 'random: adding 2/2 random blocks of data (128 bytes) to inner archive...\n'
|
printf 'random: adding 2/2 random blocks of data (32 bytes) to inner archive...\n'
|
||||||
openssl rand -out "$inner_dir/.$RANDOM" 16 >/dev/null 2>&1
|
openssl rand -out "$inner_dir/.$RANDOM" 32 >/dev/null 2>&1
|
||||||
checkcode $?
|
checkcode $?
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@@ -283,6 +281,10 @@ printf 'Auditing attribution passphrase...\n'
|
|||||||
ret=`audit_passphrase "$attribution_passphrase" "$attribution_passphrase_check"`
|
ret=`audit_passphrase "$attribution_passphrase" "$attribution_passphrase_check"`
|
||||||
echo "$ret"
|
echo "$ret"
|
||||||
|
|
||||||
|
printf 'Saving Attribution Passphrase'
|
||||||
|
echo "$attribution_passphrase" > "$attribution_keystore"
|
||||||
|
checkcode $?
|
||||||
|
|
||||||
printf 'Unsetting attribution_passphrase_check...\n'
|
printf 'Unsetting attribution_passphrase_check...\n'
|
||||||
unset attribution_passphrase_check
|
unset attribution_passphrase_check
|
||||||
|
|
||||||
@@ -336,8 +338,8 @@ unset keystore_passphrase_check
|
|||||||
printf 'Archiving keys...\n'
|
printf 'Archiving keys...\n'
|
||||||
set +u
|
set +u
|
||||||
shopt -s nullglob
|
shopt -s nullglob
|
||||||
private_files=(private_*)
|
private_files=(.private_*)
|
||||||
passphrase_files=(attribution_passphrase_*)
|
passphrase_files=(.attribution_*)
|
||||||
shopt -u nullglob
|
shopt -u nullglob
|
||||||
set -u
|
set -u
|
||||||
if [[ ${#private_files[@]} -eq 0 && ${#passphrase_files[@]} -eq 0 ]]; then
|
if [[ ${#private_files[@]} -eq 0 && ${#passphrase_files[@]} -eq 0 ]]; then
|
||||||
|
|||||||
Reference in New Issue
Block a user