82 lines
2.2 KiB
Bash
Executable File
82 lines
2.2 KiB
Bash
Executable File
#!/bin/bash
|
|
set -e
|
|
|
|
unix_seconds=$(date +%s)
|
|
key_path="$PWD/private_ed25519_${unix_seconds}"
|
|
signature_tag="file-integrity"
|
|
out_dir="$PWD/out"
|
|
inner_dir="$out_dir/contents"
|
|
|
|
mkdir -p "$inner_dir"
|
|
|
|
checkcode () {
|
|
local retcode
|
|
if [ -z "$1" ]; then
|
|
echo -e "\n\e[31mERROR!\033[0m checkcode missing return code parameter\n"
|
|
exit 1
|
|
else
|
|
retcode=$1
|
|
fi
|
|
|
|
if [ $retcode -ne 0 ]; then
|
|
echo -e "\e[31mERROR!\033[0m Response Code: $retcode"
|
|
else
|
|
printf '\e[1;32mOK!\e[0m\n'
|
|
fi
|
|
}
|
|
|
|
printf "ssh-keygen: makin new key "
|
|
ssh-keygen -t ed25519 -f "$key_path" -C "anonymous@local"
|
|
checkcode $?
|
|
printf "ssh-keygen: creating out/anonymous_signer"
|
|
echo "anonymous@local namespaces=\"$signature_tag\" $(cat "${key_path}.pub")" > "$out_dir/anonymous_signer"
|
|
checkcode $?
|
|
|
|
printf "random: adding 1/2 random blocks of data to inner archive"
|
|
dd if=/dev/urandom of="$inner_dir/.$RANDOM" bs=1M count=1 status=progress
|
|
checkcode $?
|
|
printf "random: adding 2/3 random blocks of data to outer archive"
|
|
dd if=/dev/urandom of="$out_dir/.$RANDOM" bs=1M count=1 status=progress
|
|
checkcode $?
|
|
|
|
printf "7z: compressing inner volume"
|
|
7z a "$out_dir/contents.7z" "$inner_dir"
|
|
checkcode $?
|
|
|
|
printf "ssh: signing out/contents.7z"
|
|
ssh-keygen -Y sign -f "$key_path" -n "$signature_tag" "$out_dir/contents.7z"
|
|
checkcode $?
|
|
|
|
printf "sha512: generating sha512 checksums of files in out/ "
|
|
(cd "$out_dir" && sha512sum * | tee checksums.sha512)
|
|
checkcode $?
|
|
|
|
echo "Enter attribution passphrase:"
|
|
read -r -s attribution_passphrase
|
|
echo
|
|
echo "Enter attribution passphrase again:"
|
|
read -r -s attribution_passphrase_check
|
|
if [[ "$attribution_passphrase" != "$attribution_passphrase_check" ]]; then
|
|
echo -e "\n\n\033[0;31mAttribution passphrases do not match! Exiting!\033[0m\n\n" >&2
|
|
exit 1
|
|
else
|
|
echo -e "attribution_passphrase: \033[0;32mOK!\033[0m"
|
|
fi
|
|
unset attribution_passphrase_check
|
|
{
|
|
printf '%s' "$attribution_passphrase"
|
|
cat "$out_dir/contents.7z"
|
|
} | sha512sum | awk '{print $1}' | tee "$out_dir/attribution.sha512"
|
|
|
|
printf "deleting $inner_dir"
|
|
rm -rf "$inner_dir"
|
|
checkcode $?
|
|
|
|
printf "sanity checking"
|
|
# todo: test verify shit
|
|
checkcode $?
|
|
|
|
printf "7z archiving outer dir"
|
|
7z a "./out.7z" "$out_dir"
|
|
checkcode $?
|