Skip to content

Commit

Permalink
Backup script and gpg conf, release version 2
Browse files Browse the repository at this point in the history
  • Loading branch information
@drduh
drduh committed May 25, 2020
1 parent 93640f8 commit de4bd29
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 9 deletions.
13 changes: 7 additions & 6 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,15 +6,12 @@ It uses GnuPG to symmetrically (i.e., using a master password) encrypt and decry

# Release notes

## Version 1 (2015)

The original release which has been available for general use and review since July 2015. There are no known bugs nor security vulnerabilities identified in this stable version of pwd.sh. Compatible on Linux, OpenBSD, macOS.
## Version 2 (2020)

## Version 2b (2019)

The second release of pwd.sh features several security and reliability improvements, and is an optional upgrade. Currently in beta testing. Compatible on Linux, OpenBSD, macOS.
The second release of pwd.sh features many security and reliability improvements, and is a recommended upgrade. Compatible on Linux, OpenBSD, macOS.

Changelist:

* Passwords are now encrypted as individual files, rather than all encrypted as a single flat file.
* Individual password filenames are random, mapped to usernames in an encrypted index file.
* Index and password files are now "immutable" using chmod while pwd.sh is not running.
Expand All @@ -26,6 +23,10 @@ Changelist:
* Removed option: read all passwords; no use case for having a single command.
* Removed option: suppress generated password output; should be read from safe to verify save.

## Version 1 (2015)

The original release which has been available for general use and review since July 2015. There are no known bugs nor security vulnerabilities identified in this stable version of pwd.sh. Compatible on Linux, OpenBSD, macOS.

# Use

```console
Expand Down
14 changes: 11 additions & 3 deletions pwd.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,12 @@ umask 077
now=$(date +%s)
copy="$(command -v xclip || command -v pbcopy)"
gpg="$(command -v gpg || command -v gpg2)"
gpgconf="${HOME}/.gnupg/gpg.conf"
backuptar="${PWDSH_BACKUP:=pwd.$(hostname).$(date +%F).tar}"
safeix="${PWDSH_INDEX:=pwd.index}"
safedir="${PWDSH_SAFE:=safe}"
timeout=30
script="$(basename $BASH_SOURCE)"
timeout=10

fail () {
# Print an error message and exit.
Expand Down Expand Up @@ -122,7 +124,7 @@ write_pass () {
encrypt "${password}" "${safeix}.${now}" - || \
fail "Failed to put ${safeix}.${now}"

mv -v "${safeix}.${now}" "${safeix}"
mv "${safeix}.${now}" "${safeix}"
}

list_entry () {
Expand All @@ -141,8 +143,12 @@ backup () {
# Archive encrypted index and safe directory.

if [[ -f "${safeix}" && -d "${safedir}" ]] ; then \
tar cfv "${backuptar}" "${safeix}" "${safedir}"
cp "${gpgconf}" "gpg.conf.${now}"
tar cfv "${backuptar}" \
"${safeix}" "${safedir}" "gpg.conf.${now}" "${script}"
rm "gpg.conf.${now}"
else fail "Nothing to archive" ; fi

printf "\nArchived %s\n" "${backuptar}" ; \
}

Expand Down Expand Up @@ -216,6 +222,8 @@ if [[ -z ${gpg} && ! -x ${gpg} ]] ; then fail "GnuPG is not available" ; fi

if [[ -z ${copy} && ! -x ${copy} ]] ; then fail "Clipboard is not available" ; fi

if [[ ! -f ${gpgconf} ]] ; then fail "GnuPG config is not available" ; fi

if [[ ! -d "${safedir}" ]] ; then mkdir -p "${safedir}" ; fi

chmod -R 0600 "${safeix}" 2>/dev/null
Expand Down

0 comments on commit de4bd29

Please sign in to comment.