diff --git a/cfg/sw/eurybox.conf b/cfg/sw/eurybox.conf index c250363..75e9cb4 100644 --- a/cfg/sw/eurybox.conf +++ b/cfg/sw/eurybox.conf @@ -118,7 +118,7 @@ EURYBOX_BACKUP_ARCHIVE=( [HASH]="sha512" [ENCRYPT]="true" [ENC_ALGO]="aes-256-ctr" - [PASSWORD]="MyStrongEncryptionPassword" + [PASSFILE]="/secure_folder/passphrasefile" [FEC]="zfec" [FEC_FILE_NUM]="10" #FOR PAR2 ONLY @@ -133,7 +133,7 @@ EURYBOX_BACKUP_ARCHIVE=( #-SSH: ssh client/server configuration done at system level (.ssh local files) + local mount point provided by sshfs. Password authentication capability has been enforced as disabled by command options #-NFS: nfs client/server configuration + local mount point provided by kernel. #-ISCSI: TODO - iSCSI target/initiator configuration + local mount point provided by TBD -#-FTP: ftp client/server authentication (user/password - TODO? certs/.netrc/other) + mount provided by curlftpfs. +#-FTP: ftp client/server authentication (user/password [UNSECURE] - TODO? certs/.netrc/other) + mount provided by curlftpfs. #-PART: local unmounted partition or raw device (as USB device, additional disks, ...) + local mount point provided by kernel. TODO: LUKS encrypted partition provided by kernel and cryptsetup tool #-LOCAL: local directory EURYBOX_BACKUP_DESTINATION=( diff --git a/sw/src/eurybox.functions.check b/sw/src/eurybox.functions.check index 61bcf47..5372dca 100644 --- a/sw/src/eurybox.functions.check +++ b/sw/src/eurybox.functions.check @@ -19,7 +19,7 @@ eurybox_check_arch () esac if [[ ${ARCH_ENC} = "true" ]] then - ARCH_OUT=`sudo sh -c "openssl enc -${EURYBOX_BACKUP_ARCHIVE[ENC_ALGO]} -d -in ${ARCH_FILE} -k ${EURYBOX_BACKUP_ARCHIVE[PASSWORD]} | tar ${TAR_OPTIONS}" 2>&1` + ARCH_OUT=`sudo sh -c "openssl enc -${EURYBOX_BACKUP_ARCHIVE[ENC_ALGO]} -d -in ${ARCH_FILE} -pass file:${EURYBOX_BACKUP_ARCHIVE[PASSFILE]} | tar ${TAR_OPTIONS}" 2>&1` STATUS=$? else ARCH_OUT=`sudo sh -c "tar ${TAR_OPTIONS} -f ${ARCH_FILE}" 2>&1` @@ -71,7 +71,7 @@ eurybox_check_command() #Conf file needs to be sourced before eurybox_check_configuration () { - local -i SCRIPT_TYPE=$1 + local SCRIPT_TYPE=$1 #Checking script execution parameters if [[ -z $EURYBOX_CORPORATE || -z $EURYBOX_LOG_LEVEL ]] @@ -124,22 +124,30 @@ eurybox_check_configuration () if [[ $SCRIPT_TYPE = "BACKUP" || $SCRIPT_TYPE = "RESTORE" ]] then #Checking backup target parameters - if [[ -z $EURYBOX_BACKUP_TYPE || ${#EURYBOX_BACKUP_DESTINATION[@]} -eq 0 || ${#EURYBOX_BACKUP_ARCHIVE[@]} -eq 0 || ${#EURYBOX_BACKUP_TARGETS[@]} -eq 0 ]] + if [[ -z $EURYBOX_BACKUP_TYPE || ${#EURYBOX_BACKUP_DESTINATION[@]} -eq 0 || ${#EURYBOX_BACKUP_ARCHIVE[@]} -eq 0 ]] then - eurybox_display_message error CHECK "Backup parameters not set: Cold/$EURYBOX_BACKUP_COLD Hot/$EURYBOX_BACKUP_HOT Destination/${EURYBOX_BACKUP_DESTINATION[*]} Archive/${EURYBOX_BACKUP_ARCHIVE[*]} Target/${EURYBOX_BACKUP_TARGETS[*]}" + eurybox_display_message error CHECK "Backup parameters not set:\nType:$EURYBOX_BACKUP_TYPE\nDestination:${EURYBOX_BACKUP_DESTINATION[*]}\nArchive:${EURYBOX_BACKUP_ARCHIVE[*]}\nTargets:${EURYBOX_BACKUP_TARGETS[*]}" else eurybox_display_message message CHECK "Backup parameters:" - eurybox_display_message message CHECK "Cold backup enabled: $EURYBOX_BACKUP_COLD" - eurybox_display_message message CHECK "Hot backup enabled: $EURYBOX_BACKUP_HOT" + eurybox_display_message message CHECK "Backup type: $EURYBOX_BACKUP_TYPE" eurybox_display_message message CHECK "Backup destination: ${EURYBOX_BACKUP_DESTINATION[*]}" - if [[ $EURYBOX_LOG_LEVEL = "debug" ]] - then -#NB: will display the encryption passphrase in the logs if debug mode selected - eurybox_display_message debug CHECK "Archive parameters: ${EURYBOX_BACKUP_ARCHIVE[*]}" - fi + eurybox_display_message message CHECK "Archive parameters: ${EURYBOX_BACKUP_ARCHIVE[*]}" eurybox_display_message message CHECK "Archive targets: ${EURYBOX_BACKUP_TARGETS[*]}" fi fi + if [[ $SCRIPT_TYPE = "UPDATE" ]] + then + #Checking update parameters + if [[ -z $EURYBOX_UPDATE_LOCAL_REPOSITORIES_ACTIVATED || -z $EURYBOX_UPDATE_LOCAL_REPOSITORIES_PATH ]] + then + eurybox_display_message error CHECK "Update parameters not set:\nLocal repositories activated:$EURYBOX_UPDATE_LOCAL_REPOSITORIES_ACTIVATED\nLocal storage path:$EURYBOX_UPDATE_LOCAL_REPOSITORIES_PATH\nTarget repositories:${EURYBOX_UPDATE_LOCAL_REPOSITORIES[*]}" + else + eurybox_display_message message CHECK "Update parameters:" + eurybox_display_message message CHECK "Local repositories enabled: $EURYBOX_UPDATE_LOCAL_REPOSITORIES_ACTIVATED" + eurybox_display_message message CHECK "Local repositories storage path: $EURYBOX_UPDATE_LOCAL_REPOSITORIES_PATH" + eurybox_display_message message CHECK "Target repositories: ${EURYBOX_UPDATE_LOCAL_REPOSITORIES[*]}" + fi + fi ##Make sure pipe individual output exit status are available ##set -o pipefail #Initialize tools options @@ -459,7 +467,7 @@ eurybox_check_environment () case ${EURYBOX_BACKUP_ARCHIVE[ENCRYPT]} in true ) eurybox_check_command openssl - ENC_OUT=`echo "TEST"| openssl enc -salt -e -${EURYBOX_BACKUP_ARCHIVE[ENC_ALGO]} -k ${EURYBOX_BACKUP_ARCHIVE[PASSWORD]} -out /dev/null 2>&1` + ENC_OUT=`sudo sh -c "echo TEST | openssl enc -salt -e -${EURYBOX_BACKUP_ARCHIVE[ENC_ALGO]} -pass file:${EURYBOX_BACKUP_ARCHIVE[PASSFILE]} -out /dev/null" 2>&1` STATUS=$? if [[ !($STATUS -eq 0) ]] then diff --git a/sw/src/eurybox.functions.create b/sw/src/eurybox.functions.create index 5d6c37d..0bdd8b8 100644 --- a/sw/src/eurybox.functions.create +++ b/sw/src/eurybox.functions.create @@ -20,7 +20,7 @@ eurybox_create_archive_desc () then DESCRIPTION+="ENCRYPTION_ALGORITHM:${EURYBOX_BACKUP_ARCHIVE[ENC_ALGO]}\nARCHIVE_CONTENT:\n" #FIXME: function to read archive with variable archive format required here - DESCRIPTION+=`sudo sh -c "openssl enc -${EURYBOX_BACKUP_ARCHIVE[ENC_ALGO]} -d -in ${EURYBOX_BACKUP_DESTINATION[MOUNT]}/${EURYBOX_BACKUP_ARCHIVE[NAME]}.${EURYBOX_BACKUP_ARCHIVE[FORMAT]} -k ${EURYBOX_BACKUP_ARCHIVE[PASSWORD]} | tar ${TAR_OPTIONS}" 2>&1` + DESCRIPTION+=`sudo sh -c "openssl enc -${EURYBOX_BACKUP_ARCHIVE[ENC_ALGO]} -d -in ${EURYBOX_BACKUP_DESTINATION[MOUNT]}/${EURYBOX_BACKUP_ARCHIVE[NAME]}.${EURYBOX_BACKUP_ARCHIVE[FORMAT]} -pass file:${EURYBOX_BACKUP_ARCHIVE[PASSFILE]} | tar ${TAR_OPTIONS}" 2>&1` STATUS=$? else DESCRIPTION+="ARCHIVE_CONTENT:\n" @@ -75,7 +75,7 @@ eurybox_create_archive_tar () then TAR_OUT=$(( ( - sudo sh -c "tar ${TAR_OPTIONS} ${EURYBOX_BACKUP_TARGETS[*]} | openssl enc -salt -e -${EURYBOX_BACKUP_ARCHIVE[ENC_ALGO]} -k ${EURYBOX_BACKUP_ARCHIVE[PASSWORD]} -out ${EURYBOX_BACKUP_DESTINATION[MOUNT]}/${EURYBOX_BACKUP_ARCHIVE[NAME]}.${EURYBOX_BACKUP_ARCHIVE[FORMAT]}" + sudo sh -c "tar ${TAR_OPTIONS} ${EURYBOX_BACKUP_TARGETS[*]} | openssl enc -salt -e -${EURYBOX_BACKUP_ARCHIVE[ENC_ALGO]} -pass file:${EURYBOX_BACKUP_ARCHIVE[PASSFILE]} -out ${EURYBOX_BACKUP_DESTINATION[MOUNT]}/${EURYBOX_BACKUP_ARCHIVE[NAME]}.${EURYBOX_BACKUP_ARCHIVE[FORMAT]}" # STATUS=$(( ${PIPESTATUS[0]} + ${PIPESTATUS[1]} )) )) 2>&1) STATUS=$? diff --git a/sw/src/eurybox.functions.restore b/sw/src/eurybox.functions.restore index 9830616..e717809 100644 --- a/sw/src/eurybox.functions.restore +++ b/sw/src/eurybox.functions.restore @@ -87,7 +87,7 @@ eurybox_restore_file () STATUS=1234 if [[ $ARCH_ENC = "true" ]] then - RESTORE_OUT=`sudo sh -c "openssl enc -${EURYBOX_BACKUP_ARCHIVE[ENC_ALGO]} -d -in $ARCH_FILE -k ${EURYBOX_BACKUP_ARCHIVE[PASSWORD]} | tar ${TAR_OPTIONS} $SELECT_FILE" 2>&1` + RESTORE_OUT=`sudo sh -c "openssl enc -${EURYBOX_BACKUP_ARCHIVE[ENC_ALGO]} -d -in $ARCH_FILE -pass file:${EURYBOX_BACKUP_ARCHIVE[PASSFILE]} | tar ${TAR_OPTIONS} $SELECT_FILE" 2>&1` STATUS=$? else RESTORE_OUT=`sudo sh -c "tar ${TAR_OPTIONS} -f $ARCH_FILE $SELECT_FILE" 2>&1`