From ba3ab9c0bdf6c069d1da927f7a0eab82bf02c918 Mon Sep 17 00:00:00 2001 From: olpc user Date: Wed, 8 Jan 2020 20:18:46 -0800 Subject: password is cat --- git-maintenance/dog.sh | 72 ++++++++++++++++++++++++++++++++++++++++++++++++ git-maintenance/get.sh | 63 ------------------------------------------ git-maintenance/store.sh | 19 +++++++------ 3 files changed, 82 insertions(+), 72 deletions(-) create mode 100755 git-maintenance/dog.sh delete mode 100755 git-maintenance/get.sh diff --git a/git-maintenance/dog.sh b/git-maintenance/dog.sh new file mode 100755 index 0000000..757fcc4 --- /dev/null +++ b/git-maintenance/dog.sh @@ -0,0 +1,72 @@ +#!/usr/bin/env bash + +#PASS="file:$(ls "/run/media/"*/*"/key.fsojp.aes256" | head -n 1)" +echo +echo == Enter password. == +echo +PASS="pass:$(echo 53616c7465645f5f6eb8e165b79052263e125e4070138e26b3d127bb36e3e943f212d2d761a4426170cc2c17c58bc5d67c99eddb1df6ee1c02d7b33dd95ecdf0 | xxd -ps -r | openssl aes-256-cbc -salt -pbkdf2 -d)" +PUBKEY=1KwpZECcrGWnM3AFVSbv3Xr5qguV4yG2sV +NONCE="$(date +%s)" + +if ! curl -sfI "https://bico.media/">/dev/null; then echo; echo "== Remember to get on internet. =="; echo; exit 2; fi + +#if [ "$PASS" = "pass:" ]; then echo "Need better password."; exit 1; fi + + +URLPFX="https://bico.media/$PUBKEY" +if [ "$1" != "" ] +then + REPONAME="$1" +fi +if [ "$REPONAME" = "" ] +then + REPONAME="$(git rev-parse --show-toplevel 2>/dev/null)" +fi +if [ "$REPONAME" = "" ] +then + REPONAME=dog +fi + +echo "" +echo "This script is expected to be kept in sync with:" +echo " ${URLPFX}/dog.sh" +echo "" + +# 2. mkdir -p .git/encrypted and git init +mkdir -p "$REPONAME" +cd "$REPONAME" +if ! [ -d ".git" ]; then git init; fi + +git config gc.auto 0 + +pushd .git +# prevent recreation of existing data +mkdir -p encrypted +mkdir -p bak +cp -va HEAD refs objects/pack bak +rm objects/pack/* + +# 3. download .git/encrypted with wget +curl -sfI "$URLPFX"/refs.aes?"$NONCE">/dev/null && wget "$URLPFX"/refs.aes?"$NONCE" -O encrypted/refs.aes || echo "==== BROKEN REMOTE refs.aes PLEASE RE-STORE OR RECOVER ====" +openssl aes-256-cbc -salt -pbkdf2 -pass "$PASS" -d -in encrypted/refs.aes | tar -Jxvf - + +for encpack in $(/dev/null && wget "$URLPFX"/refs.aes?"$NONCE" -O encrypted/refs.aes || echo "==== BROKEN REMOTE refs.aes PLEASE RE-STORE OR RECOVER ====" -openssl aes-256-cbc -salt -pbkdf2 -pass "file:$PASS" -d -in encrypted/refs.aes | tar -Jxvf - - -for encpack in $(/dev/null; then echo "Remember to get on internet."; exit 2; fi - -# problem: IVs are producing files that do not have the same content each time, -# and a reupload of everything is made each store. +if ! curl -sfI "$URLPFX"/refs.aes>/dev/null; then echo; echo "== Remember to get on internet. =="; echo; exit 2; fi #export GZIP=-9n TAR="tar -J --owner=0 --group=0 --numeric-owner --mode=go=rX,u+rw,a-s" encrypt() { - openssl aes-256-cbc -salt -pbkdf2 -pass "file:$PASS" -e + openssl aes-256-cbc -salt -pbkdf2 -pass "$PASS" -e } decrypt() { - openssl aes-256-cbc -salt -pbkdf2 -pass "file:$PASS" -d + openssl aes-256-cbc -salt -pbkdf2 -pass "$PASS" -d } if ! [ -e "$PASS" ]; then echo "Remember to plug in USB key."; exit 1; fi @@ -82,8 +83,8 @@ rm "$tmpfile" mv "$tmpfile".list encrypted/list.txt $TAR -cv encrypted/list.txt refs HEAD packed-refs | encrypt > encrypted/refs.aes rm encrypted/list.txt -cp -va "$MAINTDIR"/get.sh encrypted -if [ "$(curl -s "$URLPFX"/get.sh | sha256sum)" = "$(cat encrypted/get.sh | sha256sum)" ]; then rm encrypted/get.sh; fi +cp -va "$MAINTDIR"/dog.sh encrypted +if [ "$(curl -s "$URLPFX"/dog.sh | sha256sum)" = "$(cat encrypted/dog.sh | sha256sum)" ]; then rm encrypted/dog.sh; fi -- cgit v1.2.3