X-Git-Url: https://git.stderr.nl/gitweb?a=blobdiff_plain;f=handlers%2Fdup.helper;h=f2413344f00fbb733a66808a00a377167730c330;hb=a99d05982d166c4bc455ef56773e93b8a558801f;hp=13371f4668ba5a82dc5387702c687b22b47a0840;hpb=608d395aa21fcb5b86d28bd3414a18badcfaf3bc;p=matthijs%2Fupstream%2Fbackupninja.git diff --git a/handlers/dup.helper b/handlers/dup.helper index 13371f4..f241334 100644 --- a/handlers/dup.helper +++ b/handlers/dup.helper @@ -1,3 +1,5 @@ +# -*- mode: sh; sh-basic-offset: 3; indent-tabs-mode: nil; -*- + HELPERS="$HELPERS dup:incremental_encrypted_remote_filesystem_backup" ### Functions @@ -31,7 +33,7 @@ do_dup_vserver() { # choose the files to backup REPLY= while [ -z "$REPLY" ]; do - formBegin "$dup_title - vservers: includes" + formBegin "$dup_title - vservers: vsincludes (backup these directories from every selected vserver)" [ -z "$dup_vsincludes" ] && dup_vsincludes="$dup_default_includes" for i in $dup_vsincludes; do formItem include "$i" @@ -99,7 +101,7 @@ do_dup_dest() { set -o noglob REPLY= while [ -z "$REPLY" -o -z "$dup_destdir" -o -z "$dup_desthost" -o -z "$dup_destuser" ]; do - formBegin "$dup_title - destination: last three items are compulsory" + formBegin "$dup_title - destination: first three items are compulsory" formItem "desthost" "$dup_desthost" formItem "destuser" "$dup_destuser" formItem "destdir" "$dup_destdir" @@ -131,35 +133,88 @@ do_dup_dest() { setDefault gpg } -do_dup_gpg() { - - set -o noglob - - # encryptkey ? +do_dup_gpg_encryptkey() { REPLY= while [ -z "$REPLY" -o -z "$dup_gpg_encryptkey" ]; do - inputBox "$dup_title - GnuPG" "Enter the GnuPG key ID to be used to encrypt the backups:" "$dup_gpg_encryptkey" + inputBox "$dup_title - GnuPG" "Enter ID of the public GnuPG key to be used to encrypt the backups:" "$dup_gpg_encryptkey" [ $? = 0 ] || return 1 dup_gpg_encryptkey="$REPLY" done +} - # passphrase ? +do_dup_gpg_sign() { + # sign ? + booleanBox "$dup_title - GnuPG" "Sign the backups?" "$dup_gpg_sign" + if [ $? = 0 ]; then + dup_gpg_sign=yes + else + dup_gpg_sign=no + fi +} + +do_dup_gpg_signkey() { + # one key pair ? + booleanBox "$dup_title - GnuPG" "Use the same GnuPG key pair for encryption and signing?" "$dup_gpg_onekeypair" + if [ $? = 0 ]; then + dup_gpg_onekeypair=yes + else + dup_gpg_onekeypair=no + fi + + if [ "$dup_gpg_onekeypair" == "no" }; then + # signkey ? + REPLY= + while [ -z "$REPLY" -o -z "$dup_gpg_signkey" ]; do + inputBox "$dup_title - GnuPG" "Enter the ID of the private GnuPG key to be used to sign the backups:" "$dup_gpg_signkey" + [ $? = 0 ] || return 1 + dup_gpg_signkey="$REPLY" + done + fi +} + +do_dup_gpg_passphrase() { + local question="Enter the passphrase needed to $@:" REPLY= while [ -z "$REPLY" -o -z "$dup_gpg_password" ]; do - passwordBox "$dup_title - GnuPG" "Enter the passphrase needed to unlock the key 0x$dup_gpg_encryptkey" + passwordBox "$dup_title - GnuPG" "$question" [ $? = 0 ] || return 1 dup_gpg_password="$REPLY" done +} - # sign ? - booleanBox "$dup_title - GnuPG" "Sign the backups?" "$dup_gpg_sign" +do_dup_gpg() { + + # symmetric or public key encryption ? + booleanBox "$dup_title - GnuPG" "Use public key encryption? Else, symmetric encryption will be used, and data signing will be impossible." "$dup_gpg_asymmetric_encryption" if [ $? = 0 ]; then - dup_gpg_sign=yes + dup_gpg_asymmetric_encryption=yes else - dup_gpg_sign=no + dup_gpg_asymmetric_encryption=no + fi + + # when using public/private key pair encryption, ask for the keys to use + if [ "$dup_gpg_asymmetric_encryption" == yes ]; then + do_dup_gpg_encryptkey ; [ $? = 0 ] || return 1 + do_dup_gpg_sign ; [ $? = 0 ] || return 1 + if [ "$dup_gpg_sign" == yes ]; then + do_dup_gpg_signkey ; [ $? = 0 ] || return 1 + fi + fi + + # a passphrase is only needed when signing, or when symmetric encryption is used + if [ "$dup_gpg_asymmetric_encryption" == "no" ]; then + do_dup_gpg_passphrase "encrypt the backups" + [ $? = 0 ] || return 1 + elif [ "$dup_gpg_sign" == "yes" ]; then + if [ -z "$dup_gpg_signkey" ]; then + do_dup_gpg_passphrase "unlock the GnuPG 0x$dup_gpg_signkey key used to sign the backups" + [ $? = 0 ] || return 1 + else + do_dup_gpg_passphrase "unlock the GnuPG 0x$dup_gpg_encryptkey key used to sign the backups" + [ $? = 0 ] || return 1 + fi fi - set +o noglob _gpg_done="(DONE)" setDefault adv # TODO: replace the above line by the following when do_dup_conn is written @@ -222,21 +277,42 @@ testconnect = $dup_testconnect ###################################################### ## gpg section ## (how to encrypt and optionnally sign the backups) +## +## WARNING: old (pre-0.9.2) example.dup used to give wrong information about +## the way the following options are used. Please read ahead +## carefully. +## +## If the encryptkey variable is set: +## - data is encrypted with the GnuPG public key specified by the encryptkey +## variable +## - if signing is enabled, the password variable is used to unlock the GnuPG +## private key used for signing; else, you do not need to set the password +## variable +## If the encryptkey option is not set: +## - data signing is not possible +## - the password variable is used to encrypt the data with symmetric +## encryption: no GnuPG key pair is needed [gpg] -# passphrase needed to unlock the GnuPG key -# NB: do not quote it, and it should not contain any quote -password = $dup_gpg_password - +# when set to yes, encryptkey variable must be set bellow; if you want to use +# two different keys for encryption and signing, you must also set the signkey +# variable bellow. # default is no, for backward compatibility with backupninja <= 0.5. -# when set to yes, encryptkey option must be set below. sign = $dup_gpg_sign -# key ID used for data encryption and, optionnally, signing. -# if not set, local root's default gpg key is used. +# ID of the GnuPG public key used for data encryption. +# if not set, symmetric encryption is used, and data signing is not possible. encryptkey = $dup_gpg_encryptkey +# ID of the GnuPG private key used for data signing. +# if not set, encryptkey will be used. +signkey = $dup_gpg_signkey + +# password +# NB: do not quote it, and it should not contain any quote +password = $dup_gpg_password + ###################################################### ## source section ## (where the files to be backed up are coming from) @@ -275,19 +351,22 @@ EOF # be used: # vsnames = all | ... (default = all) # vsinclude = +# vsinclude = +# ... # Any path specified in vsinclude is added to the include list for each vserver # listed in vsnames (or all if vsnames = all). -# E.g. vsinclude = /home will backup the /home partition in every vserver -# listed in vsnames. If you have vsnames = "foo bar baz", this vsinclude will -# add to the include list /vservers/foo/home, /vservers/bar/home and -# /vservers/baz/home. +# +# For example, vsinclude = /home will backup the /home directory in every +# vserver listed in vsnames. If you have 'vsnames = foo bar baz', this +# vsinclude will add to the include list /vservers/foo/home, /vservers/bar/home +# and /vservers/baz/home. # Vservers paths are derived from $VROOTDIR. EOF if [ "$host_or_vservers" == vservers -o "$host_or_vservers" == both ]; then set -o noglob - echo -e "vsnames = \"$selected_vservers\"\n" >> $next_filename + echo -e "vsnames = $selected_vservers\n" >> $next_filename for i in $dup_vsincludes; do echo "vsinclude = $i" >> $next_filename done @@ -415,8 +494,11 @@ dup_wizard() { dup_destdir="/backups/`hostname`" dup_desthost= dup_destuser= - dup_gpg_sign="yes" + dup_gpg_asymmetric_encryption="yes" dup_gpg_encryptkey="" + dup_gpg_sign="yes" + dup_gpg_onekeypair="yes" + dup_gpg_signkey="" dup_gpg_password="" dup_nicelevel=19 dup_testconnect=yes