encmaildir.sh

#!/bin/bash
#
# GPLv2
# GPG Encrypt a Maildir using gpgit.pl, removing any S= or W= virtual flags.
# Aug 4, 2012
#
# Change log:
#     Oct 10, 2015 (Michael F. Herbst)
#               - Remove obsolete -p from mktemp
#               - Change output.
#
#     Aug 4, 2012 (Etienne Perot)
#               - Remove third argument
#               - Changed default encryption mode to PGP/MIME (gpgit default)
#               - No need to specify path to gpgit.pl (assumes it is next to this script)
#               - No full paths to binaries
#               - Harmonize indentation
#               - Rename variables to better names
#               - Don't use a temporary file to keep track of program state
#               - Remove security vulnerability during which the (encrypted) message could be read by anyone able to read /tmp for a short while
#     Sep 03, 2011
#               - Temporary file is based on file_owner to avoid issues with permission differences.
#               - Temporary file is removed after run.
#               - Optional arguments passed to 'find'.
#               - Full paths to binaries.
#               - Removed unneccessary need of 'cat', 'grep', etc.
#     Sep 04, 2011
#               - Don't remove Dovecot index/uid unless messages have been GPG encrypted.
#               - Adjust file tests to not just use -e
#               - Quote all file operations
#     Sep 05, 2011
#               - Don't arbitrarily copy files, only overwrite the file in ~/Maildir if it differs after calling gpgencmail.pl
#               - Only rebuild the index if we have modified ~/Maildir

# Original source : http://www.dslreports.com/forum/remark,26270484 (retrieved throug google's cache)
# Slightly modified by olivier.berger@it-sudparis.eu (https://github.com/olberger/gpgit/commit/2c32d4ec201e8a3f17a9f4eff83d2514f93433e3)
# Modified by Etienne Perot

gpgit="$(dirname "$0")/gpgit"

if [[ -z "$1" || -z "$2" ]]; then
	echo "Usage is ./encmaildir.sh /path/to/Maildir certificate_user@domain.com [optional arguments passed to 'find' for messages such as '-mtime 0']"
	exit 0
fi

if [ ! -d "$1" ]; then
	echo "The directory of '$1' does not exist!"
	exit 0
fi

# Does this key exist?
gpg --list-keys "$2" > /dev/null 2>&1
if [ $? -gt 0 ]; then
	echo "A GPG key for '$2' could not be found!"
	exit 0
fi

rebuild_index=0

# Cleanup leftover temporary files, if any.
find "$1" -type f -name '*.tmp_you_can_delete_me.*' -delete

# Find all files in the Maildir specified.
echo "Calling \`find \"$1\" -type f -regex '.*/\(cur\|new\)/.*' $3\`"
while IFS= read -d $'\0' -r mail; do
	# Echo what we do
	echo
	echo "Processing '$mail'"

	# Create file unreadable except by ourselves
	if ! tempmsg="$(mktemp "$mail.tmp_you_can_delete_me.XXXXXXXXXXX")"; then
		echo "    Error:     Creating temporary file failed. Skipping ..." >&2
		continue
	fi
	chmod 600 "$tempmsg" # mktemp should have created the file as 600 already

	# This is where the magic happens
	echo "    --gpgit--> '$tempmsg'"
	if ! "$gpgit" "$2" < "$mail" >> "$tempmsg"; then
		echo "    Error:     Gpgit failed. Skipping ..." >&2
		rm "$tempmsg"
		continue
	fi

	# Check to see if there are differences between the existing Maildir file and what was created by gpit.pl
	diff -qa "$mail" "$tempmsg" > /dev/null 2>&1;
	if [ "$?" -gt 0 ]; then
		# Preserve timestamps, set ownership.
		chmod "$tempmsg" --reference="$mail"
		touch "$tempmsg" --reference="$mail"
		chown "$tempmsg" --reference="$mail"

		# Remove the original Maildir message
		rm "$mail"

		# Strip message sizes, retain experimental flags and status flags, and copy the file over.
		strip_size=$(echo "$mail" | sed -e 's/W=[[:digit:]]*//' -e 's/S=[[:digit:]]*//' -e 's/,,//' -e 's/,:2/:2/')
		cp -av "$tempmsg" "$strip_size" | sed "s/^/    cp -v:     /"

		# Indexes must be rebuilt, we've modified Maildir.
		rebuild_index=1
	else
		echo "    nodiff:     Not copying, no differences between original '$mail' and encrypted '$tempmsg'."
	fi

	# Remove the temporary file
	rm "$tempmsg"
done < <(find "$1" -type f -regex '.*/\(cur\|new\)/.*' $3 -print0)
echo

# Remove Dovecot index and uids for regeneration.
if [ "$rebuild_index" -eq 1 ]; then
	echo "Removing Dovecot indexes and uids"
	find "$1" -type f -regex '.*\(dovecot-\|dovecot\.\|\.uidvalidity\).*' -delete
else
	echo "No messages found needing GPG encryption, not removing Dovecot indexes and UIDs."
fi
	#!/bin/bash
	#
	# GPLv2
	# GPG Encrypt a Maildir using gpgit.pl, removing any S= or W= virtual flags.
	# Aug 4, 2012
	#
	# Change log:
	# Oct 10, 2015 (Michael F. Herbst)
	# - Remove obsolete -p from mktemp
	# - Change output.
	#
	# Aug 4, 2012 (Etienne Perot)
	# - Remove third argument
	# - Changed default encryption mode to PGP/MIME (gpgit default)
	# - No need to specify path to gpgit.pl (assumes it is next to this script)
	# - No full paths to binaries
	# - Harmonize indentation
	# - Rename variables to better names
	# - Don't use a temporary file to keep track of program state
	# - Remove security vulnerability during which the (encrypted) message could be read by anyone able to read /tmp for a short while
	# Sep 03, 2011
	# - Temporary file is based on file_owner to avoid issues with permission differences.
	# - Temporary file is removed after run.
	# - Optional arguments passed to 'find'.
	# - Full paths to binaries.
	# - Removed unneccessary need of 'cat', 'grep', etc.
	# Sep 04, 2011
	# - Don't remove Dovecot index/uid unless messages have been GPG encrypted.
	# - Adjust file tests to not just use -e
	# - Quote all file operations
	# Sep 05, 2011
	# - Don't arbitrarily copy files, only overwrite the file in ~/Maildir if it differs after calling gpgencmail.pl
	# - Only rebuild the index if we have modified ~/Maildir

	# Original source : http://www.dslreports.com/forum/remark,26270484 (retrieved throug google's cache)
	# Slightly modified by olivier.berger@it-sudparis.eu (https://github.com/olberger/gpgit/commit/2c32d4ec201e8a3f17a9f4eff83d2514f93433e3)
	# Modified by Etienne Perot

	gpgit="$(dirname "$0")/gpgit"

	if [[ -z "$1" \|\| -z "$2" ]]; then
	echo "Usage is ./encmaildir.sh /path/to/Maildir certificate_user@domain.com [optional arguments passed to 'find' for messages such as '-mtime 0']"
	exit 0
	fi

	if [ ! -d "$1" ]; then
	echo "The directory of '$1' does not exist!"
	exit 0
	fi

	# Does this key exist?
	gpg --list-keys "$2" > /dev/null 2>&1
	if [ $? -gt 0 ]; then
	echo "A GPG key for '$2' could not be found!"
	exit 0
	fi

	rebuild_index=0

	# Cleanup leftover temporary files, if any.
	find "$1" -type f -name '.tmp_you_can_delete_me.' -delete

	# Find all files in the Maildir specified.
	echo "Calling \`find \"$1\" -type f -regex './\(cur\\|new\)/.' $3\`"
	while IFS= read -d $'\0' -r mail; do
	# Echo what we do
	echo
	echo "Processing '$mail'"

	# Create file unreadable except by ourselves
	if ! tempmsg="$(mktemp "$mail.tmp_you_can_delete_me.XXXXXXXXXXX")"; then
	echo " Error: Creating temporary file failed. Skipping ..." >&2
	continue
	fi
	chmod 600 "$tempmsg" # mktemp should have created the file as 600 already

	# This is where the magic happens
	echo " --gpgit--> '$tempmsg'"
	if ! "$gpgit" "$2" < "$mail" >> "$tempmsg"; then
	echo " Error: Gpgit failed. Skipping ..." >&2
	rm "$tempmsg"
	continue
	fi

	# Check to see if there are differences between the existing Maildir file and what was created by gpit.pl
	diff -qa "$mail" "$tempmsg" > /dev/null 2>&1;
	if [ "$?" -gt 0 ]; then
	# Preserve timestamps, set ownership.
	chmod "$tempmsg" --reference="$mail"
	touch "$tempmsg" --reference="$mail"
	chown "$tempmsg" --reference="$mail"

	# Remove the original Maildir message
	rm "$mail"

	# Strip message sizes, retain experimental flags and status flags, and copy the file over.
	strip_size=$(echo "$mail" \| sed -e 's/W=[[:digit:]]//' -e 's/S=[[:digit:]]//' -e 's/,,//' -e 's/,:2/:2/')
	cp -av "$tempmsg" "$strip_size" \| sed "s/^/ cp -v: /"

	# Indexes must be rebuilt, we've modified Maildir.
	rebuild_index=1
	else
	echo " nodiff: Not copying, no differences between original '$mail' and encrypted '$tempmsg'."
	fi

	# Remove the temporary file
	rm "$tempmsg"
	done < <(find "$1" -type f -regex './\(cur\\|new\)/.' $3 -print0)
	echo

	# Remove Dovecot index and uids for regeneration.
	if [ "$rebuild_index" -eq 1 ]; then
	echo "Removing Dovecot indexes and uids"
	find "$1" -type f -regex '.\(dovecot-\\|dovecot\.\\|\.uidvalidity\).' -delete
	else
	echo "No messages found needing GPG encryption, not removing Dovecot indexes and UIDs."
	fi