Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
executable file 118 lines (101 sloc) 4.31 KB
#!/bin/bash
#
# GPLv2
# GPG Encrypt a Maildir using gpgit.pl, removing any S= or W= virtual flags.
# Aug 4, 2012
#
# Change log:
# Oct 10, 2015 (Michael F. Herbst)
# - Remove obsolete -p from mktemp
# - Change output.
#
# Aug 4, 2012 (Etienne Perot)
# - Remove third argument
# - Changed default encryption mode to PGP/MIME (gpgit default)
# - No need to specify path to gpgit.pl (assumes it is next to this script)
# - No full paths to binaries
# - Harmonize indentation
# - Rename variables to better names
# - Don't use a temporary file to keep track of program state
# - Remove security vulnerability during which the (encrypted) message could be read by anyone able to read /tmp for a short while
# Sep 03, 2011
# - Temporary file is based on file_owner to avoid issues with permission differences.
# - Temporary file is removed after run.
# - Optional arguments passed to 'find'.
# - Full paths to binaries.
# - Removed unneccessary need of 'cat', 'grep', etc.
# Sep 04, 2011
# - Don't remove Dovecot index/uid unless messages have been GPG encrypted.
# - Adjust file tests to not just use -e
# - Quote all file operations
# Sep 05, 2011
# - Don't arbitrarily copy files, only overwrite the file in ~/Maildir if it differs after calling gpgencmail.pl
# - Only rebuild the index if we have modified ~/Maildir
# Original source : http://www.dslreports.com/forum/remark,26270484 (retrieved throug google's cache)
# Slightly modified by olivier.berger@it-sudparis.eu (https://github.com/olberger/gpgit/commit/2c32d4ec201e8a3f17a9f4eff83d2514f93433e3)
# Modified by Etienne Perot
gpgit="$(dirname "$0")/gpgit"
if [[ -z "$1" || -z "$2" ]]; then
echo "Usage is ./encmaildir.sh /path/to/Maildir certificate_user@domain.com [optional arguments passed to 'find' for messages such as '-mtime 0']"
exit 0
fi
if [ ! -d "$1" ]; then
echo "The directory of '$1' does not exist!"
exit 0
fi
# Does this key exist?
gpg --list-keys "$2" > /dev/null 2>&1
if [ $? -gt 0 ]; then
echo "A GPG key for '$2' could not be found!"
exit 0
fi
rebuild_index=0
# Cleanup leftover temporary files, if any.
find "$1" -type f -name '*.tmp_you_can_delete_me.*' -delete
# Find all files in the Maildir specified.
echo "Calling \`find \"$1\" -type f -regex '.*/\(cur\|new\)/.*' $3\`"
while IFS= read -d $'\0' -r mail; do
# Echo what we do
echo
echo "Processing '$mail'"
# Create file unreadable except by ourselves
if ! tempmsg="$(mktemp "$mail.tmp_you_can_delete_me.XXXXXXXXXXX")"; then
echo " Error: Creating temporary file failed. Skipping ..." >&2
continue
fi
chmod 600 "$tempmsg" # mktemp should have created the file as 600 already
# This is where the magic happens
echo " --gpgit--> '$tempmsg'"
if ! "$gpgit" "$2" < "$mail" >> "$tempmsg"; then
echo " Error: Gpgit failed. Skipping ..." >&2
rm "$tempmsg"
continue
fi
# Check to see if there are differences between the existing Maildir file and what was created by gpit.pl
diff -qa "$mail" "$tempmsg" > /dev/null 2>&1;
if [ "$?" -gt 0 ]; then
# Preserve timestamps, set ownership.
chmod "$tempmsg" --reference="$mail"
touch "$tempmsg" --reference="$mail"
chown "$tempmsg" --reference="$mail"
# Remove the original Maildir message
rm "$mail"
# Strip message sizes, retain experimental flags and status flags, and copy the file over.
strip_size=$(echo "$mail" | sed -e 's/W=[[:digit:]]*//' -e 's/S=[[:digit:]]*//' -e 's/,,//' -e 's/,:2/:2/')
cp -av "$tempmsg" "$strip_size" | sed "s/^/ cp -v: /"
# Indexes must be rebuilt, we've modified Maildir.
rebuild_index=1
else
echo " nodiff: Not copying, no differences between original '$mail' and encrypted '$tempmsg'."
fi
# Remove the temporary file
rm "$tempmsg"
done < <(find "$1" -type f -regex '.*/\(cur\|new\)/.*' $3 -print0)
echo
# Remove Dovecot index and uids for regeneration.
if [ "$rebuild_index" -eq 1 ]; then
echo "Removing Dovecot indexes and uids"
find "$1" -type f -regex '.*\(dovecot-\|dovecot\.\|\.uidvalidity\).*' -delete
else
echo "No messages found needing GPG encryption, not removing Dovecot indexes and UIDs."
fi