-
Notifications
You must be signed in to change notification settings - Fork 0
/
lock-credentials.sh
executable file
·118 lines (64 loc) · 3.02 KB
/
lock-credentials.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
#!/bin/sh
usage="Usage: $(basename $0): locks (encrypts) the credential file whose path is read from the user environment. See also: unlock-credentials.sh."
# See also the open-credentials.sh integrated script.
#
# The present script is mostly useful whenever the previous one fails for any
# reason (e.g. a text editor messing with the open/close detection of that
# credential file).
if [ ! $# -eq 0 ]; then
echo " Error, no parameter shall be specified.
${usage}" 1>&2
exit 2
fi
crypt_tool_name="gpg"
crypt_tool="$(which ${crypt_tool_name} 2>/dev/null)"
if [ ! -x "${crypt_tool}" ]; then
echo " Error, no encryption tool found (no '${crypt_tool_name}')." 1>&2
exit 10
fi
# 'gpg --version' returns the available cipher algorithms.
shred_tool_name="shred"
shred_tool="$(which ${shred_tool_name} 2>/dev/null)"
if [ ! -x "${shred_tool}" ]; then
echo " Error, no shredding tool found (no '${shred_tool_name}')." 1>&2
exit 11
fi
env_file="$HOME/.ceylan-settings.etf"
if [ ! -f "${env_file}" ]; then
echo " Error, no environment file ('${env_file}') found." 1>&2
exit 5
fi
main_credentials_path="$(/bin/cat ${env_file} | grep main_credentials_path | sed 's|.*, "||1' | sed 's|" }.$||1')"
if [ -z "${main_credentials_path}" ]; then
echo " Error, no main_credentials_path variable defined in environment file (${env_file}) found." 1>&2
exit 6
fi
unlocked_file="${main_credentials_path}.dat"
locked_file="${main_credentials_path}"
if [ ! -f "${unlocked_file}" ]; then
if [ -f "${locked_file}" ]; then
echo " Error, the credentials file (as defined in the main_credentials_path variable of the environment file '${env_file}') is already locked (its locked version, '${locked_file}', already exists, whereas its unlocked version, '${unlocked_file}', does not exist)." 1>&2
exit 20
fi
echo " Error, no credentials file (as defined in the main_credentials_path variable of the environment file '${env_file}') can be found (neither in a locked version, i.e. as '${locked_file}', nor in an unlocked version, i.e. as '${unlocked_file}')." 1>&2
exit 21
fi
# So here the unlocked file exists.
if [ -f "${locked_file}" ]; then
echo " Error, the credentials file (as defined in the main_credentials_path variable of the environment file '${env_file}') exists both in its locked version ('${locked_file}') and in its unlocked version ('${unlocked_file}'), this is abnormal." 1>&2
exit 22
fi
# And here the locked file does not exist yet.
#echo "Locking credentials: from ${unlocked_file} to ${locked_file}."
if ${crypt_tool} -c --cipher-algo=AES256 --output "${locked_file}" "${unlocked_file}" 1>/dev/null; then
echo "(credentials locked in ${locked_file})"
if ! ${shred_tool} --force --remove --zero "${unlocked_file}"; then
echo "Error, shredding of '${unlocked_file}' failed, removing it." 1>&2
/bin/rm -f "${unlocked_file}"
exit 10
fi
else
echo " Error, locking failed, stopping, unlocked file '${unlocked_file}' left as it is." 1>&2
exit 11
fi
#echo "Use unlock-credentials.sh to perform the reverse operation."