-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdecrypt-private-data.sh
executable file
·87 lines (72 loc) · 2.54 KB
/
decrypt-private-data.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
#!/bin/sh
set -e
[ -z "$REPOHUB" ] && REPOHUB="$(printf "$(dirname $0)/../" | xargs realpath)" && export REPOHUB && . "$REPOHUB"/util.sh
_help() {
printf "Usage:\n"
printf " -h --help Displays this message\n"
printf " -y --noconfim Skips confirmations\n"
printf " -q --quiet Dont print out gpg output\n"
printf " -p --password PASSWORD Password to auto decrypt\n"
printf " --gui Preffer gui decryption method\n"
exit 1
}
handle_args '-y|--noconfirm=export YOLO=1,-p|--password:=export _passwd=$2,-q|--quiet=export QUIET=1' "$@"
OUTPUT='/dev/stdout'
[ "$QUIET" = '1' ] && OUTPUT='/dev/null'
# Prepare gnupg
GNUPG_DIR=~/.local/share/gnupg
mkdir -p "$GNUPG_DIR"
find "$GNUPG_DIR" -type f -exec chmod 600 {} \; # Set 600 for files
find "$GNUPG_DIR" -type d -exec chmod 700 {} \; # Set 700 for directories
PRIVATE_ARCHIVE="$REPOHUB"/dotfiles/user/private.tar.gz.gpg
PRIVATE_DIR="$REPOHUB"/dotfiles/user/private
cd "$REPOHUB"/dotfiles/user
# Check archive integrity
sha512sum --check "$PRIVATE_ARCHIVE".sha512 > $OUTPUT 2>&1
if [ "$?" -eq 1 ]; then
err "Encrypted archive is corrupted!"
exit 1
fi
info "Private archive is valid"
info_garr "Decrypting private dotfiles..."
# Decrypt
i=0
while [ "$i" != '5' ]; do
# shellcheck disable=SC2154
if [ "$_passwd" != '' ]; then
info_barr 'Trying auto decryption...'
( echo "$_passwd"; ) | gpg --batch --yes --passphrase-fd 0 --no-symkey-cache \
--output "$REPOHUB"/tmp/private.tar.gz --decrypt \
--pinentry-mode=loopback "$PRIVATE_ARCHIVE" > "$OUTPUT" 2>&1 && break
err "Auto decryption failed."
unset _passwd
fi
mode='--pinentry-mode=loopback'
msg=':'
# shellcheck disable=SC2154
if [ "$_gui" = '1' ]; then
mode=''
msg=' into the gui'
fi
info_barr "Enter the password$msg"
gpg --output "$REPOHUB"/tmp/private.tar.gz "$mode" --decrypt "$PRIVATE_ARCHIVE" > "$OUTPUT" 2>&1 && break
err "Invalid password"
_retry=0
confirm 'Y barr ignore' 'Do you want to retry?' 'export _retry=1' ''
[ "$_retry" = '0' ] && exit 0
i=$((i+1))
done
if [ "$i" = '5' ]; then
err "Reached 5 failed atempts."
exit 1
fi
# Backup previous private dir if it exists
if [ -d "$PRIVATE_DIR" ]; then
[ -d "$PRIVATE_DIR".old ] && rm -rf "$PRIVATE_DIR".old
mv "$PRIVATE_DIR" "$PRIVATE_DIR".old
fi
cd "$REPOHUB"/dotfiles/user
tar -xf "$REPOHUB"/tmp/private.tar.gz
rm -f "$REPOHUB"/tmp/private.tar.gz
info "Done"
sh "$PRIVATE_DIR"/install.sh