Syncencrypt linux construction

From GnuCash
Revision as of 14:23, 11 August 2011 by Marekschmidt (talk | contribs) (pasted script)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search 
#!/bin/bash
# gpgarmor - based on code by Jose Antonio Martin
# rewritten by Johannes Buchner
# 
# This shell script will wrap around any program and protect the data files
# by encrypting it using tar and gpg.
# You can put a link to this script on your desktop or in the menu.
# 
# Adjust the following options:

# program to call
PROG="gnucash"
# executing directory (where your data file lives)
DIR="/home/username/Documents/GnuCash"
# File which is parameter for the program (PROG). 
# The encrypted file will be called the $BOOK.tar.gz.asc
BOOK="gnucash"
# All files that should be protected (archived and encrypted).
FILES="${BOOK} ${BOOK}.*.gnucash ${BOOK}.*.log"

#INTERFACE_ERR='zenity --error --text'
#INTERFACE_PASS='zenity --entry --hide-text --text '

INTERFACE_ERR='kdialog --error'
INTERFACE_PASS='kdialog --password '

#INTERFACE_ERR='echo' # INTERFACE_PASS will be read from shell if this is set

function do_error {
	$INTERFACE_ERR "$@"
	cd - &> /dev/null
	exit 1
}

function run_and_encrypt {
	"$PROG" $BOOK
	tar -czf "$BOOK.tar.gz" $FILES || 
		do_error "tar failed on $BOOK"

	if [[ "$INTERFACE_ERR" == 'echo' ]]; then
		gpg --quiet -ca --output "$BOOK".tar.gz.asc "$BOOK".tar.gz || 
		do_error "gpg encryption failed"
	else 
		PASS1=`$INTERFACE_PASS "Enter passphrase"`
		PASS2=`$INTERFACE_PASS "Repeat passphrase"`
		while [ $PASS1 != $PASS2 ]
		do
			$INTERFACE_ERR 'Error. Passphrases do not match'
			PASS1=`$INTERFACE_PASS "Enter passphrase"`
			PASS2=`$INTERFACE_PASS "Repeat passphrase"`
		done
		gpg --quiet -ca --batch --passphrase $PASS1 \
			--output "$BOOK".tar.gz.asc "$BOOK".tar.gz || 
		do_error "gpg encryption failed"
	fi

	shred $FILES $BOOK.tar.gz  > /dev/null
	rm -f $FILES $BOOK.tar.gz 
	put_file
	cd - &> /dev/null
	exit 0
}

function get_file {
    
    rm $BOOK.tar.gz.asc.bak
    mv $BOOK.tar.gz.asc $BOOK.tar.gz.asc.bak
    
sftp -b /dev/stdin -i identityfile user@host <<++EOT++
cd gnucash
get $BOOK.tar.gz.asc
bye
++EOT++
    
}


function put_file {

sftp -b /dev/stdin -i identityfile user@host <<++EOT++
cd gnucash
put $BOOK.tar.gz.asc
bye
++EOT++
    
}




cd "$DIR"

get_file

test -f "$BOOK.tar.gz.asc" || \
	if test -f "$BOOK"; then
		echo "Found not-encrypted file (first-run)"
		run_and_encrypt || 
			do_error "file \"$BOOK\" not found"
	fi

# Found encrypted file
if [[ "$INTERFACE_ERR" == 'echo' ]]; then
	gpg --quiet --decrypt --output "$BOOK".tar.gz "$BOOK".tar.gz.asc || 
		do_error "gpg decryption failed"
else
	$INTERFACE_PASS 'Enter passphrase:' |
		gpg --quiet --decrypt --batch --passphrase-fd 0 \
			--output "$BOOK".tar.gz "$BOOK".tar.gz.asc || 
		do_error "gpg decryption failed"
fi


# untar
tar -zxkf "$BOOK.tar.gz"  &> /dev/null
shred $BOOK.tar.gz "$BOOK.tar.gz.asc"
rm -f $BOOK.tar.gz "$BOOK.tar.gz.asc"

run_and_encrypt
Retrieved from "https://svn.gnucash.org/wiki/index.php?title=Syncencrypt_linux_construction&oldid=7518"