From 4be03cbf5cc848858483037aaf3da1259d26019e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cyryl=20P=C5=82otnicki?= Date: Fri, 7 Oct 2016 22:46:23 +0200 Subject: [PATCH 1/7] Add basic scripts to operate on ecrypted vaults --- fedora/configure_fresh_system | 2 +- tools/mount-vault | 9 +++++++++ tools/umount-vault | 8 ++++++++ 3 files changed, 18 insertions(+), 1 deletion(-) create mode 100755 tools/mount-vault create mode 100755 tools/umount-vault diff --git a/fedora/configure_fresh_system b/fedora/configure_fresh_system index bd1701d6..5f051198 100755 --- a/fedora/configure_fresh_system +++ b/fedora/configure_fresh_system @@ -5,7 +5,7 @@ set -e if [[ -z $NOUPGRADE ]]; then sudo dnf -y upgrade --best --allowerasing fi -sudo dnf -y --best --allowerasing install tmux atop zsh thunderbird thunderbird-enigmail thunderbird-lightning firefox aria2 gajim lm_sensors freecad python3-pip qt5-qtbase-devel qt5-qtwebkit-devel meld whois curl pv nodejs terminator gsmartcontrol python-pip mercurial python3-devel libxslt-devel libjpeg-turbo-devel conky conky-manager redshift redshift-gtk cmake gtk2-devel intltool gparted wine solaar glances the_silver_searcher dkms kernel-devel gimp transmission-gtk git xz util-linux-user powertop dnf-automatic kdiff3 yum-utils util-linux-user ncurses-devel zeal +sudo dnf -y --best --allowerasing install tmux atop zsh thunderbird thunderbird-enigmail thunderbird-lightning firefox aria2 gajim lm_sensors freecad python3-pip qt5-qtbase-devel qt5-qtwebkit-devel meld whois curl pv nodejs terminator gsmartcontrol python-pip mercurial python3-devel libxslt-devel libjpeg-turbo-devel conky conky-manager redshift redshift-gtk cmake gtk2-devel intltool gparted wine solaar glances the_silver_searcher dkms kernel-devel gimp transmission-gtk git xz util-linux-user powertop dnf-automatic kdiff3 yum-utils util-linux-user ncurses-devel zeal archivemount FEDORA_VERSION=`rpm -E %fedora` sudo dnf -y install http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$FEDORA_VERSION.noarch.rpm sudo dnf -y install http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$FEDORA_VERSION.noarch.rpm diff --git a/tools/mount-vault b/tools/mount-vault new file mode 100755 index 00000000..3c071b22 --- /dev/null +++ b/tools/mount-vault @@ -0,0 +1,9 @@ +#!/bin/bash + +set -e +echo "decrypting..." +gpg2 -d ~/Nextcloud/vault.tar.xz.gpg > ~/.vault.tar.xz +echo "mounting..." +mkdir -p ~/.vault +archivemount ~/.vault.tar.xz ~/.vault + diff --git a/tools/umount-vault b/tools/umount-vault new file mode 100755 index 00000000..fdf83744 --- /dev/null +++ b/tools/umount-vault @@ -0,0 +1,8 @@ +#!/bin/bash + +set -e +umount ~/.vault +gpg2 -c ~/.vault.tar.xz +mv ~/.vault.tar.xz.gpg ~/Nextcloud/vault.tar.xz.gpg +rm -vfr ~/.vault* + From c6933ab7bd5a2d0fc28b641fcd28e70792b94ea9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cyryl=20P=C5=82otnicki?= Date: Fri, 7 Oct 2016 23:40:00 +0200 Subject: [PATCH 2/7] Use zip archives for vault as they are faster for random access --- tools/mount-vault | 4 ++-- tools/umount-vault | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/tools/mount-vault b/tools/mount-vault index 3c071b22..685149ff 100755 --- a/tools/mount-vault +++ b/tools/mount-vault @@ -2,8 +2,8 @@ set -e echo "decrypting..." -gpg2 -d ~/Nextcloud/vault.tar.xz.gpg > ~/.vault.tar.xz +gpg2 -d ~/Nextcloud/vault.zip.gpg > ~/.vault.zip echo "mounting..." mkdir -p ~/.vault -archivemount ~/.vault.tar.xz ~/.vault +archivemount -o nobackup ~/.vault.zip ~/.vault diff --git a/tools/umount-vault b/tools/umount-vault index fdf83744..56da2175 100755 --- a/tools/umount-vault +++ b/tools/umount-vault @@ -1,8 +1,8 @@ #!/bin/bash set -e -umount ~/.vault -gpg2 -c ~/.vault.tar.xz -mv ~/.vault.tar.xz.gpg ~/Nextcloud/vault.tar.xz.gpg +sudo umount ~/.vault +gpg2 -c ~/.vault.zip +mv ~/.vault.zip.gpg ~/Nextcloud/vault.zip.gpg rm -vfr ~/.vault* From a497edf8b9df24be69fd323f755dcc703709287f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cyryl=20P=C5=82otnicki?= Date: Sat, 8 Oct 2016 08:04:46 +0200 Subject: [PATCH 3/7] CHecksum calculation --- tools/mount-vault | 5 ++++- tools/umount-vault | 8 ++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/tools/mount-vault b/tools/mount-vault index 685149ff..2dd5183e 100755 --- a/tools/mount-vault +++ b/tools/mount-vault @@ -2,7 +2,10 @@ set -e echo "decrypting..." -gpg2 -d ~/Nextcloud/vault.zip.gpg > ~/.vault.zip +cp -v ~/Nextcloud/vault.zip.gpg ~/.vault.zip.gpg +cp -v ~/Nextcloud/vault.zip.gpg.sha512 ~/.vault.zip.gpg.sha512 +sha512sum -c ~/.vault.zip.gpg.sha512 +gpg2 -d ~/.vault.zip.gpg > ~/.vault.zip echo "mounting..." mkdir -p ~/.vault archivemount -o nobackup ~/.vault.zip ~/.vault diff --git a/tools/umount-vault b/tools/umount-vault index 56da2175..5f6a9212 100755 --- a/tools/umount-vault +++ b/tools/umount-vault @@ -1,8 +1,16 @@ #!/bin/bash set -e +echo "Unmounting vault.." sudo umount ~/.vault +echo "Encrypting archive..." gpg2 -c ~/.vault.zip +echo "Calculating checksum..." +sha512sum ~/.vault.zip.gpg > ~/.vault.zip.gpg.sha512 +sha512sum -c ~/.vault.zip.gpg.sha512 +cat ~/.vault.zip.gpg.sha512 +echo "Moving vault to storage..." mv ~/.vault.zip.gpg ~/Nextcloud/vault.zip.gpg +mv ~/.vault.zip.gpg.sha512 ~/Nextcloud/vault.zip.gpg.sha512 rm -vfr ~/.vault* From 703a79a299d652631201fcab08c6ff87d574f548 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cyryl=20P=C5=82otnicki?= Date: Sat, 8 Oct 2016 08:08:17 +0200 Subject: [PATCH 4/7] Do not use RPMFusion --- fedora/configure_fresh_system | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/fedora/configure_fresh_system b/fedora/configure_fresh_system index 5f051198..4d3152ac 100755 --- a/fedora/configure_fresh_system +++ b/fedora/configure_fresh_system @@ -5,11 +5,9 @@ set -e if [[ -z $NOUPGRADE ]]; then sudo dnf -y upgrade --best --allowerasing fi -sudo dnf -y --best --allowerasing install tmux atop zsh thunderbird thunderbird-enigmail thunderbird-lightning firefox aria2 gajim lm_sensors freecad python3-pip qt5-qtbase-devel qt5-qtwebkit-devel meld whois curl pv nodejs terminator gsmartcontrol python-pip mercurial python3-devel libxslt-devel libjpeg-turbo-devel conky conky-manager redshift redshift-gtk cmake gtk2-devel intltool gparted wine solaar glances the_silver_searcher dkms kernel-devel gimp transmission-gtk git xz util-linux-user powertop dnf-automatic kdiff3 yum-utils util-linux-user ncurses-devel zeal archivemount -FEDORA_VERSION=`rpm -E %fedora` -sudo dnf -y install http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$FEDORA_VERSION.noarch.rpm -sudo dnf -y install http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$FEDORA_VERSION.noarch.rpm -sudo dnf -y --best --allowerasing install vlc splix gutenprint-cups cups-bjnp mono-devel keepass mplayer golang ncurses-compat-libs kicad retext + +sudo dnf -y --best --allowerasing install tmux atop zsh thunderbird thunderbird-enigmail thunderbird-lightning firefox aria2 gajim lm_sensors freecad python3-pip qt5-qtbase-devel qt5-qtwebkit-devel meld whois curl pv nodejs terminator gsmartcontrol python-pip mercurial python3-devel libxslt-devel libjpeg-turbo-devel conky conky-manager redshift redshift-gtk cmake gtk2-devel intltool gparted wine solaar glances the_silver_searcher dkms kernel-devel gimp transmission-gtk git xz util-linux-user powertop dnf-automatic kdiff3 yum-utils util-linux-user ncurses-devel zeal archivemount zulucrypt keepass splix gutenprint-cups cups-bjnp + sudo dnf -y groupinstall "C Development Tools and Libraries" DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" From a10c0be6ad9176705f9f22692ab899f143eae15f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cyryl=20P=C5=82otnicki?= Date: Sat, 8 Oct 2016 08:18:08 +0200 Subject: [PATCH 5/7] Do not install zulucrypt --- fedora/configure_fresh_system | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fedora/configure_fresh_system b/fedora/configure_fresh_system index 4d3152ac..fdfa42d4 100755 --- a/fedora/configure_fresh_system +++ b/fedora/configure_fresh_system @@ -6,7 +6,7 @@ if [[ -z $NOUPGRADE ]]; then sudo dnf -y upgrade --best --allowerasing fi -sudo dnf -y --best --allowerasing install tmux atop zsh thunderbird thunderbird-enigmail thunderbird-lightning firefox aria2 gajim lm_sensors freecad python3-pip qt5-qtbase-devel qt5-qtwebkit-devel meld whois curl pv nodejs terminator gsmartcontrol python-pip mercurial python3-devel libxslt-devel libjpeg-turbo-devel conky conky-manager redshift redshift-gtk cmake gtk2-devel intltool gparted wine solaar glances the_silver_searcher dkms kernel-devel gimp transmission-gtk git xz util-linux-user powertop dnf-automatic kdiff3 yum-utils util-linux-user ncurses-devel zeal archivemount zulucrypt keepass splix gutenprint-cups cups-bjnp +sudo dnf -y --best --allowerasing install tmux atop zsh thunderbird thunderbird-enigmail thunderbird-lightning firefox aria2 gajim lm_sensors freecad python3-pip qt5-qtbase-devel qt5-qtwebkit-devel meld whois curl pv nodejs terminator gsmartcontrol python-pip mercurial python3-devel libxslt-devel libjpeg-turbo-devel conky conky-manager redshift redshift-gtk cmake gtk2-devel intltool gparted wine solaar glances the_silver_searcher dkms kernel-devel gimp transmission-gtk git xz util-linux-user powertop dnf-automatic kdiff3 yum-utils util-linux-user ncurses-devel zeal archivemount keepass splix gutenprint-cups cups-bjnp sudo dnf -y groupinstall "C Development Tools and Libraries" From aac614723e196082eab182c318b66505545d4dee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cyryl=20P=C5=82otnicki?= Date: Sat, 8 Oct 2016 08:21:07 +0200 Subject: [PATCH 6/7] Install development tools explicitly --- fedora/configure_fresh_system | 1 + 1 file changed, 1 insertion(+) diff --git a/fedora/configure_fresh_system b/fedora/configure_fresh_system index fdfa42d4..00d829ea 100755 --- a/fedora/configure_fresh_system +++ b/fedora/configure_fresh_system @@ -9,6 +9,7 @@ fi sudo dnf -y --best --allowerasing install tmux atop zsh thunderbird thunderbird-enigmail thunderbird-lightning firefox aria2 gajim lm_sensors freecad python3-pip qt5-qtbase-devel qt5-qtwebkit-devel meld whois curl pv nodejs terminator gsmartcontrol python-pip mercurial python3-devel libxslt-devel libjpeg-turbo-devel conky conky-manager redshift redshift-gtk cmake gtk2-devel intltool gparted wine solaar glances the_silver_searcher dkms kernel-devel gimp transmission-gtk git xz util-linux-user powertop dnf-automatic kdiff3 yum-utils util-linux-user ncurses-devel zeal archivemount keepass splix gutenprint-cups cups-bjnp sudo dnf -y groupinstall "C Development Tools and Libraries" +sudo dnf -y groupinstall "Development Tools" DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" From 9b46d175da137989ef8765d0d61e1ae4f6cac5a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cyryl=20P=C5=82otnicki?= Date: Sun, 16 Oct 2016 12:52:05 +0200 Subject: [PATCH 7/7] Use LUKS for vault --- tools/mount-vault | 11 +++-------- tools/umount-vault | 12 +----------- 2 files changed, 4 insertions(+), 19 deletions(-) diff --git a/tools/mount-vault b/tools/mount-vault index 2dd5183e..c67f0d4c 100755 --- a/tools/mount-vault +++ b/tools/mount-vault @@ -1,12 +1,7 @@ #!/bin/bash set -e -echo "decrypting..." -cp -v ~/Nextcloud/vault.zip.gpg ~/.vault.zip.gpg -cp -v ~/Nextcloud/vault.zip.gpg.sha512 ~/.vault.zip.gpg.sha512 -sha512sum -c ~/.vault.zip.gpg.sha512 -gpg2 -d ~/.vault.zip.gpg > ~/.vault.zip -echo "mounting..." mkdir -p ~/.vault -archivemount -o nobackup ~/.vault.zip ~/.vault - +sudo cryptsetup luksOpen ~/Nextcloud/vault.img vault +sudo mount /dev/mapper/vault ~/.vault +sudo chown $USER ~/.vault diff --git a/tools/umount-vault b/tools/umount-vault index 5f6a9212..fb71d594 100755 --- a/tools/umount-vault +++ b/tools/umount-vault @@ -1,16 +1,6 @@ #!/bin/bash set -e -echo "Unmounting vault.." sudo umount ~/.vault -echo "Encrypting archive..." -gpg2 -c ~/.vault.zip -echo "Calculating checksum..." -sha512sum ~/.vault.zip.gpg > ~/.vault.zip.gpg.sha512 -sha512sum -c ~/.vault.zip.gpg.sha512 -cat ~/.vault.zip.gpg.sha512 -echo "Moving vault to storage..." -mv ~/.vault.zip.gpg ~/Nextcloud/vault.zip.gpg -mv ~/.vault.zip.gpg.sha512 ~/Nextcloud/vault.zip.gpg.sha512 -rm -vfr ~/.vault* +sudo cryptsetup luksClose vault