the-bastion/bin/cron/osh-backup-acl-keys.sh

#! /usr/bin/env bash
# vim: set filetype=sh ts=4 sw=4 sts=4 et:
set -e
umask 077

basedir=$(readlink -f "$(dirname "$0")"/../..)
# shellcheck source=lib/shell/functions.inc
. "$basedir"/lib/shell/functions.inc

# default config values for this script
DESTDIR=""
DAYSTOKEEP="90"
GPGKEYS=""
SIGNING_KEY=""
SIGNING_KEY_PASSPHRASE=""
PUSH_REMOTE=""
PUSH_OPTIONS=""

# set error trap, read config, setup logging, exit early if script is disabled, etc.
script_init osh-backup-acl-keys config_mandatory check_secure

if [ -z "$DESTDIR" ] ; then
    exit_fail "$0: Missing DESTDIR in configuration, aborting."
fi

if ! echo "$DAYSTOKEEP" | grep -Eq '^[0-9]+$' ; then
    exit_fail "$0: Invalid specified DAYSTOKEEP value ($DAYSTOKEEP), aborting."
fi

_log "Starting backup..."

mkdir -p "$DESTDIR"

tarfile="$DESTDIR/backup-$(date +'%Y-%m-%d').tar.gz"
_log "Creating $tarfile..."
supp_entries=""
for entry in /root/.gnupg /root/.ssh /var/otp /etc/master.passwd /etc/pwd.db /etc/spwd.db \
    /etc/passwd /etc/group /etc/shadow /etc/gshadow /etc/bastion /usr/local/etc/bastion
do
    [ -e "$entry" ] && supp_entries="$supp_entries $entry"
done

maxtries=50
for try in $(seq 1 $maxtries)
do
    # tar may output unimportant warnings to stderr, so we don't want to get noisy
    # if it exits with 0: save its stderr in a tmpfile, and cat it to stderr only if it returns != 0
    tarstderr=$(mktemp)
    set +e
    # SC2086: we don't want to quote $supp_entries, we want it expanded
    # shellcheck disable=SC2086
    tar czf "$tarfile" -p --xattrs --acls --one-file-system --numeric-owner \
        --exclude=".encrypt" \
        --exclude="ttyrec" \
        --exclude="*.sqlite" \
        --exclude="*.log" \
        --exclude="*.ttyrec" \
        --exclude="*.gpg" \
        --exclude="*.gz" \
        --exclude="*.zst" \
        /home/ /etc/ssh $supp_entries 2>"$tarstderr"; ret=$?
    set -e
    if [ $ret -eq 0 ]; then
        _log "File created"
        rm -f "$tarstderr"
        break
    else
        # special case: if a file changed/removed while we were reading it, tar fails, in that case: retry
        if [ $ret -eq 1 ] && grep -q -e 'changed as we read it' -e 'removed before we read it' "$tarstderr"; then
            _log "Transient tar failure (try $try):"
            while read -r line; do
                _log "tar: $line"
            done < "$tarstderr"
            rm -f "$tarstderr"
            _log "Retrying after $try seconds..."
            sleep "$try"
            continue
        fi
        _err "Error while creating file (sysret=$ret)"
        while read -r line; do
            _err "tar: $line"
        done < "$tarstderr"
        rm -f "$tarstderr"
        exit_fail
    fi
done
if [ "$try" = "$maxtries" ]; then
    exit_fail "Failed creating tar archive after $maxtries tries!"
fi

encryption_worked=0
if [ -n "$GPGKEYS" ] ; then
    cmdline="--encrypt --batch --trust-model always"

    # this only exists on recent gnupg versions (>= 2.1)
    if gpg --dump-options | grep -q -- --pinentry-mode; then
        cmdline="$cmdline --pinentry-mode loopback"
    fi

    sign=0
    if [ -n "$SIGNING_KEY" ] && [ -n "$SIGNING_KEY_PASSPHRASE" ]; then
        sign=1
        cmdline="$cmdline --sign --local-user $SIGNING_KEY"
    fi
    for recipient in $GPGKEYS
    do
        cmdline="$cmdline -r $recipient"
    done

    # just in case, encrypt all .tar.gz files we find in $DESTDIR
    while IFS= read -r -d '' file
    do
        if [ "$sign" = 1 ]; then
            _log "Encrypting & signing $file..."
        else
            _log "Encrypting $file..."
        fi
        rm -f "$file.gpg" # if the gpg file already exists, remove it

        # shellcheck disable=SC2086
        if [ "$sign" = 1 ]; then
            gpg $cmdline --passphrase-fd 0 "$file" <<< "$SIGNING_KEY_PASSPHRASE"; ret=$?
        else
            gpg $cmdline "$file"; ret=$?
        fi

        if [ "$ret" = 0 ]; then
            encryption_worked=1
            if command -v shred >/dev/null; then
                shred -u "$file"
            else
                rm -f "$file"
            fi
        else
            _err "Encryption failed"
        fi
    done < <(find "$DESTDIR/" -mindepth 1 -maxdepth 1 -type f -name 'backup-????-??-??.tar.gz' -print0)
else
    _warn "$tarfile will not be encrypted! (no GPGKEYS specified)"
fi

# push to remote if needed
if [ -n "$PUSH_REMOTE" ] && [ "$encryption_worked" = 1 ] && [ -r "$tarfile.gpg" ] ; then
    _log "Pushing backup file ($tarfile.gpg) remotely..."
    set +e
    # shellcheck disable=SC2086
    scp $PUSH_OPTIONS "$tarfile.gpg" "$PUSH_REMOTE"; ret=$?
    set -e
    if [ $ret -eq 0 ]; then
        _log "Push done"
    else
        _err "Push failed (sysret=$ret)"
    fi
fi

# cleanup
_log "Cleaning up old backups..."
find "$DESTDIR/" -mindepth 1 -maxdepth 1 -type f -name 'backup-????-??-??.tar.gz'     -mtime +"$DAYSTOKEEP" -delete
find "$DESTDIR/" -mindepth 1 -maxdepth 1 -type f -name 'backup-????-??-??.tar.gz.gpg' -mtime +"$DAYSTOKEEP" -delete

exit_success
Initial commit 2020-10-16 00:32:37 +08:00			`#! /usr/bin/env bash`
			`# vim: set filetype=sh ts=4 sw=4 sts=4 et:`
			`set -e`
			`umask 077`

			`basedir=$(readlink -f "$(dirname "$0")"/../..)`
			`# shellcheck source=lib/shell/functions.inc`
			`. "$basedir"/lib/shell/functions.inc`

enh: cron scripts: factorize common code and standardize logging 2022-01-20 23:51:45 +08:00			`# default config values for this script`
doc: add osh-backup-acl-keys.sh config reference 2021-07-30 19:53:13 +08:00			`DESTDIR=""`
			`DAYSTOKEEP="90"`
			`GPGKEYS=""`
feat: osh-backup-acl-keys: add the possibility to sign encrypted backups (#209) 2021-09-15 21:12:32 +08:00			`SIGNING_KEY=""`
			`SIGNING_KEY_PASSPHRASE=""`
doc: add osh-backup-acl-keys.sh config reference 2021-07-30 19:53:13 +08:00			`PUSH_REMOTE=""`
			`PUSH_OPTIONS=""`

enh: cron scripts: factorize common code and standardize logging 2022-01-20 23:51:45 +08:00			`# set error trap, read config, setup logging, exit early if script is disabled, etc.`
			`script_init osh-backup-acl-keys config_mandatory check_secure`
Initial commit 2020-10-16 00:32:37 +08:00
			`if [ -z "$DESTDIR" ] ; then`
enh: introduce exit_fail and exit_success for shell scripts 2022-01-18 20:59:01 +08:00			`exit_fail "$0: Missing DESTDIR in configuration, aborting."`
Initial commit 2020-10-16 00:32:37 +08:00			`fi`

			`if ! echo "$DAYSTOKEEP" \| grep -Eq '^[0-9]+$' ; then`
enh: introduce exit_fail and exit_success for shell scripts 2022-01-18 20:59:01 +08:00			`exit_fail "$0: Invalid specified DAYSTOKEEP value ($DAYSTOKEEP), aborting."`
Initial commit 2020-10-16 00:32:37 +08:00			`fi`

			`_log "Starting backup..."`

chore: mkdir -p doesn't fail if dir already exists 2021-03-19 16:39:07 +08:00			`mkdir -p "$DESTDIR"`
Initial commit 2020-10-16 00:32:37 +08:00
			`tarfile="$DESTDIR/backup-$(date +'%Y-%m-%d').tar.gz"`
			`_log "Creating $tarfile..."`
			`supp_entries=""`
feat: move scripts to GnuPG 2.x and add tests 2021-12-23 00:40:39 +08:00			`for entry in /root/.gnupg /root/.ssh /var/otp /etc/master.passwd /etc/pwd.db /etc/spwd.db \`
			`/etc/passwd /etc/group /etc/shadow /etc/gshadow /etc/bastion /usr/local/etc/bastion`
Initial commit 2020-10-16 00:32:37 +08:00			`do`
			`[ -e "$entry" ] && supp_entries="$supp_entries $entry"`
			`done`
enh: satellite scripts: better error handling 2020-12-31 20:13:20 +08:00
			`maxtries=50`
			`for try in $(seq 1 $maxtries)`
			`do`
			`# tar may output unimportant warnings to stderr, so we don't want to get noisy`
			`# if it exits with 0: save its stderr in a tmpfile, and cat it to stderr only if it returns != 0`
			`tarstderr=$(mktemp)`
			`set +e`
			`# SC2086: we don't want to quote $supp_entries, we want it expanded`
			`# shellcheck disable=SC2086`
			`tar czf "$tarfile" -p --xattrs --acls --one-file-system --numeric-owner \`
			`--exclude=".encrypt" \`
			`--exclude="ttyrec" \`
			`--exclude="*.sqlite" \`
			`--exclude="*.log" \`
			`--exclude="*.ttyrec" \`
			`--exclude="*.gpg" \`
			`--exclude="*.gz" \`
			`--exclude="*.zst" \`
feat: move scripts to GnuPG 2.x and add tests 2021-12-23 00:40:39 +08:00			`/home/ /etc/ssh $supp_entries 2>"$tarstderr"; ret=$?`
enh: satellite scripts: better error handling 2020-12-31 20:13:20 +08:00			`set -e`
			`if [ $ret -eq 0 ]; then`
			`_log "File created"`
			`rm -f "$tarstderr"`
			`break`
			`else`
fix: osh-backup-acl-keys: detect file removed transient error 2021-02-23 18:05:50 +08:00			`# special case: if a file changed/removed while we were reading it, tar fails, in that case: retry`
			`if [ $ret -eq 1 ] && grep -q -e 'changed as we read it' -e 'removed before we read it' "$tarstderr"; then`
enh: satellite scripts: better error handling 2020-12-31 20:13:20 +08:00			`_log "Transient tar failure (try $try):"`
			`while read -r line; do`
			`_log "tar: $line"`
			`done < "$tarstderr"`
			`rm -f "$tarstderr"`
			`_log "Retrying after $try seconds..."`
			`sleep "$try"`
			`continue`
			`fi`
			`_err "Error while creating file (sysret=$ret)"`
			`while read -r line; do`
			`_err "tar: $line"`
			`done < "$tarstderr"`
			`rm -f "$tarstderr"`
			`exit_fail`
			`fi`
			`done`
			`if [ "$try" = "$maxtries" ]; then`
enh: introduce exit_fail and exit_success for shell scripts 2022-01-18 20:59:01 +08:00			`exit_fail "Failed creating tar archive after $maxtries tries!"`
Initial commit 2020-10-16 00:32:37 +08:00			`fi`

			`encryption_worked=0`
			`if [ -n "$GPGKEYS" ] ; then`
feat: move scripts to GnuPG 2.x and add tests 2021-12-23 00:40:39 +08:00			`cmdline="--encrypt --batch --trust-model always"`

			`# this only exists on recent gnupg versions (>= 2.1)`
			`if gpg --dump-options \| grep -q -- --pinentry-mode; then`
			`cmdline="$cmdline --pinentry-mode loopback"`
			`fi`

feat: osh-backup-acl-keys: add the possibility to sign encrypted backups (#209) 2021-09-15 21:12:32 +08:00			`sign=0`
			`if [ -n "$SIGNING_KEY" ] && [ -n "$SIGNING_KEY_PASSPHRASE" ]; then`
			`sign=1`
			`cmdline="$cmdline --sign --local-user $SIGNING_KEY"`
			`fi`
Initial commit 2020-10-16 00:32:37 +08:00			`for recipient in $GPGKEYS`
			`do`
			`cmdline="$cmdline -r $recipient"`
			`done`
feat: move scripts to GnuPG 2.x and add tests 2021-12-23 00:40:39 +08:00
Initial commit 2020-10-16 00:32:37 +08:00			`# just in case, encrypt all .tar.gz files we find in $DESTDIR`
			`while IFS= read -r -d '' file`
			`do`
feat: osh-backup-acl-keys: add the possibility to sign encrypted backups (#209) 2021-09-15 21:12:32 +08:00			`if [ "$sign" = 1 ]; then`
			`_log "Encrypting & signing $file..."`
			`else`
			`_log "Encrypting $file..."`
			`fi`
Initial commit 2020-10-16 00:32:37 +08:00			`rm -f "$file.gpg" # if the gpg file already exists, remove it`
feat: osh-backup-acl-keys: add the possibility to sign encrypted backups (#209) 2021-09-15 21:12:32 +08:00
Initial commit 2020-10-16 00:32:37 +08:00			`# shellcheck disable=SC2086`
feat: osh-backup-acl-keys: add the possibility to sign encrypted backups (#209) 2021-09-15 21:12:32 +08:00			`if [ "$sign" = 1 ]; then`
feat: move scripts to GnuPG 2.x and add tests 2021-12-23 00:40:39 +08:00			`gpg $cmdline --passphrase-fd 0 "$file" <<< "$SIGNING_KEY_PASSPHRASE"; ret=$?`
feat: osh-backup-acl-keys: add the possibility to sign encrypted backups (#209) 2021-09-15 21:12:32 +08:00			`else`
feat: move scripts to GnuPG 2.x and add tests 2021-12-23 00:40:39 +08:00			`gpg $cmdline "$file"; ret=$?`
feat: osh-backup-acl-keys: add the possibility to sign encrypted backups (#209) 2021-09-15 21:12:32 +08:00			`fi`

			`if [ "$ret" = 0 ]; then`
Initial commit 2020-10-16 00:32:37 +08:00			`encryption_worked=1`
enh: introduce exit_fail and exit_success for shell scripts 2022-01-18 20:59:01 +08:00			`if command -v shred >/dev/null; then`
			`shred -u "$file"`
			`else`
			`rm -f "$file"`
			`fi`
Initial commit 2020-10-16 00:32:37 +08:00			`else`
			`_err "Encryption failed"`
			`fi`
			`done < <(find "$DESTDIR/" -mindepth 1 -maxdepth 1 -type f -name 'backup-????-??-??.tar.gz' -print0)`
			`else`
			`_warn "$tarfile will not be encrypted! (no GPGKEYS specified)"`
			`fi`

			`# push to remote if needed`
			`if [ -n "$PUSH_REMOTE" ] && [ "$encryption_worked" = 1 ] && [ -r "$tarfile.gpg" ] ; then`
			`_log "Pushing backup file ($tarfile.gpg) remotely..."`
enh: satellite scripts: better error handling 2020-12-31 20:13:20 +08:00			`set +e`
chore: shellcheck: rewrite shell-check.sh and make files compliant with v0.8.0 2021-12-29 01:03:20 +08:00			`# shellcheck disable=SC2086`
Initial commit 2020-10-16 00:32:37 +08:00			`scp $PUSH_OPTIONS "$tarfile.gpg" "$PUSH_REMOTE"; ret=$?`
enh: satellite scripts: better error handling 2020-12-31 20:13:20 +08:00			`set -e`
Initial commit 2020-10-16 00:32:37 +08:00			`if [ $ret -eq 0 ]; then`
			`_log "Push done"`
			`else`
			`_err "Push failed (sysret=$ret)"`
			`fi`
			`fi`

			`# cleanup`
			`_log "Cleaning up old backups..."`
			`find "$DESTDIR/" -mindepth 1 -maxdepth 1 -type f -name 'backup-????-??-??.tar.gz' -mtime +"$DAYSTOKEEP" -delete`
			`find "$DESTDIR/" -mindepth 1 -maxdepth 1 -type f -name 'backup-????-??-??.tar.gz.gpg' -mtime +"$DAYSTOKEEP" -delete`
enh: introduce exit_fail and exit_success for shell scripts 2022-01-18 20:59:01 +08:00
enh: cron scripts: factorize common code and standardize logging 2022-01-20 23:51:45 +08:00			`exit_success`