X-Git-Url: https://zdv2.bktei.com/gitweb/EVA-2020-02.git/blobdiff_plain/f665ce95d072891c192ec23058c33de8ec216a12..c9c573da200aef5273d6d55ef03bb6da7e0eb150:/exec/bkgpslog diff --git a/exec/bkgpslog b/exec/bkgpslog index 63acc84..3a7bae8 100755 --- a/exec/bkgpslog +++ b/exec/bkgpslog @@ -14,7 +14,7 @@ DIR_TMP_DEFAULT="/dev/shm"; # Default parent of working directory SCRIPT_TIME_START=$(date +%Y%m%dT%H%M%S.%N); PATH="$HOME/.local/bin:$PATH"; # Add "$(systemd-path user-binaries)" path in case apps saved there SCRIPT_HOSTNAME=$(hostname); # Save hostname of system running this script. -SCRIPT_VERSION="0.3.7"; # Define version of script. +SCRIPT_VERSION="0.3.9"; # Define version of script. SCRIPT_NAME="bkgpslog"; # Define basename of script file. SCRIPT_URL="https://gitlab.com/baltakatei/ninfacyzga-01"; # Define wesite hosting this script. AGE_VERSION="1.0.0-beta2"; # Define version of age (encryption program) @@ -23,8 +23,7 @@ AGE_URL="https://github.com/FiloSottile/age/releases/tag/v1.0.0-beta2"; # Define declare -Ag appRollCall # Associative array for storing app status declare -Ag fileRollCall # Associative array for storing file status declare -Ag dirRollCall # Associative array for storing dir status -declare -a recPubKeys # for processArguments function -declare recipients # for main function +declare -a argRecPubKeys # for processArguments function ## Initialize variables OPTION_VERBOSE=""; OPTION_ENCRYPT=""; OPTION_COMPRESS=""; OPTION_TMPDIR=""; @@ -147,35 +146,31 @@ showUsage() { echoerr "OPTIONS:" echoerr " -h, --help" echoerr " Display help information." - echoerr echoerr " --version" echoerr " Display script version." - echoerr echoerr " -v, --verbose" echoerr " Display debugging info." - echoerr echoerr " -e, --encrypt" echoerr " Encrypt output." - echoerr echoerr " -r, --recipient [ pubkey string ]" echoerr " Specify recipient. May be age or ssh pubkey." echoerr " See https://github.com/FiloSottile/age" - echoerr echoerr " -o, --output [ directory ]" echoerr " Specify output directory to save logs." - echoerr echoerr " -c, --compress" echoerr " Compress output with gzip (before encryption if enabled)." - echoerr echoerr " -z, --time-zone" echoerr " Specify time zone. (ex: \"America/New_York\")" - echoerr echoerr " -t, --temp-dir" echoerr " Specify parent directory for temporary working directory." echoerr " Default: \"/dev/shm\"" + echoerr " -R, --recipient-dir" + echoerr " Specify directory containing files whose first lines are" + echoerr " to be interpreted as pubkey strings (see \'-r\' option)." echoerr echoerr "EXAMPLE: (bash script lines)" - echoerr "/bin/bash bkgpslog -e -c \\" + echoerr "/bin/bash bkgpslog -v -e -c \\" + echoerr "-z \"UTC\" -t \"/dev/shm\" \\" echoerr "-r age1mrmfnwhtlprn4jquex0ukmwcm7y2nxlphuzgsgv8ew2k9mewy3rs8u7su5 \\" echoerr "-r age1ala848kqrvxc88rzaauc6vc5v0fqrvef9dxyk79m0vjea3hagclswu0lgq \\" echoerr "-o ~/Sync/Location" @@ -214,12 +209,12 @@ processArguments() { --version) showVersion; exit 1;; # Show version -v | --verbose) OPTION_VERBOSE="true"; vbm "DEBUG:Verbose mode enabled.";; # Enable verbose mode. -o | --output) if [ -d "$2" ]; then DIR_OUT="$2"; vbm "DEBUG:DIR_OUT:$DIR_OUT"; shift; fi ;; # Define output directory. - -e | --encrypt) OPTION_ENCRYPT="true"; vbm "DEBUG:Encrypted output mode enabled.";; - -r | --recipient) # Add 'age' recipient via public key string - recPubKeys+=("$2"); vbm "STATUS:pubkey added:""$2"; shift;; - -c | --compress) OPTION_COMPRESS="true"; vbm "DEBUG:Compressed output mode enabled.";; - -z | --time-zone) try setTimeZoneEV "$2"; shift;; - -t | --temp-dir) OPTION_TMPDIR="true" && TMP_DIR_PRIORITY="$2"; shift;; + -e | --encrypt) OPTION_ENCRYPT="true"; vbm "DEBUG:Encrypted output mode enabled.";; # Enable encryption + -r | --recipient) OPTION_RECIPIENTS="true"; argRecPubKeys+=("$2"); vbm "STATUS:pubkey added:""$2"; shift;; # Add recipients + -c | --compress) OPTION_COMPRESS="true"; vbm "DEBUG:Compressed output mode enabled.";; # Enable compression + -z | --time-zone) try setTimeZoneEV "$2"; shift;; # Set timestamp timezone + -t | --temp-dir) OPTION_TMPDIR="true" && argTempDirPriority="$2"; shift;; # Set time zone + -R | --recipient-dir) OPTION_RECIPIENTS="true"; OPTION_RECDIR="true" && argRecDir="$2"; shift;; # Add recipient watch dir *) echoerr "ERROR: Unrecognized argument: $1"; echoerr "STATUS:All arguments:$*"; exit 1;; # Handle unrecognized options. esac shift @@ -819,6 +814,60 @@ appendFileTar(){ try tar --append --directory="$TMP_DIR" --file="$TAR_PATH" "$FILENAME"; #yell "DEBUG:STATUS:$FN:Finished appendFileTar()." } # Append file to Tar archive +checkAgePubkey() { + # Desc: Checks if string is an age-compatible pubkey + # Usage: checkAgePubkey [str pubkey] + # Version: 0.1.2 + # Input: arg1: string + # Output: return code 0: string is age-compatible pubkey + # return code 1: string is NOT an age-compatible pubkey + # age stderr (ex: there is stderr if invalid string provided) + # Depends: age (v0.1.0-beta2; https://github.com/FiloSottile/age/releases/tag/v1.0.0-beta2 ) + + argPubkey="$1"; + + if echo "test" | age -a -r "$argPubkey" 1>/dev/null; then + return 0; + else + return 1; + fi; +} # Check age pubkey +validateInput() { + # Desc: Validates Input + # Usage: validateInput [str input] [str input type] + # Version: 0.2.1 + # Input: arg1: string to validate + # arg2: string specifying input type (ex:"ssh_pubkey") + # Output: return code 0: if input string matched specified string type + # Depends: bash 5, yell + + # Save function name + local FN="${FUNCNAME[0]}"; + + # Process arguments + argInput="$1"; + argType="$2"; + if [[ $# -gt 2 ]]; then yell "ERROR:$0:$FN:Too many arguments."; exit 1; fi; + + # Check for blank + if [[ -z "$argInput" ]]; then return 1; fi + + # Define input types + ## ssh_pubkey + ### Check for alnum/dash base64 (ex: "ssh-rsa AAAAB3NzaC1yc2EAAA") + if [[ "$argType" = "ssh_pubkey" ]]; then + if [[ "$argInput" =~ ^[[:alnum:]-]*[\ ]*[[:alnum:]+/=]*$ ]]; then + return 0; fi; fi; + + ## age_pubkey + ### Check for age1[:bech32:] + if [[ "$argType" = "age_pubkey" ]]; then + if [[ "$argInput" =~ ^age1[qpzry9x8gf2tvdw0s3jn54khce6mua7l]*$ ]]; then + return 0; fi; fi + + # Return error if no condition matched. + return 1; +} # Validates strings magicWriteVersion() { # Desc: Appends time-stamped VERSION to PATHOUT_TAR # Usage: magicWriteVersion @@ -901,41 +950,70 @@ magicGatherWriteBuffer() { rm "$PATHOUT_BUFFER" "$PATHOUT_NMEA" "$PATHOUT_GPX" "$PATHOUT_KML"; vbm "DEBUG:STATUS:$FN:Finished magicWriteBuffer()."; } # write buffer to disk - -main() { - processArguments "$@" # Process arguments. - - # Determine working directory - ## Set DIR_TMP_PARENT to user-specified value if specified - if [[ "$OPTION_TMPDIR" = "true" ]]; then - if [[ -d "$TMP_DIR_PRIORITY" ]]; then - DIR_TMP_PARENT="$OPTION_TMPDIR"; +magicParseRecipientDir() { + # Desc: Updates recPubKeysValid with pubkeys in dir specified by '-R' option ("recipient directory") + # Inputs: vars: OPTION_RECDIR, argRecDir, OPTION_ENCRYPTION + # arry: recPubKeysValid + # Outputs: arry: recPubKeysValid + # Depends: processArguments, + local recFileLine updateRecipients recipientDir + declare -a candRecPubKeysValid + + # Check that '-e' and '-R' set + if [[ "$OPTION_ENCRYPTION" = "true" ]] && [[ "$OPTION_RECDIR" = "true" ]]; then + ### Check that argRecDir is a directory. + if [[ -d "$argRecDir" ]]; then + recipientDir="$argRecDir"; + #### Initialize variable indicating outcome of pubkey review + unset updateRecipients + #### Add existing recipients + candRecPubKeysValid=(${recPubKeysValid[@]}); + #### Parse files in recipientDir + for file in "$recipientDir"/*; do + ##### Read first line of each file + recFileLine="$(cat "$file" | head -n1)"; + ##### check if first line is a valid pubkey + if checkAgePubkey "$recFileLine" && \ + ( validateInput "$recFileLine" "ssh_pubkey" || validateInput "$recFileLine" "age_pubkey"); then + ###### T: add candidate pubkey to candRecPubKeysValid + candRecPubKeysValid+=("$recFileLine"); + else + ###### F: throw warning; + yell "ERROR:Invalid recipient file detected. Not modifying recipient list." + updateRecipients="false"; + fi; + done + #### Write updated recPubKeysValid array to recPubKeysValid if no failure detected + if ! updateRecipients="false"; then + recPubKeysValid=(${candRecPubKeysValid[@]}); + fi; else - yell "WARNING:Specified temporary working directory not valid:$OPTION_TMPDIR"; - exit 1; - fi - fi - - ## Set DIR_TMP_PARENT to default or fallback otherwise - if [[ -d "$DIR_TMP_DEFAULT" ]]; then - DIR_TMP_PARENT="$DIR_TMP_DEFAULT"; - elif [[ -d /tmp ]]; then - yell "WARNING:/dev/shm not available. Falling back to /tmp ."; - DIR_TMP_PARENT="/tmp"; - else - yell "ERROR:No valid working directory available. Exiting."; - exit 1; - fi - - ## Set DIR_TMP using DIR_TMP_PARENT and nonce (SCRIPT_TIME_START) - DIR_TMP="$DIR_TMP_PARENT"/"$SCRIPT_TIME_START""..bkgpslog" && vbm "DEBUG:Set DIR_TMP to:$DIR_TMP"; # Note: removed at end of main(). - - # Set output encryption and compression option strings - if [[ "$OPTION_ENCRYPT" = "true" ]]; then # Check if encryption option active. + yell "ERROR:$0:Recipient directory $argRecDir does not exist. Exiting."; exit 1; + fi; + fi; + # Handle case if '-e' set but '-R' not set + if [[ "$OPTION_ENCRYPTION" = "true" ]] && [[ ! "$OPTION_RECDIR" = "true" ]]; then + yell "ERROR: \'-e\' set but \'-R\' is not set."; fi; + # Handle case if '-R' set but '-e' not set + if [[ ! "$OPTION_ENCRYPTION" = "true" ]] && [[ "$OPTION_RECDIR" = "true" ]]; then + yell "ERROR: \'-R\' is set but \'-e\' is not set."; fi; +} # Update recPubKeysValid with argRecDir +magicParseRecipientArgs() { + # Desc: Parses recipient arguments specified by '-r' option + # Input: vars: OPTION_ENCRYPT from processArguments() + # arry: argRecPubKeys from processArguments() + # Output: vars: CMD_ENCRYPT, CMD_ENCRYPT_SUFFIX + # arry: recPubKeysValid + # Depends: checkapp(), checkAgePubkey(), validateInput(), processArguments() + local recipients + + # Check if encryption option active. + if [[ "$OPTION_ENCRYPT" = "true" ]] && [[ "$OPTION_RECIPIENTS" = "true" ]]; then if checkapp age; then # Check that age is available. - for pubkey in "${recPubKeys[@]}"; do # Validate recipient pubkey strings by forming test message + for pubkey in "${argRecPubKeys[@]}"; do # Validate recipient pubkey strings by forming test message vbm "DEBUG:Testing pubkey string:$pubkey"; - if echo "butts" | age -a -r "$pubkey" 1>/dev/null; then + if checkAgePubkey "$pubkey" && \ + ( validateInput "$pubkey" "ssh_pubkey" || validateInput "$pubkey" "age_pubkey"); then #### Form age recipient string recipients="$recipients""-r '$pubkey' "; vbm "STATUS:Added pubkey for forming age recipient string:""$pubkey"; @@ -944,21 +1022,33 @@ main() { recPubKeysValid+=("$pubkey") && vbm "DEBUG:recPubkeysValid:pubkey added:$pubkey"; else yell "ERROR:Exit code ""$?"". Invalid recipient pubkey string. Exiting."; exit 1; - fi + fi; done - vbm "DEBUG:Finished processing recPubKeys array"; + vbm "DEBUG:Finished processing argRecPubKeys array"; ## Form age command string CMD_ENCRYPT="age ""$recipients " && vbm "CMD_ENCRYPT:$CMD_ENCRYPT"; CMD_ENCRYPT_SUFFIX=".age" && vbm "CMD_ENCRYPT_SUFFIX:$CMD_ENCRYPT_SUFFIX"; else yell "ERROR:Encryption enabled but \"age\" not found. Exiting."; exit 1; - fi + fi; else CMD_ENCRYPT="tee /dev/null " && vbm "CMD_ENCRYPT:$CMD_ENCRYPT"; CMD_ENCRYPT_SUFFIX="" && vbm "CMD_ENCRYPT_SUFFIX:$CMD_ENCRYPT_SUFFIX"; vbm "DEBUG:Encryption not enabled." - fi + fi; + # Catch case if '-e' is set but '-r' or '-R' is not + if [[ "$OPTION_ENCRYPT" = "true" ]] && [[ ! "$OPTION_RECIPIENTS" = "true" ]]; then + yell "ERROR:\'-e\' set but no \'-r\' or \'-R\' set."; exit 1; fi; + # Catch case if '-r' or '-R' set but '-e' is not + if [[ ! "$OPTION_ENCRYPT" = "true" ]] && [[ "$OPTION_RECIPIENTS" = "true" ]]; then + yell "ERROR:\'-r\' or \'-R\' set but \'-e\' is not set."; exit 1; fi; +} # Populate recPubKeysValid with argRecPubKeys; form encryption cmd string and filename suffix +magicParseCompressionArg() { + # Desc: Parses compression arguments specified by '-c' option + # Input: vars: OPTION_COMPRESS + # Output: CMD_COMPRESS, CMD_COMPRESS_SUFFIX + # Depends: checkapp(), vbm(), gzip, if [[ "$OPTION_COMPRESS" = "true" ]]; then # Check if compression option active if checkapp gzip; then # Check if gzip available CMD_COMPRESS="gzip " && vbm "CMD_COMPRESS:$CMD_COMPRESS"; @@ -970,10 +1060,58 @@ main() { CMD_COMPRESS="tee /dev/null " && vbm "CMD_COMPRESS:$CMD_COMPRESS"; CMD_COMPRESS_SUFFIX="" && vbm "CMD_COMPRESS_SUFFIX:$CMD_COMPRESS_SUFFIX"; vbm "DEBUG:Compression not enabled."; - fi + fi +} # Form compression cmd string and filename suffix +magicInitWorkingDir() { + # Desc: Determine temporary working directory from defaults or user input + # Usage: magicInitWorkignDir + # Input: vars: OPTION_TEMPDIR, argTempDirPriority, DIR_TMP_DEFAULT + # Input: vars: SCRIPT_TIME_START + # Output: vars: DIR_TMP + # Depends: processArguments(), vbm(), yell() + # Parse '-t' option (user-specified temporary working dir) + ## Set DIR_TMP_PARENT to user-specified value if specified + local DIR_TMP_PARENT + + if [[ "$OPTION_TMPDIR" = "true" ]]; then + if [[ -d "$argTempDirPriority" ]]; then + DIR_TMP_PARENT="$argTempDirPriority"; + else + yell "WARNING:Specified temporary working directory not valid:$argTempDirPriority"; + exit 1; # Exit since user requires a specific temp dir and it is not available. + fi; + else + ## Set DIR_TMP_PARENT to default or fallback otherwise + if [[ -d "$DIR_TMP_DEFAULT" ]]; then + DIR_TMP_PARENT="$DIR_TMP_DEFAULT"; + elif [[ -d /tmp ]]; then + yell "WARNING:$DIR_TMP_DEFAULT not available. Falling back to /tmp ."; + DIR_TMP_PARENT="/tmp"; + else + yell "ERROR:No valid working directory available. Exiting."; + exit 1; + fi + fi; + ## Set DIR_TMP using DIR_TMP_PARENT and nonce (SCRIPT_TIME_START) + DIR_TMP="$DIR_TMP_PARENT"/"$SCRIPT_TIME_START""..bkgpslog" && vbm "DEBUG:Set DIR_TMP to:$DIR_TMP"; # Note: removed at end of main(). +} # Sets working dir - # Check that critical apps and dirs are available, displag missing ones. - if ! checkapp gpspipe tar && ! checkdir "$DIR_OUT" "/dev/shm"; then +main() { + # Process arguments + processArguments "$@"; + ## Act upon arguments + ### Determine working directory + magicInitWorkingDir; # Sets DIR_TMP from argTempDirPriority + ### Set output encryption and compression option strings + #### React to "-r" ("encryption recipients") option + magicParseRecipientArgs; # Updates recPubKeysValid, CMD_ENCRYPT[_SUFFIX] + #### React to "-c" ("compression") option + magicParseCompressionArg; # Updates CMD_COMPRESS[_SUFFIX] + #### React to "-R" ("recipient directory") option + magicParseRecipientDir; # Updates recPubKeysValid + + # Check that critical apps and dirs are available, display missing ones. + if ! checkapp gpspipe tar && ! checkdir "$DIR_OUT" "DIR_TMP"; then yell "ERROR:Critical components missing."; displayMissing; yell "Exiting."; exit 1; fi