# -*- mode: sh; sh-basic-offset: 3; indent-tabs-mode: nil; -*- # vim: set filetype=sh sw=3 sts=3 expandtab autoindent: HELPERS="$HELPERS dup:incremental_encrypted_remote_filesystem_backup" ### Functions do_dup_host_includes() { set -o noglob # choose the files to backup REPLY= while [ -z "$REPLY" ]; do formBegin "$dup_title - host system: includes" [ -z "$dup_includes" ] && dup_includes="$dup_default_includes" for i in $dup_includes; do formItem include "$i" done formItem include "" formItem include "" formItem include "" formItem include "" formItem include "" formItem include "" formItem include "" formItem include "" formDisplay [ $? = 0 ] || return 1 dup_includes="$REPLY" done set +o noglob } do_dup_excludes() { set -o noglob formBegin "$dup_title: excludes" [ -z "$dup_excludes" ] && dup_excludes="$dup_default_excludes" for i in $dup_excludes; do formItem exclude "$i" done formItem exclude "" formItem exclude "" formItem exclude "" formItem exclude "" formItem exclude "" formItem exclude "" formItem exclude "" formItem exclude "" formDisplay [ $? = 0 ] || return 1 dup_excludes="$REPLY" set +o noglob } do_dup_dest() { local replyconverted local thereply set -o noglob REPLY= while [ -z "$REPLY" -o -z "$dup_destdir" -o -z "$dup_desthost" -o -z "$dup_destuser" ]; do formBegin "$dup_title - destination: first three items are compulsory" formItem "desthost" "$dup_desthost" formItem "destuser" "$dup_destuser" formItem "destdir" "$dup_destdir" formItem "keep" "$dup_keep" formItem "incremental" "$dup_incremental" formItem "increments" "$dup_increments" formItem "keepincroffulls" "$dup_keepincroffulls" formItem "bandwidthlimit" "$dup_bandwidth" formItem "sshoptions" "$dup_sshoptions" formDisplay [ $? = 0 ] || return 1 IFS=$'' replyconverted=`echo $REPLY | tr '\n' :` IFS=$':' thereply=($replyconverted) IFS=$' \t\n' dup_desthost=${thereply[0]} dup_destuser=${thereply[1]} dup_destdir=${thereply[2]} dup_keep=${thereply[3]} dup_incremental=${thereply[4]} dup_increments=${thereply[5]} dup_keepincroffulls=${thereply[6]} dup_bandwidth=${thereply[7]} dup_sshoptions=${thereply[8]} done set +o noglob _dest_done="(DONE)" setDefault gpg } do_dup_gpg_encryptkey() { REPLY= while [ -z "$REPLY" -o -z "$dup_gpg_encryptkey" ]; do inputBox "$dup_title - GnuPG" "Enter ID of the public GnuPG key to be used to encrypt the backups:" "$dup_gpg_encryptkey" [ $? = 0 ] || return 1 dup_gpg_encryptkey="$REPLY" done } do_dup_gpg_sign() { # sign ? booleanBox "$dup_title - GnuPG" "Sign the backups?" "$dup_gpg_sign" if [ $? = 0 ]; then dup_gpg_sign=yes else dup_gpg_sign=no fi } do_dup_gpg_signkey() { # one key pair ? booleanBox "$dup_title - GnuPG" "Use the same GnuPG key pair for encryption and signing?" "$dup_gpg_onekeypair" if [ $? = 0 ]; then dup_gpg_onekeypair=yes else dup_gpg_onekeypair=no fi if [ "$dup_gpg_onekeypair" == "no" ]; then # signkey ? REPLY= while [ -z "$REPLY" -o -z "$dup_gpg_signkey" ]; do inputBox "$dup_title - GnuPG" "Enter the ID of the private GnuPG key to be used to sign the backups:" "$dup_gpg_signkey" [ $? = 0 ] || return 1 dup_gpg_signkey="$REPLY" done fi } do_dup_gpg_passphrase() { local question="Enter the passphrase needed to unlock the GnuPG encryption key:" REPLY= while [ -z "$REPLY" -o -z "$dup_gpg_password" ]; do passwordBox "$dup_title - GnuPG" "$question" [ $? = 0 ] || return 1 dup_gpg_password="$REPLY" done } do_dup_gpg_sign_passphrase() { local question="Enter the passphrase needed to unlock the GnuPG signature key:" REPLY= while [ -z "$REPLY" -o -z "$dup_gpg_signpassword" ]; do passwordBox "$dup_title - GnuPG" "$question" [ $? = 0 ] || return 1 dup_gpg_signpassword="$REPLY" done } do_dup_gpg() { # symmetric or public key encryption ? booleanBox "$dup_title - GnuPG" "Use public key encryption? Otherwise, symmetric encryption will be used, and data signing will be impossible." "$dup_gpg_asymmetric_encryption" if [ $? = 0 ]; then dup_gpg_asymmetric_encryption=yes else dup_gpg_asymmetric_encryption=no fi # when using public/private key pair encryption, ask for the keys to use if [ "$dup_gpg_asymmetric_encryption" == yes ]; then do_dup_gpg_encryptkey ; [ $? = 0 ] || return 1 do_dup_gpg_sign ; [ $? = 0 ] || return 1 if [ "$dup_gpg_sign" == yes ]; then do_dup_gpg_signkey ; [ $? = 0 ] || return 1 fi else dup_gpg_sign=no fi # a passphrase is alway needed do_dup_gpg_passphrase # If the signature key differs, we also need a passphrase for it [ -n "$dup_gpg_signkey" -a -n "$dup_gpg_encryptkey" -a "$dup_gpg_signkey" != "$dup_gpg_encryptkey" ] && do_dup_gpg_sign_passphrase _gpg_done="(DONE)" setDefault adv # TODO: replace the above line by the following when do_dup_conn is written # setDefault conn } # TODO: share rdiff.helper code in some lib, and use it here do_dup_conn() { _con_done="(DONE)" setDefault adv } do_dup_misc_options() { set -o noglob local replyconverted local thereply formBegin "$dup_title - misc. options" formItem "nicelevel" "$dup_nicelevel" formItem "ionicelevel" "$dup_ionicelevel" formItem "testconnect" "$dup_testconnect" formItem "options" "$dup_options" formDisplay [ $? = 0 ] || return 1 IFS=$'' replyconverted=`echo $REPLY | tr '\n' :` IFS=$':' thereply=($replyconverted) IFS=$' \t\n' dup_nicelevel=${thereply[0]} dup_ionicelevel=${thereply[1]} dup_testconnect=${thereply[2]} dup_options=${thereply[3]} set +o noglob } # (rdiff.helper compatible interface... there could be some sode to share, hmmm.) do_dup_adv() { do_dup_misc_options [ $? = 0 ] || return 1 _adv_done="(DONE)" setDefault finish } do_dup_finish() { get_next_filename $configdirectory/90.dup cat > $next_filename <> $next_filename done set +o noglob cat >> $next_filename <> $next_filename done set +o noglob cat >> $next_filename <=0.4.2) ## warning: sftp does not support all scp options, especially -i; as ## a workaround, you can use "-o " ## an example setting would be: ## sshoptions = -o IdentityFile=/root/.ssh/id_rsa_duplicity ## ## duplicity >= 0.6.17 ## ------------------- ## supports only "-oIdentityFile=..." since duplicity >=0.6.17 uses paramiko, ## a ssh python module. ## warning: requires no space beetween "-o" and "IdentityFile=...". ## ## Default: # sshoptions = # put the backups under this destination directory # if using 'desturl' above, this must not be set # in all other cases, this must be set! destdir = $dup_destdir # the machine which will receive the backups # if using 'desturl' above, this must not be set # in all other cases, this must be set! desthost = $dup_desthost # make the files owned by this user # if using 'desturl' above, this must not be set # note: if using an SSH based transport and 'type' is set to 'remote', you must # be able to 'ssh backupuser@backuphost' without specifying a password. destuser = $dup_destuser EOF chmod 600 $next_filename } dup_main_menu() { while true; do srcitem="choose files to include & exclude $_src_done" destitem="configure backup destination $_dest_done" gpgitem="configure GnuPG encryption/signing $_gpg_done" conitem="set up ssh keys and test remote connection $_con_done" advitem="edit advanced settings $_adv_done" # TODO: add the following to the menu when do_dup_conn is written # conn "$conitem" \ menuBox "$dup_title" "choose a step:" \ src "$srcitem" \ dest "$destitem" \ gpg "$gpgitem" \ adv "$advitem" \ finish "finish and create config file" [ $? = 0 ] || return 1 result="$REPLY" case "$result" in "src") do_dup_src;; "dest") do_dup_dest;; "gpg") do_dup_gpg;; # TODO: enable the following when do_dup_conn is written # "conn") do_dup_conn;; "adv") do_dup_adv;; "finish") if [[ "$_dest_done$_gpg_done$_src_done" != "(DONE)(DONE)(DONE)" ]]; then # TODO: replace the previous test by the following when do_dup_conn is written # if [[ "$_con_done$_dest_done$_gpg_done$_src_done" != "(DONE)(DONE)(DONE)(DONE)" ]]; then msgBox "$dup_title" "You cannot create the configuration file until the four first steps are completed." else do_dup_finish break fi ;; esac done } ### Main function dup_wizard() { require_packages duplicity # Global variables dup_title="Duplicity action wizard" _src_done= _dest_done= _con_done= _gpg_done= _adv_done= dup_includes= dup_excludes= dup_incremental=yes dup_increments=30 dup_keep=60 dup_keepincroffulls= dup_bandwidth= dup_sshoptions= dup_destdir="/backups/`hostname`" dup_desthost= dup_destuser= dup_gpg_asymmetric_encryption="yes" dup_gpg_encryptkey="" dup_gpg_sign="yes" dup_gpg_onekeypair="yes" dup_gpg_signkey="" dup_gpg_password="" dup_gpg_signpassword="" dup_nicelevel=19 dup_ionicelevel= dup_testconnect=yes dup_options= # Global variables whose '*' shall not be expanded set -o noglob dup_default_includes="/var/spool/cron/crontabs /var/backups /etc /root /home /usr/local/*bin /var/lib/dpkg/status*" dup_default_excludes="/home/*/.gnupg /home/*/.local/share/Trash /home/*/.Trash /home/*/.thumbnails /home/*/.beagle /home/*/.aMule /home/*/gtk-gnutella-downloads /var/cache/backupninja/duplicity" set +o noglob dup_main_menu }