mirror of
https://gitlab.com/hagrid-keyserver/hagrid.git
synced 2023-02-13 20:55:02 -05:00
contrib: add simple backup script
This commit is contained in:
Vincent Breitmoser
parent
35a6b9e057
commit
04f2e672b8
1 changed files with 70 additions and 0 deletions
70
contrib/hagrid-daily-backup
Executable file
70
contrib/hagrid-daily-backup
Executable file
|
|
@ -0,0 +1,70 @@
|
|||
#!/usr/bin/env zsh
|
||||
|
||||
set -e
|
||||
|
||||
[[ $# == 4 || $# == 5 ]] || { echo "Usage: $0 keys-internal-dir keys-external-dir encryption-key backup-dir [date]" >&2; exit 1; }
|
||||
|
||||
local keys_internal_dir=$1
|
||||
local keys_external_dir=$2
|
||||
local encryption_key=$3
|
||||
local backup_dir=$4
|
||||
# backupdate in format YYYY-MM-DD
|
||||
local backupdate=$5
|
||||
|
||||
[[ -d $keys_internal_dir ]] || { echo "Missing dir $keys_internal_dir" >&2; exit 1; }
|
||||
[[ -d $keys_internal_dir/log ]] || { echo "Missing dir $keys_internal_dir/log" >&2; exit 1; }
|
||||
[[ -d $keys_external_dir ]] || { echo "Missing dir $keys_external_dir" >&2; exit 1; }
|
||||
[[ -d $keys_external_dir/pub ]] || { echo "Missing dir $keys_external_dir/pub" >&2; exit 1; }
|
||||
[[ -f $encryption_key ]] || { echo "Missing file $encryption_key" >&2; exit 1; }
|
||||
[[ -d $backup_dir ]] || { echo "Missing dir $backup_dir" >&2; exit 1; }
|
||||
|
||||
if [[ -z $backupdate ]]; then
|
||||
# for EPOCHSECONDS
|
||||
zmodload zsh/datetime
|
||||
backupdate="$(date --date=@$(( EPOCHSECONDS - 24*60*60 )) +'%Y-%m-%d')"
|
||||
fi
|
||||
|
||||
local log_file="$keys_internal_dir/log/$backupdate"
|
||||
[[ -f $log_file ]] || { echo "Missing dir $log_file" >&2; exit 1; }
|
||||
|
||||
local tempdir=$(mktemp -d)
|
||||
trap "rm -rf ${(q)tempdir}" EXIT
|
||||
|
||||
local keylist_file=$tempdir/keylist
|
||||
|
||||
integer count=0
|
||||
cat $log_file | cut -d' ' -f2 | sort -u | while read -r fp; do
|
||||
key_file=${fp[1,2]}/${fp[3,4]}/${fp[5,$]}
|
||||
[[ -f $keys_external_dir/pub/$key_file ]] || { echo "Missing file $key_file" >&2; exit 1; }
|
||||
echo -E - $key_file
|
||||
count+=1
|
||||
done > $keylist_file
|
||||
|
||||
local backup_file_unencrypted=$tempdir/$backupdate.tar.gz
|
||||
local backup_file_encrypted=$tempdir/$backupdate.tar.gz.pgp
|
||||
|
||||
tar \
|
||||
--create \
|
||||
--gzip \
|
||||
--file $backup_file_unencrypted \
|
||||
--verbatim-files-from \
|
||||
--directory $keys_external_dir/pub \
|
||||
--files-from $keylist_file
|
||||
|
||||
GNUPGHOME=$tempdir gpg \
|
||||
--quiet \
|
||||
--no-keyring \
|
||||
--compress-level 0 \
|
||||
--recipient-file $encryption_key \
|
||||
--output $backup_file_encrypted \
|
||||
--encrypt $backup_file_unencrypted
|
||||
|
||||
backup_file=$backup_dir/$backupdate.tar.gz.pgp
|
||||
mv $backup_file_encrypted $backup_file
|
||||
|
||||
sha256sum="$(cd $backup_dir; sha256sum $backupdate.tar.gz.pgp)"
|
||||
echo $sha256sum >> $backup_dir/SHA256SUM
|
||||
|
||||
echo "finished backup for $backupdate, total keys $count"
|
||||
ls -l $backup_file
|
||||
echo $sha256sum
|
||||
Loading…
Reference in a new issue