-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcommon.sh
155 lines (128 loc) · 3.08 KB
/
common.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
# shellcheck shell=bash
# shellcheck disable=SC2034,SC2154 # parent scripts define this
: "${scriptdir}"
default_key_prog="${ZORG_KEY_PROG}"
: "${BORG_RSH:=ssh}"
: "${BORG_RELOCATED_REPO_ACCESS_IS_OK:=yes}"
: "${SOPS_GPG_KEYSERVER:=keys.openpgp.org}"
export SOPS_GPG_KEYSERVER
propagated_envvars=(
PATH
BORG_RELOCATED_REPO_ACCESS_IS_OK
BORG_REMOTE_PATH
BORG_RSH
GNUPGHOME
ZORG_DEBUG
ZORG_KEY_PROG
ZORG_SSH_KEY
ZORG_USE_BORG_CACHE
ZORG_SOPS_KEYSERVICE_ADDR
SOPS_PGP_FP
SOPS_GPG_KEYSERVER
SSH_AUTH_SOCK
)
decho () {
[ -z "${ZORG_DEBUG:-}" ] && return 0
echo >&2 "${@}"
}
dataset_exists () {
zfs list -H -p -o name -s name "${1}" &>/dev/null
}
sha256str () {
str="${1}"
sha256sum - <<< "${str}" | cut -d' ' -f1
}
creds_dir () {
repo_name="${1}"
old_dir="${scriptdir}/creds/${repo_name}"
dir="${scriptdir}/creds/$(sha256str "${repo_name}")"
if [ -d "${old_dir}" ] && ! [ -d "${dir}" ]; then
mv -v "${old_dir}" "${dir}" 1>&2
fi
echo "${dir}"
}
write_file () {
perms="${1}"
target="${2}"
>&2 mkdir -p "$(dirname -- "${target}")"
>&2 touch "${target}"
>&2 chmod 600 "${target}"
cat > "${target}"
>&2 chmod "${perms}" "${target}"
}
propagate_env () {
envvars=()
for var in "${propagated_envvars[@]}"; do
value="${!var:-}"
[ -z "${value}" ] && continue
envvars+=("${var}=${value}")
done
echo env "${envvars[@]}" "${@}"
}
_determine_key_prog () {
local credsdir="${1}"
if [ -f "${credsdir}/type" ]; then
echo "$(< "${credsdir}/type")"
fi
}
encrypt_key () {
local credsdir="${1}"
local key_prog="${2:-}"
if [ -z "${key_prog}" ]; then
key_prog="$(_determine_key_prog "${credsdir}")"
fi
if [ -z "${key_prog}" ]; then
key_prog="${default_key_prog}"
fi
if ! [ -x "${scriptdir}/key/${key_prog}" ]; then
echo >&2 ">>> Unsupported key program '${key_prog}'"
exit 1
fi
"${scriptdir}/key/${key_prog}" encrypt "${credsdir}"
echo "${key_prog}" > "${credsdir}/type"
}
decrypt_key () {
local credsdir="${1}"
local key_prog; key_prog="$(_determine_key_prog "${credsdir}")"
if ! [ -x "${scriptdir}/key/${key_prog}" ]; then
echo >&2 ">>> Unsupported key program '${key_prog}'"
exit 1
fi
"${scriptdir}/key/${key_prog}" decrypt "${credsdir}"
}
resolve_repo_dir () {
local repodir="${1}"
local repo_name="${2}"
if [ -d "${repodir}/${repo_name}" ]; then
echo -n "${repodir}/${repo_name}"
elif [ -f "${repodir}/${repo_name}.remote" ]; then
echo -n "$(< "${repodir}/${repo_name}.remote")"
fi
}
dataset_to_repo_name () {
local dataset="${1}"
if [[ "${dataset}" = *@* ]]; then
dataset="${dataset/@*/}"
fi
basename -- "${dataset}"
}
cleanup_hooks=()
run_cleanup_hooks () {
for hook in "${cleanup_hooks[@]}"; do
"${hook}" || echo "hook '${hook}' failed!"
done
}
trap 'run_cleanup_hooks' EXIT
if [ -z "${ZORG_SOPS_KEYSERVICE_ADDR:-}" ]; then
dir="$(mktemp --tmpdir -d zorgsops."${USER}".XXXXXXX)"
sops keyservice --network unix --address "${dir}/sock" &
sops_pid="${!}"
cleanup_sops () {
if kill -TERM "${sops_pid}"; then
wait "${sops_pid}" || true
fi
rm -rf "${dir}"
}
cleanup_hooks+=(cleanup_sops)
export ZORG_SOPS_KEYSERVICE_ADDR="unix:${dir}/sock"
fi