Skip to content

Commit

Permalink
nc-encrypt.sh: Fix detection of running encryption
Browse files Browse the repository at this point in the history 
Signed-off-by: Tobias Knöppler <6317548+theCalcaholic@users.noreply.github.com>
  • Loading branch information
@theCalcaholic
theCalcaholic committed Sep 6, 2024
1 parent fc4c931 commit f14678a
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 7 deletions.
31 changes: 25 additions & 6 deletions bin/ncp/SECURITY/nc-encrypt.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,14 +20,14 @@ install()

configure()
{
(

set -e -o pipefail
local datadir parentdir encdir tmpdir
datadir="$(get_ncpcfg datadir)"
[[ "${datadir?}" == "null" ]] && datadir=/var/www/nextcloud/data
parentdir="$(dirname "${datadir}")"
encdir="${parentdir?}/ncdata_enc"
tmpdir="$(mktemp -u -p "${parentdir}" -t nc-data-crypt.XXXXXX))"
tmpdir="$(mktemp -u -p "${parentdir}" -t nc-data-crypt.XXXXXX)"

[[ "${ACTIVE?}" != "yes" ]] && {
if ! is_active; then
Expand Down Expand Up @@ -59,7 +59,7 @@ configure()
# Just mount already encrypted data
if [[ -f "${encdir?}"/gocryptfs.conf ]]; then
systemctl reset-failed ncp-encrypt ||:
systemd-run -u ncp-encrypt -E PASSWORD bash -c "gocryptfs -allow_other -q '${encdir}' '${datadir}' <<<\"\${PASSWORD}\" 2>&1 | sed /^Switch/d |& tee /var/log/ncp-encrypt.log"
systemd-run -u ncp-encrypt -E PASSWORD bash -c "gocryptfs -fg -allow_other -q '${encdir}' '${datadir}' <<<\"\${PASSWORD}\" 2>&1 | sed /^Switch/d |& tee /var/log/ncp-encrypt.log"

# switch to the regular virtual hosts after we decrypt, so we can access NC and ncp-web
a2ensite ncp 001-nextcloud
Expand All @@ -72,13 +72,32 @@ configure()
mkdir -p "${encdir?}"
echo "${PASSWORD?}" | gocryptfs -init -q "${encdir}"
save_maintenance_mode
trap restore_maintenance_mode EXIT
cleanup() {
umount "${datadir}" ||:
[[ -f "${tmpdir}" ]] && {
rm -rf "${datadir?}" ||:
mv "${tmpdir}" "${datadir}"

chown -R www-data:www-data "${datadir}"
}
restore_maintenance_mode
}
trap cleanup EXIT

mv "${datadir?}" "${tmpdir?}"

mkdir "${datadir}"
systemctl reset-failed ncp-encrypt ||:
systemd-run -u ncp-encrypt -E PASSWORD bash -c "gocryptfs -allow_other -q '${encdir}' '${datadir}' <<<\"\${PASSWORD}\" 2>&1 | sed /^Switch/d |& tee /var/log/ncp-encrypt.log"
systemd-run -u ncp-encrypt -E PASSWORD bash -c "gocryptfs -fg -allow_other -q '${encdir}' '${datadir}' <<<\"\${PASSWORD}\" 2>&1 | sed /^Switch/d |& tee /var/log/ncp-encrypt.log"

maxtries=5
while [[ "$(systemctl is-active ncp-encrypt)" != "active" ]]
do
echo "Wating for encryption process to start... (${maxtries})"
sleep 3
maxtries=$((maxtries - 1))
[[ $maxtries -gt 0 ]] || return 1
done

echo "Encrypting data..."
mv "${tmpdir}"/* "${tmpdir}"/.[!.]* "${datadir}"
Expand All @@ -88,7 +107,7 @@ configure()
set_ncpcfg datadir "${datadir}"

echo "Data is now encrypted"
)

}

# License
Expand Down
2 changes: 1 addition & 1 deletion ncp.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,7 +128,7 @@ EOF

cat > /home/www/ncp-app-bridge.sh <<'EOF'
#!/bin/bash
set -ex
set -e
grep -q '[\\&#;`|*?~<>^()[{}$&]' <<< "$*" && exit 1
action="${1?}"
[[ "$action" == "config" ]] && {
Expand Down

0 comments on commit f14678a

Please sign in to comment.