Add encrypted archive streaming script
This commit is contained in:
parent
4eac81b443
commit
6eb8fd8e0f
50
common/bin/encrypted-dir-archive
Executable file
50
common/bin/encrypted-dir-archive
Executable file
|
@ -0,0 +1,50 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
usage() {
|
||||||
|
# shellcheck disable=SC2016
|
||||||
|
echo 'encrypted-dir-archive <dir>
|
||||||
|
|
||||||
|
This script streams an gpg-encrypted byte-stream of a zstd-compressed \
|
||||||
|
tarball this can be redirected to a file for an encrypted backup.
|
||||||
|
|
||||||
|
Very roughly, this is a small wrapper around `tar cf . | zstd | gpg --encrypt` \
|
||||||
|
so you can go backwards to reverse the process `gpg --decrypt | zstd -d | tar xf`.
|
||||||
|
|
||||||
|
You can stream over ssh as a remote backup by piping to something like this: \
|
||||||
|
`ssh "$HOST" "cat - > '\$REMOTE_FILE'"`'.
|
||||||
|
}
|
||||||
|
|
||||||
|
if [ "$1" = '-h' ] || [ "$1" = "--help" ]; then
|
||||||
|
usage
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
dir="$1"
|
||||||
|
|
||||||
|
if [ -z "$dir" ]; then
|
||||||
|
echo "no directory argument provided" >&2
|
||||||
|
usage
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -d "$dir" ]; then
|
||||||
|
echo "'$dir' is not a directory" >&2
|
||||||
|
usage
|
||||||
|
exit 2
|
||||||
|
fi
|
||||||
|
|
||||||
|
# go to directory containing target directory
|
||||||
|
parent="$(dirname "$dir")"
|
||||||
|
pushd "$parent" >/dev/null || { echo "failed to cd to '$parent'" >&2; exit 3; }
|
||||||
|
|
||||||
|
# https://stackoverflow.com/a/30520299
|
||||||
|
if [ -t 1 ]; then
|
||||||
|
echo "not dumping encrypted data to terminal"
|
||||||
|
exit 4
|
||||||
|
fi
|
||||||
|
|
||||||
|
tar cf - "$(basename "$dir")" \
|
||||||
|
| zstd --ultra -T2 -22 \
|
||||||
|
| gpg --encrypt --recipient daniel@lyte.dev
|
||||||
|
|
||||||
|
popd || echo "failed to return to original directory" >&2
|
Reference in a new issue