Backup script and gpg conf, release version 2

drduh · drduh · commit de4bd291b9a9 · 2020-05-25T14:52:18.000-07:00
diff --git a/README.md b/README.md
@@ -6,15 +6,12 @@ It uses GnuPG to symmetrically (i.e., using a master password) encrypt and decry
 
 # Release notes
 
-## Version 1 (2015)
-
-The original release which has been available for general use and review since July 2015. There are no known bugs nor security vulnerabilities identified in this stable version of pwd.sh. Compatible on Linux, OpenBSD, macOS.
+## Version 2 (2020)
 
-## Version 2b (2019)
-
-The second release of pwd.sh features several security and reliability improvements, and is an optional upgrade. Currently in beta testing. Compatible on Linux, OpenBSD, macOS.
+The second release of pwd.sh features many security and reliability improvements, and is a recommended upgrade. Compatible on Linux, OpenBSD, macOS.
 
 Changelist:
+
 * Passwords are now encrypted as individual files, rather than all encrypted as a single flat file.
 * Individual password filenames are random, mapped to usernames in an encrypted index file.
 * Index and password files are now "immutable" using chmod while pwd.sh is not running.
@@ -26,6 +23,10 @@ Changelist:
 * Removed option: read all passwords; no use case for having a single command.
 * Removed option: suppress generated password output; should be read from safe to verify save.
 
+## Version 1 (2015)
+
+The original release which has been available for general use and review since July 2015. There are no known bugs nor security vulnerabilities identified in this stable version of pwd.sh. Compatible on Linux, OpenBSD, macOS.
+
 # Use
 
 ```console
diff --git a/pwd.sh b/pwd.sh
@@ -12,10 +12,12 @@ umask 077
 now=$(date +%s)
 copy="$(command -v xclip || command -v pbcopy)"
 gpg="$(command -v gpg || command -v gpg2)"
+gpgconf="${HOME}/.gnupg/gpg.conf"
 backuptar="${PWDSH_BACKUP:=pwd.$(hostname).$(date +%F).tar}"
 safeix="${PWDSH_INDEX:=pwd.index}"
 safedir="${PWDSH_SAFE:=safe}"
-timeout=30
+script="$(basename $BASH_SOURCE)"
+timeout=10
 
 fail () {
   # Print an error message and exit.
@@ -122,7 +124,7 @@ write_pass () {
     encrypt "${password}" "${safeix}.${now}" - || \
       fail "Failed to put ${safeix}.${now}"
 
-  mv -v "${safeix}.${now}" "${safeix}"
+  mv "${safeix}.${now}" "${safeix}"
 }
 
 list_entry () {
@@ -141,8 +143,12 @@ backup () {
   # Archive encrypted index and safe directory.
 
   if [[ -f "${safeix}" && -d "${safedir}" ]] ; then \
-    tar cfv "${backuptar}" "${safeix}" "${safedir}"
+    cp "${gpgconf}" "gpg.conf.${now}"
+    tar cfv "${backuptar}" \
+      "${safeix}" "${safedir}" "gpg.conf.${now}" "${script}"
+    rm "gpg.conf.${now}"
   else fail "Nothing to archive" ; fi
+
   printf "\nArchived %s\n" "${backuptar}" ; \
 }
 
@@ -216,6 +222,8 @@ if [[ -z ${gpg} && ! -x ${gpg} ]] ; then fail "GnuPG is not available" ; fi
 
 if [[ -z ${copy} && ! -x ${copy} ]] ; then fail "Clipboard is not available" ; fi
 
+if [[ ! -f ${gpgconf} ]] ; then fail "GnuPG config is not available" ; fi
+
 if [[ ! -d "${safedir}" ]] ; then mkdir -p "${safedir}" ; fi
 
 chmod -R 0600 "${safeix}"  2>/dev/null
