From 2b95eb1d48a24c3799ac4971748fe2d50da26228 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= <cynerd@email.cz>
Date: Sun, 17 Sep 2017 20:07:10 +0200
Subject: Add usbkey script

---
 local/bin/usbkey | 190 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 190 insertions(+)
 create mode 100755 local/bin/usbkey

(limited to 'local')

diff --git a/local/bin/usbkey b/local/bin/usbkey
new file mode 100755
index 0000000..5e7648a
--- /dev/null
+++ b/local/bin/usbkey
@@ -0,0 +1,190 @@
+#!/bin/sh
+set -e
+
+UUID_KKEY="7930cd94-b56e-4395-8859-f34da77f29be"
+UUID_WKEY=""
+
+CRYPT_NAME="usbkey"
+MOUNT_PATH="/media/usbkey"
+
+op_mount() {
+	# First check if we have key drive
+	if [ ! -e "/dev/disk/by-uuid/$UUID_KKEY" ]; then
+		echo "Can't locate appropriate usb drive." >&2
+		exit 1
+	fi
+	# Decrypt drive
+	if [ -e "/dev/mapper/$CRYPT_NAME" ]; then
+		echo "USB key seems to be already decrypted" >&2
+	else
+		echo "Decrypting usb key" >&2
+		sudo -- cryptsetup open /dev/disk/by-uuid/"$UUID_KKEY" "$CRYPT_NAME"
+	fi
+	# Mount drive
+	if mount | grep -q "$MOUNT_PATH"; then
+		echo "USB key is already mounted" >&2
+	else
+		echo "Mounting usb key"
+		sudo -- mkdir -p "$MOUNT_PATH"
+		sudo -- mount -o uid="$(id -u)",gid="$(id -g)" "/dev/mapper/$CRYPT_NAME" "$MOUNT_PATH"
+	fi
+
+	echo "USB key drive mounted" >&2
+}
+
+op_unmount() {
+	# Unmount
+	if mount | grep -q "$MOUNT_PATH"; then
+		echo "Unmounting usb key" >&2
+		sync "$MOUNT_PATH"
+		sudo -- umount "$MOUNT_PATH"
+	fi
+	# Remove mount path
+	[ ! -d "$MOUNT_PATH" ] || sudo -- rmdir "$MOUNT_PATH"
+	# Close encryption
+	if [ -e "/dev/mapper/$CRYPT_NAME" ]; then
+		echo "Closing encryption on usb key" >&2
+		sudo -- cryptsetup close "$CRYPT_NAME"
+	fi
+
+	echo "USB key unmounted" >&2
+}
+
+check_mount() {
+	mount | grep "$MOUNT_PATH" | grep -q "/dev/mapper/$CRYPT_NAME"
+}
+
+op_sync() {
+	local DOUNMOUNT=false
+	local EXITC=0
+	if ! check_mount; then
+		DOUNMOUNT=true
+		op_mount
+	fi
+	if [ -e "/dev/disk/by-uuid/$UUID_WKEY" ]; then
+		# Mount backup usb
+		sudo -- cryptsetup open "/dev/disk/by-uuid/$UUID_WKEY" "$CRYPT_NAME-backup"
+		sudo -- mkdir -p "$MOUNT_PATH-backup"
+		sudo -- mount -o uid="$(id -u)",gid="$(id -g)" "/dev/mapper/$CRYPT_NAME-backup" "$MOUNT_PATH-backup"
+		# Sync them
+		rsync -aAxXS --delete --progress "$MOUNT_PATH/" "$MOUNT_PATH-backup/"
+		# Unmount it
+		sudo -- umount "$MOUNT_PATH-backup"
+		sudo -- rmdir "$MOUNT_PATH-backup"
+		sudo -- cryptsetup close "$CRYPT_NAME-backup"
+	else
+		echo "USB backup key seems to not be inserted. Please do so." >&2
+		EXITC=1
+	fi
+	if $DOUNMOUNT; then
+		op_unmount
+	fi
+	exit $EXITC
+}
+
+ssh_list() {
+	check_mount || op_mount
+	for KEY in $(find "$MOUNT_PATH/ssh" -name '*.pub'); do
+		local N="${KEY#$MOUNT_PATH/ssh/}"
+		echo -n "${N%.pub}: "
+		sed -n 's/ssh-rsa .* \(.*\)/\1/p' "$KEY"
+	done
+}
+
+ssh_generate() {
+	check_mount || op_mount
+	if [ -f "$MOUNT_PATH/ssh/$NAME" ]; then
+		echo "Key $NAME seems to already exists." >&2
+		exit 1
+	fi
+	echo -n "Please enter comment: "
+	read COMMENT
+	ssh-keygen -f "$MOUNT_PATH/ssh/$NAME" -C "$COMMENT"
+}
+
+ssh_import() {
+	check_mount || op_mount
+	if [ -f "$MOUNT_PATH/ssh/$NAME" ] && [ -f "$MOUNT_PATH/ssh/$NAME.pub" ]; then
+		echo "There is no key named $NAME" >&2
+		exit 1
+	fi
+	cp "$MOUNT_PATH/ssh/$NAME" ~/.ssh/
+	cp "$MOUNT_PATH/ssh/$NAME.pub" ~/.ssh/
+}
+
+
+unknown_argument() {
+	echo "Unknown argument: $1"
+	exit 1
+}
+# Parse operation (operation have to be first)
+case "$1" in
+	-h|--help)
+		echo "Usb key manager"
+		echo "Usage: usbkey OPERATION ..."
+		echo
+		echo "Operations:"
+		echo "  mount: Mount key of usb driver"
+		echo "  unmount: Unmount usb driver"
+		echo "  sync: Synchronize drive to bakup drive"
+		echo "  gpg-import: Import gpg key"
+		echo "  ssh-import: Import ssh key"
+		echo "  ssh-generate: Generate new ssh key"
+		echo "  ssh-list: List all keys in store"
+		echo "  openvpn-get: Get keys for some host"
+		echo "  openvpn-generate: Generate key for new host"
+		exit 0
+		;;
+	mount|unmount|sync|gpg-import|ssh-import|ssh-generate|ssh-list|openvpn-get|openvpn-generate)
+		OPERATION="$1"
+		;;
+	*)
+		unknown_argument "$1"
+		;;
+esac
+shift
+# Parse rest of the arguments
+while [ $# -gt 0 ]; do
+	case "$1" in
+		-h|--help)
+			echo "Usb key manager"
+			case "$OPERATION" in
+				mount|unmount|sync)
+					echo "Usage: usbkey $OPERATION [-h]"
+					;;
+				ssh-*)
+					echo "Usage: usbkey $OPERATION NAME [-h]"
+					;;
+				# TODO
+			esac
+			exit 0
+			;;
+		*)
+			if [[ "$OPERATION" = ssh-* ]] && [ -z "$NAME" ]; then
+				NAME="$1"
+			else
+				unknown_argument "$1"
+			fi
+			;;
+	esac
+	shift
+done
+
+case "$OPERATION" in
+	mount)
+		op_mount
+		;;
+	unmount)
+		op_unmount
+		;;
+	sync)
+		op_sync
+		;;
+	ssh-list)
+		ssh_list
+		;;
+	*)
+		echo "Operation $OPERATION not implemented" >&2
+		exit 2
+		;;
+esac
-- 
cgit v1.2.3


From 73f3fc2eb900d54915debb23017c7b9bca978645 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= <cynerd@email.cz>
Date: Mon, 18 Sep 2017 11:23:40 +0200
Subject: Update usbkey

---
 local/bin/usbkey | 94 +++++++++++++++++++++++++++++++++-----------------------
 1 file changed, 56 insertions(+), 38 deletions(-)

(limited to 'local')

diff --git a/local/bin/usbkey b/local/bin/usbkey
index 5e7648a..658fd98 100755
--- a/local/bin/usbkey
+++ b/local/bin/usbkey
@@ -56,30 +56,36 @@ check_mount() {
 
 op_sync() {
 	local DOUNMOUNT=false
-	local EXITC=0
+	if [ -e "/dev/disk/by-uuid/$UUID_WKEY" ]; then
+		echo "USB backup key seems to not be inserted. Please do so." >&2
+		exit 1
+	fi
 	if ! check_mount; then
 		DOUNMOUNT=true
 		op_mount
 	fi
-	if [ -e "/dev/disk/by-uuid/$UUID_WKEY" ]; then
-		# Mount backup usb
-		sudo -- cryptsetup open "/dev/disk/by-uuid/$UUID_WKEY" "$CRYPT_NAME-backup"
-		sudo -- mkdir -p "$MOUNT_PATH-backup"
-		sudo -- mount -o uid="$(id -u)",gid="$(id -g)" "/dev/mapper/$CRYPT_NAME-backup" "$MOUNT_PATH-backup"
-		# Sync them
-		rsync -aAxXS --delete --progress "$MOUNT_PATH/" "$MOUNT_PATH-backup/"
-		# Unmount it
-		sudo -- umount "$MOUNT_PATH-backup"
-		sudo -- rmdir "$MOUNT_PATH-backup"
-		sudo -- cryptsetup close "$CRYPT_NAME-backup"
-	else
-		echo "USB backup key seems to not be inserted. Please do so." >&2
-		EXITC=1
-	fi
+
+	# Mount backup usb
+	sudo -- cryptsetup open "/dev/disk/by-uuid/$UUID_WKEY" "$CRYPT_NAME-backup"
+	sudo -- mkdir -p "$MOUNT_PATH-backup"
+	sudo -- mount -o uid="$(id -u)",gid="$(id -g)" "/dev/mapper/$CRYPT_NAME-backup" "$MOUNT_PATH-backup"
+	# Sync them
+	rsync -ax --delete --progress "$MOUNT_PATH/" "$MOUNT_PATH-backup/"
+	# Unmount it
+	sudo -- umount "$MOUNT_PATH-backup"
+	sudo -- rmdir "$MOUNT_PATH-backup"
+	sudo -- cryptsetup close "$CRYPT_NAME-backup"
+
 	if $DOUNMOUNT; then
 		op_unmount
 	fi
-	exit $EXITC
+
+	echo "Sync process finished." >&2
+}
+
+op_gpg_import() {
+	# TODO
+	true
 }
 
 ssh_list() {
@@ -91,8 +97,16 @@ ssh_list() {
 	done
 }
 
-ssh_generate() {
+check_ssh_nane() {
+	if [ -z "$NAME" ]; then
+		echo "You have to specify key name!" >&2
+		exit 1
+	fi
+}
+
+op_ssh_generate() {
 	check_mount || op_mount
+	check_ssh_nane
 	if [ -f "$MOUNT_PATH/ssh/$NAME" ]; then
 		echo "Key $NAME seems to already exists." >&2
 		exit 1
@@ -100,16 +114,36 @@ ssh_generate() {
 	echo -n "Please enter comment: "
 	read COMMENT
 	ssh-keygen -f "$MOUNT_PATH/ssh/$NAME" -C "$COMMENT"
+
+	echo "SSH key $NAME was generated." >&2
 }
 
-ssh_import() {
+op_ssh_import() {
 	check_mount || op_mount
+	check_ssh_nane
 	if [ -f "$MOUNT_PATH/ssh/$NAME" ] && [ -f "$MOUNT_PATH/ssh/$NAME.pub" ]; then
 		echo "There is no key named $NAME" >&2
 		exit 1
 	fi
 	cp "$MOUNT_PATH/ssh/$NAME" ~/.ssh/
 	cp "$MOUNT_PATH/ssh/$NAME.pub" ~/.ssh/
+
+	echo "SSH key $NAME copied to local .ssh directory." >&2
+}
+
+op_openvpn_list() {
+	check_mount || op_mount
+	# TODO
+}
+
+op_openvpn_get() {
+	check_mount || op_mount
+	# TODO
+}
+
+op_openvpn_generate() {
+	check_mount || op_mount
+	# TODO
 }
 
 
@@ -131,6 +165,7 @@ case "$1" in
 		echo "  ssh-import: Import ssh key"
 		echo "  ssh-generate: Generate new ssh key"
 		echo "  ssh-list: List all keys in store"
+		echo "  openvpn-list: List all keys"
 		echo "  openvpn-get: Get keys for some host"
 		echo "  openvpn-generate: Generate key for new host"
 		exit 0
@@ -169,22 +204,5 @@ while [ $# -gt 0 ]; do
 	esac
 	shift
 done
-
-case "$OPERATION" in
-	mount)
-		op_mount
-		;;
-	unmount)
-		op_unmount
-		;;
-	sync)
-		op_sync
-		;;
-	ssh-list)
-		ssh_list
-		;;
-	*)
-		echo "Operation $OPERATION not implemented" >&2
-		exit 2
-		;;
-esac
+# Go to operation handler
+eval "op_$(echo "$OPERATION" | tr '-' '_')"
-- 
cgit v1.2.3


From 15deb620d084366ee51436aa97734a763f5f9e3b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= <cynerd@email.cz>
Date: Mon, 18 Sep 2017 21:14:54 +0200
Subject: Some small changes in usbkey

---
 local/bin/usbkey | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'local')

diff --git a/local/bin/usbkey b/local/bin/usbkey
index 658fd98..3fe7336 100755
--- a/local/bin/usbkey
+++ b/local/bin/usbkey
@@ -2,7 +2,7 @@
 set -e
 
 UUID_KKEY="7930cd94-b56e-4395-8859-f34da77f29be"
-UUID_WKEY=""
+UUID_WKEY="9fcaf42a-86d5-4e70-828d-fd90aad2d964"
 
 CRYPT_NAME="usbkey"
 MOUNT_PATH="/media/usbkey"
@@ -56,7 +56,7 @@ check_mount() {
 
 op_sync() {
 	local DOUNMOUNT=false
-	if [ -e "/dev/disk/by-uuid/$UUID_WKEY" ]; then
+	if [ ! -e "/dev/disk/by-uuid/$UUID_WKEY" ]; then
 		echo "USB backup key seems to not be inserted. Please do so." >&2
 		exit 1
 	fi
-- 
cgit v1.2.3


From dd30417fdba18a97945459b29e88cbbedb07874c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= <cynerd@email.cz>
Date: Mon, 18 Sep 2017 23:13:31 +0200
Subject: Add openvpn to usbkey

---
 local/bin/usbkey | 63 +++++++++++++++++++++++++++++++++++++++++++-------------
 1 file changed, 49 insertions(+), 14 deletions(-)

(limited to 'local')

diff --git a/local/bin/usbkey b/local/bin/usbkey
index 3fe7336..85eff7f 100755
--- a/local/bin/usbkey
+++ b/local/bin/usbkey
@@ -97,7 +97,7 @@ ssh_list() {
 	done
 }
 
-check_ssh_nane() {
+check_name() {
 	if [ -z "$NAME" ]; then
 		echo "You have to specify key name!" >&2
 		exit 1
@@ -105,8 +105,8 @@ check_ssh_nane() {
 }
 
 op_ssh_generate() {
+	check_name
 	check_mount || op_mount
-	check_ssh_nane
 	if [ -f "$MOUNT_PATH/ssh/$NAME" ]; then
 		echo "Key $NAME seems to already exists." >&2
 		exit 1
@@ -119,8 +119,8 @@ op_ssh_generate() {
 }
 
 op_ssh_import() {
+	check_name
 	check_mount || op_mount
-	check_ssh_nane
 	if [ -f "$MOUNT_PATH/ssh/$NAME" ] && [ -f "$MOUNT_PATH/ssh/$NAME.pub" ]; then
 		echo "There is no key named $NAME" >&2
 		exit 1
@@ -131,19 +131,51 @@ op_ssh_import() {
 	echo "SSH key $NAME copied to local .ssh directory." >&2
 }
 
+# Note OpenVPN: CA generated using following command
+# openssl req -nodes -new -x509 -keyout ca.key -out ca.crt -config openssl.cnf
+
 op_openvpn_list() {
 	check_mount || op_mount
-	# TODO
+	for KEY in $(find "$MOUNT_PATH/openvpn" -name 'ca.crt' -o -name '*.crt' -print); do
+		local N="${KEY#$MOUNT_PATH/openvpn/}"
+		echo "${N%.crt}"
+	done
 }
 
 op_openvpn_get() {
+	check_name
 	check_mount || op_mount
-	# TODO
+	if [ ! -f "$MOUNT_PATH/openvpn/$NAME.key" ] || [ ! -f "$MOUNT_PATH/openvpn/$NAME.crt" ]; then
+		echo "There is no OpenVPN key $NAME" >&2
+		exit 1
+	fi
+	mkdir "openvpn-$NAME"
+	cp "$MOUNT_PATH/openvpn/$NAME.key" "openvpn-$NAME/"
+	cp "$MOUNT_PATH/openvpn/$NAME.crl" "openvpn-$NAME/"
+	cp "$MOUNT_PATH/openvpn/ca.crt" "openvpn-$NAME/"
+	cp "$MOUNT_PATH/openvpn/ta.key" "openvpn-$NAME/"
+
+	echo "OpenVPN key $NAME copied to openvpn-$NAME directory." >&2
 }
 
 op_openvpn_generate() {
+	check_name
 	check_mount || op_mount
-	# TODO
+	if [ -f "$MOUNT_PATH/openvpn/$NAME.key" ] && [ -f "$MOUNT_PATH/openvpn/$NAME.crt" ]; then
+		echo "OpenVPN key $NAME seems to already exists" >&2
+		exit 1
+	fi
+	(
+		cd  "$MOUNT_PATH/openvpn"
+		# Build request
+		openssl req -batch -days 3650 -nodes -new -config "openssl.cnf" \
+			-keyout "$NAME.key" -out "$NAME.csr"
+		# Sign request
+		openssl ca -days 3650 -config "openssl.cnf" \
+			-out "$NAME.crt" -in "$NAME.csr"
+	)
+
+	echo "OpenVPN key $NAME was generated." >&2
 }
 
 
@@ -164,13 +196,13 @@ case "$1" in
 		echo "  gpg-import: Import gpg key"
 		echo "  ssh-import: Import ssh key"
 		echo "  ssh-generate: Generate new ssh key"
-		echo "  ssh-list: List all keys in store"
-		echo "  openvpn-list: List all keys"
-		echo "  openvpn-get: Get keys for some host"
-		echo "  openvpn-generate: Generate key for new host"
+		echo "  ssh-list: List all ssh keys in store"
+		echo "  openvpn-list: List all openvpn keys"
+		echo "  openvpn-get: Get openvpn keys for some host"
+		echo "  openvpn-generate: Generate openvpn key for new host"
 		exit 0
 		;;
-	mount|unmount|sync|gpg-import|ssh-import|ssh-generate|ssh-list|openvpn-get|openvpn-generate)
+	mount|unmount|sync|gpg-import|ssh-import|ssh-generate|ssh-list|openvpn-list|openvpn-get|openvpn-generate)
 		OPERATION="$1"
 		;;
 	*)
@@ -184,10 +216,10 @@ while [ $# -gt 0 ]; do
 		-h|--help)
 			echo "Usb key manager"
 			case "$OPERATION" in
-				mount|unmount|sync)
+				mount|unmount|sync|ssh-list|openvn-list)
 					echo "Usage: usbkey $OPERATION [-h]"
 					;;
-				ssh-*)
+				ssh-*|openvpn-*)
 					echo "Usage: usbkey $OPERATION NAME [-h]"
 					;;
 				# TODO
@@ -195,7 +227,10 @@ while [ $# -gt 0 ]; do
 			exit 0
 			;;
 		*)
-			if [[ "$OPERATION" = ssh-* ]] && [ -z "$NAME" ]; then
+			if  [ -z "$NAME" ] && \
+				[ "$OPERATION" = "ssh-import" -o "$OPERATION" = "ssh-generate" -o \
+				"$OPERATION" = "openvpn-get" -o "$OPERATION" = "openvpn-generate" ] \
+				; then
 				NAME="$1"
 			else
 				unknown_argument "$1"
-- 
cgit v1.2.3


From 2d69c702522a1dbcb467a0e9ec7c6e75dbda0291 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= <karel.koci@nic.cz>
Date: Tue, 19 Sep 2017 13:11:12 +0200
Subject: Fix usbkey

---
 local/bin/usbkey | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'local')

diff --git a/local/bin/usbkey b/local/bin/usbkey
index 85eff7f..d72c52b 100755
--- a/local/bin/usbkey
+++ b/local/bin/usbkey
@@ -88,7 +88,7 @@ op_gpg_import() {
 	true
 }
 
-ssh_list() {
+op_ssh_list() {
 	check_mount || op_mount
 	for KEY in $(find "$MOUNT_PATH/ssh" -name '*.pub'); do
 		local N="${KEY#$MOUNT_PATH/ssh/}"
-- 
cgit v1.2.3


From f7bbac700377968afce8fd86c8c9db294cfaaca2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= <karel.koci@nic.cz>
Date: Tue, 19 Sep 2017 13:33:41 +0200
Subject: Only allow ff in gitbmerge

---
 local/bin/usbkey | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'local')

diff --git a/local/bin/usbkey b/local/bin/usbkey
index d72c52b..6d5115f 100755
--- a/local/bin/usbkey
+++ b/local/bin/usbkey
@@ -93,7 +93,7 @@ op_ssh_list() {
 	for KEY in $(find "$MOUNT_PATH/ssh" -name '*.pub'); do
 		local N="${KEY#$MOUNT_PATH/ssh/}"
 		echo -n "${N%.pub}: "
-		sed -n 's/ssh-rsa .* \(.*\)/\1/p' "$KEY"
+		sed -n 's/ssh-rsa [^ ]* \(.*\)/\1/p' "$KEY"
 	done
 }
 
-- 
cgit v1.2.3


From 48120fbbb4f2b46e44c92d09f90a244717b1812d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= <cynerd@email.cz>
Date: Sat, 30 Sep 2017 23:39:43 +0200
Subject: Fix mpd and usbkey

---
 local/bin/usbkey | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'local')

diff --git a/local/bin/usbkey b/local/bin/usbkey
index 6d5115f..bab47df 100755
--- a/local/bin/usbkey
+++ b/local/bin/usbkey
@@ -121,12 +121,14 @@ op_ssh_generate() {
 op_ssh_import() {
 	check_name
 	check_mount || op_mount
-	if [ -f "$MOUNT_PATH/ssh/$NAME" ] && [ -f "$MOUNT_PATH/ssh/$NAME.pub" ]; then
+	if [ ! -f "$MOUNT_PATH/ssh/$NAME" ] || [ ! -f "$MOUNT_PATH/ssh/$NAME.pub" ]; then
 		echo "There is no key named $NAME" >&2
 		exit 1
 	fi
 	cp "$MOUNT_PATH/ssh/$NAME" ~/.ssh/
 	cp "$MOUNT_PATH/ssh/$NAME.pub" ~/.ssh/
+	chmod 600 ~/.ssh/"$NAME"
+	chmod 640 ~/.ssh/"$NAME.pub"
 
 	echo "SSH key $NAME copied to local .ssh directory." >&2
 }
-- 
cgit v1.2.3