mirror of
https://github.com/offen/docker-volume-backup.git
synced 2024-11-14 02:25:49 +01:00
44ad3bbda2
GPG is known to have usability issues and is generally cumbersome to use. age [0] is a modern alternative to GPG that is designed by a cryptographer that has worked and continues to work on Golang's crypto packages for years. Allowing age to be used to encrypt backups dramatically simplifies the backup process. [0]: https://age-encryption.org/
44 lines
1.1 KiB
Bash
Executable File
44 lines
1.1 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
set -e
|
|
|
|
cd "$(dirname "$0")"
|
|
. ../util.sh
|
|
current_test=$(basename "$(pwd)")
|
|
|
|
export LOCAL_DIR="$(mktemp -d)"
|
|
|
|
age-keygen >"$LOCAL_DIR/pk-a.txt"
|
|
PK_A="$(grep -E 'public key' <"$LOCAL_DIR/pk-a.txt" | cut -d: -f2 | xargs)"
|
|
age-keygen >"$LOCAL_DIR/pk-b.txt"
|
|
PK_B="$(grep -E 'public key' <"$LOCAL_DIR/pk-b.txt" | cut -d: -f2 | xargs)"
|
|
|
|
export BACKUP_AGE_PUBLIC_KEYS="$PK_A,$PK_B"
|
|
|
|
docker compose up -d --quiet-pull
|
|
sleep 5
|
|
|
|
docker compose exec backup backup
|
|
|
|
expect_running_containers "2"
|
|
|
|
do_decrypt() {
|
|
TMP_DIR=$(mktemp -d)
|
|
age --decrypt -i "$1" -o "$LOCAL_DIR/decrypted.tar.gz" "$LOCAL_DIR/test.tar.gz.age"
|
|
tar -xf "$LOCAL_DIR/decrypted.tar.gz" -C "$TMP_DIR"
|
|
|
|
if [ ! -f "$TMP_DIR/backup/app_data/offen.db" ]; then
|
|
fail "Could not find expected file in untared archive."
|
|
fi
|
|
rm -vf "$LOCAL_DIR/decrypted.tar.gz"
|
|
|
|
pass "Found relevant files in decrypted and untared local backup."
|
|
|
|
if [ ! -L "$LOCAL_DIR/test-latest.tar.gz.age" ]; then
|
|
fail "Could not find local symlink to latest encrypted backup."
|
|
fi
|
|
}
|
|
|
|
do_decrypt "$LOCAL_DIR/pk-a.txt"
|
|
do_decrypt "$LOCAL_DIR/pk-b.txt"
|