Feat: encrypted storage support for selected candidates (Closes #3)

98633d80 · Silvio Rhatto · 7720c6ba · 98633d80 · 98633d80 · 98633d80
Verified Commit 98633d80 authored Jun 16, 2022 by Silvio Rhatto
--- a/bin/encrypt-selected-key
+++ b/bin/encrypt-selected-key
+#!/usr/bin/env bash
+#
+# Encrypt the selected candidate from a given pool.
+#
+# Copyright (C) 2022 Silvio Rhatto <rhatto@torproject.org>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published
+# by the Free Software Foundation, either version 3 of the License,
+# or any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+# Parameters
+BASENAME="`basename $0`"
+DIRNAME="`dirname $0`"
+source $DIRNAME/params
+
+# Check
+if [ -z "$CONFIG" ]; then
+  echo "usage: onionmine $BASENAME <pool>"
+  echo ""
+  echo "Available pools:"
+  echo ""
+  ls -1 $POOLS | sed -e 's/^/    /'
+  echo ""
+  exit 1
+elif [ ! -h "$POOL/selected" ]; then
+  echo "$BASENAME: please select a candidate first"
+  exit 1
+elif [ -z "$ENCRYPTION_COMMAND" ]; then
+  echo "$BASENAME: please set the ENCRYPTION_COMMAND in your config"
+  exit 1
+fi
+
+# Additional parameters
+cd $POOL
+ONION_KEYS_PATH="`readlink selected`"
+ONION_ADDR="`basename $ONION_KEYS_PATH`"
+
+# Encrypt
+eval $ENCRYPTION_COMMAND
--- a/bin/encrypt-selected-key-batch
+++ b/bin/encrypt-selected-key-batch
+#!/usr/bin/env bash
+#
+# Encrypt all selected candidates.
+#
+# Copyright (C) 2022 Silvio Rhatto <rhatto@torproject.org>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published
+# by the Free Software Foundation, either version 3 of the License,
+# or any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+# Parameters
+BASENAME="`basename $0`"
+DIRNAME="`dirname $0`"
+source $DIRNAME/params
+
+# Iterate over all pools
+for pool in `ls $POOLS`; do
+  # Skip the example pool
+  if [ "$pool" == "example.org" ]; then
+    continue
+  fi
+
+  # Dispatch
+  echo ">batch: processing pool: $pool"
+  $DIRNAME/encrypt-selected-key $pool
+done
--- a/onionmine.conf.sample
+++ b/onionmine.conf.sample
@@ -138,3 +138,13 @@ RSYNC_EXCLUDES="--exclude=candidates --exclude=daemon --exclude=checkpoint.save
 # Whether to mine keys only if a selected key does not already exists for a
 # given pool.
 MINE_ONLY_IF_NO_SELECTED_KEY_EXISTS="1"
+
+# Encryption command
+# Here you can set an arbitraty command used to encrypt a candidate
+# You can use any variable available at runtime, especially the following:
+#
+# * ONION_ADDR: contains the Onion Service address of the candidate.
+# * ONION_KEYS_PATH: the path where the key material is stored.
+#
+# The following example uses https://0xacab.org/rhatto/keyringer/
+#ENCRYPTION_COMMAND='keyringer keyring-name encrypt $CONFIG/${ONION_ADDR} ${ONION_KEYS_PATH}'