Last active
September 12, 2018 17:12
-
-
Save stbuehler/fdec9986ee4bede0e404f183c8ae71b6 to your computer and use it in GitHub Desktop.
etckeeper-commit-gpg-mail
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# post-commit hook for etckeeper | |
set -e | |
recipients=admin@example.com | |
hostname=$(hostname -f) | |
git format-patch -1 --subject-prefix="etckeeper ${hostname}" --stdout | safe-mail $recipients |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# requires formail (from procmail), gpg, awk and a sendmail program | |
# | |
# reads a mail from stdin; defaults to utf-8 text/plain content-type | |
# no idea how well it works with multipart (depends on formail...) | |
# only the from header is put into the unencrypted header, all other | |
# headers are protected | |
# | |
# recipients (the only arguments taken) need to have a trusted key in gpg | |
set -e | |
if [ $# = 0 ]; then | |
echo >&2 "Missing recipients" | |
exit 1 | |
fi | |
tmpdir=$(mktemp --tmpdir -d safe-mail-XXXXXXX) | |
trap 'rm -rf "${tmpdir}"' EXIT | |
cd "${tmpdir}" | |
formail -a 'Content-Type: text/plain; charset="utf-8"' -fds > input | |
awk ' | |
/^\r?$/ { while (getline) { print >> "body"; }; exit 0; } | |
{ print >> "header"; } | |
' < input | |
GPG_OPTIONS=(--batch --encrypt --armor) | |
for r in "$@"; do | |
GPG_OPTIONS+=(--recipient "${r}") | |
done | |
CONTENT_HEADERS=( | |
Content-Type | |
Content-Description | |
Content-Language | |
Content-Transfer-Encoding | |
Content-Disposition | |
) | |
formail -f -X From < header > from-header | |
formail -f $(printf -- '-X %s ' "${CONTENT_HEADERS[@]}") < header > content-header | |
formail -f $(printf -- '-I %s ' "${CONTENT_HEADERS[@]}") < header > outer-header | |
( | |
boundary=$(openssl rand -hex 30) | |
sed 's/\r$//;/^$/d;s/$/\r/' outer-header | |
printf 'Content-Type: multipart/mixed; boundary="%s"; protected-headers="v1"\r\n\r\n--%s\r\n' "${boundary}" "${boundary}" | |
sed 's/\r$//;s/$/\r/' content-header | |
printf '\r\n' | |
cat body | |
printf '\r\n--%s--\r\n' "${boundary}" | |
) > inner-body | |
gpg "${GPG_OPTIONS[@]}" < inner-body > body.enc | |
( | |
sed 's/\r$//;s/$/\r/' from-header | |
sed 's/\r$//;s/$/\r/' << EOF | |
Subject: [Encrypted mail] | |
Mime-Version: 1.0 | |
Content-Type: multipart/encrypted; boundary=__boundary_gpg; protocol="application/pgp-encrypted" | |
This is an OpenPGP/MIME encrypted message (RFC 4880 and 3156) | |
--__boundary_gpg | |
Content-Type: application/pgp-encrypted | |
Content-Description: PGP/MIME version identification | |
Version: 1 | |
--__boundary_gpg | |
Content-Type: application/octet-stream; name="encrypted.asc" | |
Content-Description: OpenPGP encrypted message | |
Content-Disposition: inline; filename="encrypted.asc" | |
EOF | |
sed 's/\r$//;s/$/\r/' body.enc | |
sed 's/\r$//;s/$/\r/' <<EOF | |
--__boundary_gpg-- | |
EOF | |
sendmail "$@" < mail |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment