From dbf99bf7e26965eb62ef388f299e20d678098aa9 Mon Sep 17 00:00:00 2001 From: Christopher Hoelter Date: Sun, 5 Jan 2025 09:57:53 -0600 Subject: [PATCH] Fixed removing public-key-encryption. --- README.md | 10 ++++++++++ common-functions | 12 ++++++------ subcommands/backup-unset-public-key-encryption | 6 +++--- 3 files changed, 19 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 0c92236..4f62364 100644 --- a/README.md +++ b/README.md @@ -646,6 +646,10 @@ Datastore backups are supported via AWS S3 and S3 compatible services like [mini You may skip the `backup-auth` step if your dokku install is running within EC2 and has access to the bucket via an IAM profile. In that case, use the `--use-iam` option with the `backup` command. +If both passphrase and public key forms of encryption are set, the public key encryption will take precedence. + +The underlying core backup script is present [here](https://github.com/dokku/docker-s3backup/blob/main/backup.sh). + Backups can be performed using the backup commands: ### set up authentication for backups on the postgres service @@ -728,8 +732,12 @@ Set the GPG-compatible passphrase for encrypting backups for backups: dokku postgres:backup-set-encryption lollipop ``` +Public key encryption will take precendence over the passphrase encryption if both types are set. + ### set GPG Public Key encryption for all future backups of postgres service +This method currently requires the to be present on the "keyserver.ubuntu.com" keyserver. + ```shell # usage dokku postgres:backup-set-public-key-encryption @@ -741,6 +749,8 @@ Set the `GPG` Public Key for encrypting backups: dokku postgres:backup-set-public-key-encryption lollipop ``` +This will take precendence over the passphrase encryption. + ### unset encryption for future backups of the postgres service ```shell diff --git a/common-functions b/common-functions index 5c41089..b8c834b 100755 --- a/common-functions +++ b/common-functions @@ -433,7 +433,7 @@ service_backup_set_encryption() { local SERVICE_ROOT="${PLUGIN_DATA_ROOT}/${SERVICE}" local SERVICE_BACKUP_ENCRYPTION_ROOT="${SERVICE_ROOT}/backup-encryption/" - mkdir "$SERVICE_BACKUP_ENCRYPTION_ROOT" + mkdir -p "$SERVICE_BACKUP_ENCRYPTION_ROOT" echo "$ENCRYPTION_KEY" >"${SERVICE_BACKUP_ENCRYPTION_ROOT}/ENCRYPTION_KEY" } @@ -443,7 +443,7 @@ service_backup_set_public_key_encryption() { local SERVICE_ROOT="${PLUGIN_DATA_ROOT}/${SERVICE}" local SERVICE_BACKUP_ENCRYPTION_ROOT="${SERVICE_ROOT}/backup-encryption/" - mkdir "$SERVICE_BACKUP_ENCRYPTION_ROOT" + mkdir -p "$SERVICE_BACKUP_ENCRYPTION_ROOT" echo "$ENCRYPT_WITH_PUBLIC_KEY_ID" >"${SERVICE_BACKUP_ENCRYPTION_ROOT}/ENCRYPT_WITH_PUBLIC_KEY_ID" } @@ -461,16 +461,16 @@ service_backup_unset_encryption() { local SERVICE_ROOT="${PLUGIN_DATA_ROOT}/${SERVICE}" local SERVICE_BACKUP_ENCRYPTION_ROOT="${SERVICE_ROOT}/backup-encryption/" - rm -rf "$SERVICE_BACKUP_ENCRYPTION_ROOT" + rm "$SERVICE_BACKUP_ENCRYPTION_ROOT/ENCRYPTION_KEY" } -service_backup_unset_encryption() { - declare desc="remove backup encryption" +service_backup_unset_public_key_encryption() { + declare desc="remove backup GPG Public Key encryption" declare SERVICE="$1" local SERVICE_ROOT="${PLUGIN_DATA_ROOT}/${SERVICE}" local SERVICE_BACKUP_ENCRYPTION_ROOT="${SERVICE_ROOT}/backup-encryption/" - rm -rf "$SERVICE_BACKUP_ENCRYPTION_ROOT" + rm "$SERVICE_BACKUP_ENCRYPTION_ROOT/ENCRYPT_WITH_PUBLIC_KEY_ID" } service_container_rm() { diff --git a/subcommands/backup-unset-public-key-encryption b/subcommands/backup-unset-public-key-encryption index 8e0352f..0d6939b 100755 --- a/subcommands/backup-unset-public-key-encryption +++ b/subcommands/backup-unset-public-key-encryption @@ -13,11 +13,11 @@ service-backup-unset-public-key-encryption-cmd() { local cmd="$PLUGIN_COMMAND_PREFIX:backup-unset-public-key-encryption" argv=("$@") [[ ${argv[0]} == "$cmd" ]] && shift 1 declare SERVICE="$1" - is_implemented_command "$cmd" || dokku_log_fail "Not yet implemented" # TODO: [22.03.2024 by Mykola] + is_implemented_command "$cmd" || dokku_log_fail "Not yet implemented" [[ -z "$SERVICE" ]] && dokku_log_fail "Please specify a valid name for the service" verify_service_name "$SERVICE" - service_backup_unset_public_key_encryption "$SERVICE" # TODO: [22.03.2024 by Mykola] + service_backup_unset_public_key_encryption "$SERVICE" } -service-backup-unset-encryption-cmd "$@" +service-backup-unset-public-key-encryption-cmd "$@"