openbsd.sh (1387B)
1 # Copyright (C) 2012 Jonathan Chu <milki@rescomp.berkeley.edu>. All Rights Reserved. 2 # Copyright (C) 2015 David Dahlberg <david.dahlberg@fkie.fraunhofer.de>. All Rights Reserved. 3 # This file is licensed under the GPLv2+. Please see COPYING for more information. 4 5 tmpdir() { 6 [[ -n $SECURE_TMPDIR ]] && return 7 local warn=1 8 [[ $1 == "nowarn" ]] && warn=0 9 local template="$PROGRAM.XXXXXXXXXXXXX" 10 if [[ $(sysctl -n kern.usermount) == 1 ]]; then 11 SECURE_TMPDIR="$(mktemp -d "${TMPDIR:-/tmp}/$template")" 12 mount -t tmpfs -o -s16M tmpfs "$SECURE_TMPDIR" || die "Error: could not create tmpfs." 13 unmount_tmpdir() { 14 [[ -n $SECURE_TMPDIR && -d $SECURE_TMPDIR ]] || return 15 umount "$SECURE_TMPDIR" 16 rm -rf "$SECURE_TMPDIR" 17 } 18 trap unmount_tmpdir INT TERM EXIT 19 else 20 [[ $warn -eq 1 ]] && yesno "$(cat <<-_EOF 21 The sysctl kern.usermount is disabled, therefore it is not 22 possible to create a tmpfs for temporary storage of files 23 in memory. 24 This means that it may be difficult to entirely erase 25 the temporary non-encrypted password file after editing. 26 27 Are you sure you would like to continue? 28 _EOF 29 )" 30 SECURE_TMPDIR="$(mktemp -d "${TMPDIR:-/tmp}/$template")" 31 shred_tmpfile() { 32 find "$SECURE_TMPDIR" -type f -exec $SHRED {} + 33 rm -rf "$SECURE_TMPDIR" 34 } 35 trap shred_tmpfile INT TERM EXIT 36 fi 37 } 38 39 GETOPT="gnugetopt" 40 SHRED="rm -P -f" 41 BASE64="openssl base64"