diff options
Diffstat (limited to 'bin/croncrypt')
-rwxr-xr-x | bin/croncrypt | 112 |
1 files changed, 0 insertions, 112 deletions
diff --git a/bin/croncrypt b/bin/croncrypt deleted file mode 100755 index 002dd56..0000000 --- a/bin/croncrypt +++ /dev/null @@ -1,112 +0,0 @@ -#!/usr/bin/env perl - -# -# croncrypt: Wrapper to sign and encrypt cron output and errors with PGP/MIME -# before sending them to the default MAILTO destination. -# -# CRONCRYPT_KEYID=0x0A1B2C3D4E5F6G7H -# CRONCRYPT_PASSPHRASE=hibbityboo -# MAILTO=tom@sanctum.geek.nz -# 0 1 * * * tom croncrypt rsync /home/tom/important-file /home/backups -# -# The main design goal is simplicity; just whack a «croncrypt» in front of all -# your cron tasks, provided they don't use pipes or stderr/stdout redirects, -# in which case you should consider putting it all into a script file anyway. -# -# Don't use your own GPG key for signing! Create a dedicated key just for -# croncrypt, and sign it locally with «gpg --lsign» maybe. -# -# Author: Tom Ryder <tom@sanctum.geek.nz> -# Copyright: 2014 Sanctum -# License: Artistic 2.0 <http://opensource.org/licenses/artistic-license-2.0> -# -# $Id$ -# -package Sanctum::Croncrypt; - -# Force me to write this properly -use strict; -use warnings; -use utf8; -use autodie; - -# Decree minimum Perl version required (v5.8). -use 5.008; - -# Decree package version to pacify Perl::Critic -our $VERSION = 0.1; - -# Pull in some required modules -use Carp; -use IPC::Run3; -use Mail::GnuPG; -use MIME::Entity; - -# Bail if run without arguments -if ( !@ARGV ) { - printf "%s\n", 'USAGE: croncrypt <command>'; - exit 1; -} - -# Bail if we don't have the environment variables we need -my @fails; -if ( !exists $ENV{'CRONCRYPT_KEYID'} ) { - push @fails, 'CRONCRYPT_KEYID is not set; set it to your key ID.'; -} -if ( !exists $ENV{'CRONCRYPT_PASSPHRASE'} ) { - push @fails, - 'CRONCRYPT_PASSPHRASE is not set; set it to your key\'s passphrase.'; -} -if ( !exists $ENV{'MAILTO'} ) { - push @fails, 'MAILTO is not set; set it to the message\'s destination.'; -} -if (@fails) { - foreach my $fail (@fails) { - printf {*STDERR} "croncrypt: FAIL: %s\n", $fail; - } - exit 1; -} - -# Read details from environment -my $recipient = $ENV{MAILTO}; -my $key = $ENV{CRONCRYPT_KEYID}; -my $passphrase = $ENV{CRONCRYPT_PASSPHRASE}; - -# Run the command in the arguments and wait for it to finish -my ( @output, @errors ); -run3( \@ARGV, undef, \@output, \@errors ); - -# If there was output, mail it -if (@output) { - my $subject = sprintf 'croncrypt output: %s', join q{ }, @ARGV; - mail( $subject, \@output ); -} - -# If there were errors, mail them -if (@errors) { - my $subject = sprintf 'croncrypt errors: %s', join q{ }, @ARGV; - mail( $subject, \@errors ); -} - -# Send the message to the address in $ENV{MAILTO} -sub mail { - my ( $subject, $content ) = @_; - - # Build MIME object with plaintext message - my $mime = MIME::Entity->build( - To => $recipient, - Subject => $subject, - Data => $content, - ); - - # Encrypt the MIME object - my $mgpg = Mail::GnuPG->new( - key => $key, - passphrase => $passphrase, - ); - $mgpg->mime_signencrypt( $mime, $recipient ); - - # Send it - return $mime->send(); -} - |