aboutsummaryrefslogtreecommitdiff

Croncrypt

Wrapper to sign and encrypt cron(8) output and errors with PGP/MIME before sending them to the MAILTO destination.

$ crontab -l
CRONCRYPT_KEYID=0x0A1B2C3D4E5F6G7H
CRONCRYPT_PASSPHRASE=hibbityboo
MAILTO=me@mynet

0 1 * * *  croncrypt rsync /home/tom/important-file /home/backups

The main design goal is simplicity; just whack croncrypt in front of all your crontab(5) entries, provided they don’t use pipes or stderr/stdout redirects, in which case you should consider putting it all into a script file anyway.

As an alternative, to apply this to all of the tasks in that crontab(5) file, you can specify SHELL with a fully-qualified path to the croncryptsh executable:

$ crontab -l
CRONCRYPT_KEYID=0x0A1B2C3D4E5F6G7H
CRONCRYPT_PASSPHRASE=hibbityboo
MAILTO=me@mynet
SHELL=$HOME/.local/bin/croncryptsh

0 1 * * *  rsync /home/tom/important-file-1 /home/backups
0 2 * * *  rsync /home/tom/important-file-2 /home/backups

This is the method the author prefers.

Don’t use your own GPG key for signing! I recommend you create a dedicated key just for Croncrypt, and sign it locally with gpg --lsign so that your software trusts it locally.

Installation

Put the croncrypt binary somewhere in your crontab’s PATH, and install the following Perl modules:

  • Carp
  • IPC::Run3
  • Mail::GnuPG
  • MIME::Entity

On Debian-derived systems, this should do the trick:

# aptitude install perl-base perl-modules libmail-gnupg-perl \
    libmime-tools-perl libipc-run3-perl

License

Copyright (c) Tom Ryder. Distributed under Artistic License 2.0.