Parcourir la source

Don't shred

In most cases we're writing to a microSSD or SSD, so shredding doesn't make sense
Bob Mottram il y a 6 ans
Parent
révision
de13a2940c

+ 1
- 1
src/freedombone-adduser Voir le fichier

@@ -142,7 +142,7 @@ chmod 600 "/home/$ADD_USERNAME/.gnupg/"*
142 142
 chown "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/gpg-genkey.conf"
143 143
 su -m root -c "gpg --homedir /home/$ADD_USERNAME/.gnupg --batch --full-gen-key /home/$ADD_USERNAME/gpg-genkey.conf" - "$ADD_USERNAME"
144 144
 chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.gnupg"
145
-shred -zu "/home/$ADD_USERNAME/gpg-genkey.conf"
145
+rm "/home/$ADD_USERNAME/gpg-genkey.conf"
146 146
 MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$ADD_USERNAME" "$ADD_USERNAME@$HOSTNAME")
147 147
 MY_GPG_PUBLIC_KEY="/home/$ADD_USERNAME/public_key.gpg"
148 148
 su -m root -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - "$ADD_USERNAME"

+ 2
- 2
src/freedombone-app-tahoelafs Voir le fichier

@@ -368,7 +368,7 @@ function restore_remote_tahoelafs {
368 368
 
369 369
 function reconfigure_tahoelafs {
370 370
     if [ -f $tahoelafs_storage_file ]; then
371
-        shred -zu $tahoelafs_storage_file
371
+        rm $tahoelafs_storage_file
372 372
     fi
373 373
     sed -i '/HidServAuth /d' /etc/tor/torrc
374 374
 }
@@ -413,7 +413,7 @@ function remove_tahoelafs {
413 413
     fi
414 414
     remove_app tahoelafs
415 415
     if [ -f /etc/nginx/.htpasswd-tahoelafs ]; then
416
-        shred -zu /etc/nginx/.htpasswd-tahoelafs
416
+        rm /etc/nginx/.htpasswd-tahoelafs
417 417
     fi
418 418
     onion_update
419 419
 }

+ 1
- 2
src/freedombone-app-tox Voir le fichier

@@ -74,10 +74,9 @@ function remove_user_tox {
74 74
 
75 75
     if [ -d "/home/$remove_username/.config/tox" ]; then
76 76
         if [ -d "/home/$remove_username/.config/tox/chatlogs" ]; then
77
-            shred -zu "/home/$remove_username/.config/tox/chatlogs/"*
78 77
             rm -rf "/home/$remove_username/.config/tox/chatlogs"
79 78
         fi
80
-        shred -zu "/home/$remove_username/.config/tox/"*
79
+        rm "/home/$remove_username/.config/tox/"*
81 80
     fi
82 81
 }
83 82
 

+ 2
- 2
src/freedombone-app-vpn Voir le fichier

@@ -351,7 +351,7 @@ function remove_vpn {
351 351
     for d in /home/*/ ; do
352 352
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
353 353
         if [ -f "/home/$USERNAME/$OPENVPN_KEY_FILENAME" ]; then
354
-            shred -zu "/home/$USERNAME/$OPENVPN_KEY_FILENAME"
354
+            rm "/home/$USERNAME/$OPENVPN_KEY_FILENAME"
355 355
         fi
356 356
         rm "/home/$USERNAME/stunnel*"
357 357
     done
@@ -448,7 +448,7 @@ function create_user_vpn_key {
448 448
 
449 449
     #rm /etc/openvpn/easy-rsa/keys/$username.crt
450 450
     #rm /etc/openvpn/easy-rsa/keys/$username.csr
451
-    shred -zu "/etc/openvpn/easy-rsa/keys/$username.key"
451
+    rm "/etc/openvpn/easy-rsa/keys/$username.key"
452 452
 
453 453
     echo $"VPN key created at $user_vpn_cert_file"
454 454
 }

+ 1
- 1
src/freedombone-backup-remote Voir le fichier

@@ -419,7 +419,7 @@ function disperse_key_shares {
419 419
                 fi
420 420
 
421 421
                 # remove the temp file/directory
422
-                shred -zu "$temp_key_share_fragments/"*
422
+                rm "$temp_key_share_fragments/"*
423 423
                 rm -rf "$temp_key_share_dir"
424 424
             fi
425 425
         fi

+ 2
- 2
src/freedombone-base-email Voir le fichier

@@ -1473,7 +1473,7 @@ function create_gpg_subkey {
1473 1473
     su -m root -c "gpg --homedir /home/$MY_USERNAME/.gnupg --batch --full-gen-key /home/$MY_USERNAME/gpg-genkey.conf" - "$MY_USERNAME"
1474 1474
     chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.gnupg"
1475 1475
 
1476
-    shred -zu "/home/$MY_USERNAME/gpg-genkey.conf"
1476
+    rm "/home/$MY_USERNAME/gpg-genkey.conf"
1477 1477
 
1478 1478
     # shellcheck disable=SC2034
1479 1479
     MY_GPG_SUBKEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
@@ -1596,7 +1596,7 @@ function configure_gpg {
1596 1596
         fi
1597 1597
 
1598 1598
         # for security ensure that the private key file doesn't linger around
1599
-        shred -zu $MY_GPG_PRIVATE_KEY
1599
+        rm $MY_GPG_PRIVATE_KEY
1600 1600
         MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
1601 1601
         if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
1602 1602
             echo $'GPG public key ID could not be obtained'

+ 1
- 1
src/freedombone-clientcert Voir le fichier

@@ -162,7 +162,7 @@ chmod -R 755 "/home/$USERNAME/emailcert"
162 162
 chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/emailcert"
163 163
 chmod +x "/home/$USERNAME/emailcert/install.sh"
164 164
 
165
-shred -zu "/etc/ssl/requests/$USERNAME.csr"
165
+rm "/etc/ssl/requests/$USERNAME.csr"
166 166
 
167 167
 echo $'Email authentication certificate created. You can obtain it on the client with:'
168 168
 echo ''

+ 1
- 1
src/freedombone-config Voir le fichier

@@ -986,7 +986,7 @@ function interactive_config {
986 986
 
987 987
     # delete the temporary configuration file
988 988
     if [ -f temp.cfg ]; then
989
-        shred -zu temp.cfg
989
+        rm temp.cfg
990 990
     fi
991 991
 
992 992
     # This file indicates that the configuration happened successfully

+ 1
- 1
src/freedombone-image-customise Voir le fichier

@@ -423,7 +423,7 @@ EOF
423 423
       echo '                rm /root/.initial_setup';
424 424
       echo '                rm /home/fbone/.initial_setup';
425 425
       echo "                touch /root/.remove_${GENERIC_IMAGE_USERNAME}";
426
-      echo '                shred -zu ~/login.txt'; } >> "$rootdir/root/.bashrc"
426
+      echo '                rm ~/login.txt'; } >> "$rootdir/root/.bashrc"
427 427
     if [[ "$VARIANT" != "mesh"* && "$VARIANT" != "usb" ]]; then
428 428
         { echo "                SSH_ONION_HOSTNAME=\$(cat /var/lib/tor/hidden_service_ssh/hostname)";
429 429
 

+ 1
- 1
src/freedombone-image-make Voir le fichier

@@ -276,4 +276,4 @@ sudo -H \
276 276
      $pkgopts
277 277
 
278 278
 echo $'Removing customised customisation script'
279
-sudo shred -zu $TEMP_CUSTOMISE
279
+sudo rm $TEMP_CUSTOMISE

+ 12
- 13
src/freedombone-image-mesh Voir le fichier

@@ -870,10 +870,10 @@ function mesh_amnesic {
870 870
       echo "MY_USERNAME=\$1";
871 871
       echo 'tomb slam all';
872 872
       echo "if [ -f /home/${MY_USERNAME}/.bash_history ]; then";
873
-      echo "    shred -zu /home/${MY_USERNAME}/.bash_history";
873
+      echo "    rm /home/${MY_USERNAME}/.bash_history";
874 874
       echo 'fi';
875 875
       echo "if [ -f /home/${MY_USERNAME}/.xsession-errors ]; then";
876
-      echo "    shred -zu /home/${MY_USERNAME}/.xsession-errors";
876
+      echo "    rm /home/${MY_USERNAME}/.xsession-errors";
877 877
       echo 'fi';
878 878
       echo '';
879 879
       echo 'exit 0'; } > /usr/bin/amnesic
@@ -944,7 +944,7 @@ function setup_amnesic_data {
944 944
 
945 945
     # clear crypttab
946 946
     if [ -f /etc/crypttab ]; then
947
-        shred -zu /etc/crypttab
947
+        rm /etc/crypttab
948 948
         touch /etc/crypttab
949 949
     fi
950 950
 
@@ -977,7 +977,6 @@ function setup_amnesic_data {
977 977
             fi
978 978
         fi
979 979
         if [ -d /var/lib/tox-bootstrapd ]; then
980
-            shred -zu /var/lib/tox-bootstrapd/*
981 980
             rm -rf /var/lib/tox-bootstrapd
982 981
         fi
983 982
         ln -s /media/${tomb_name} /var/lib/tox-bootstrapd
@@ -1018,7 +1017,7 @@ function setup_ipfs {
1018 1017
     su -c "systemctl --user enable ipfs" - $MY_USERNAME
1019 1018
 
1020 1019
     if [ -f $CURRENT_BLOG_INDEX ]; then
1021
-        shred -zu $CURRENT_BLOG_INDEX
1020
+        rm $CURRENT_BLOG_INDEX
1022 1021
     fi
1023 1022
 
1024 1023
     if [ -d /home/$MY_USERNAME/Public ]; then
@@ -1027,11 +1026,11 @@ function setup_ipfs {
1027 1026
     fi
1028 1027
 
1029 1028
     if [ -d /home/$MY_USERNAME/CreateBlog/content/images ]; then
1030
-        shred -zu /home/$MY_USERNAME/CreateBlog/content/images/*
1029
+        rm /home/$MY_USERNAME/CreateBlog/content/images/*
1031 1030
     fi
1032 1031
 
1033 1032
     if [ -d /home/$MY_USERNAME/CreateBlog/content ]; then
1034
-        shred -zu /home/$MY_USERNAME/CreateBlog/content/*
1033
+        rm /home/$MY_USERNAME/CreateBlog/content/*
1035 1034
         if grep -q "THEME=" /home/$MY_USERNAME/CreateBlog/pelicanconf.py; then
1036 1035
             sed -i "s|THEME=.*|THEME='themes/nice-blog'|g" /home/$MY_USERNAME/CreateBlog/pelicanconf.py
1037 1036
         else
@@ -1040,7 +1039,7 @@ function setup_ipfs {
1040 1039
     fi
1041 1040
 
1042 1041
     if [ -d /home/$MY_USERNAME/.ipfs ]; then
1043
-        shred -zu /home/$MY_USERNAME/.ipfs/config
1042
+        rm /home/$MY_USERNAME/.ipfs/config
1044 1043
         rm -rf /home/$MY_USERNAME/.ipfs
1045 1044
         su -c "systemctl --user restart ipfs" - $MY_USERNAME
1046 1045
     else
@@ -1048,19 +1047,19 @@ function setup_ipfs {
1048 1047
     fi
1049 1048
 
1050 1049
     if [ -f /home/$MY_USERNAME/.blog-index ]; then
1051
-        shred -zu /home/$MY_USERNAME/.blog-index
1050
+        rm /home/$MY_USERNAME/.blog-index
1052 1051
     fi
1053 1052
 
1054 1053
     if [ -f /home/$MY_USERNAME/.blog-theme-index ]; then
1055
-        shred -zu /home/$MY_USERNAME/.blog-theme-index
1054
+        rm /home/$MY_USERNAME/.blog-theme-index
1056 1055
     fi
1057 1056
 
1058 1057
     if [ -f /home/$MY_USERNAME/.ipfs-id ]; then
1059
-        shred -zu /home/$MY_USERNAME/.ipfs-id
1058
+        rm /home/$MY_USERNAME/.ipfs-id
1060 1059
     fi
1061 1060
 
1062 1061
     if [ -f /home/$MY_USERNAME/.ipfs-public ]; then
1063
-        shred -zu /home/$MY_USERNAME/.ipfs-public
1062
+        rm /home/$MY_USERNAME/.ipfs-public
1064 1063
     fi
1065 1064
 
1066 1065
     chmod 755 $IPFS_COMMAND
@@ -1204,7 +1203,7 @@ function create_user_vpn_key {
1204 1203
 
1205 1204
     #rm /etc/openvpn/easy-rsa/keys/$username.crt
1206 1205
     #rm /etc/openvpn/easy-rsa/keys/$username.csr
1207
-    shred -zu "/etc/openvpn/easy-rsa/keys/$username.key"
1206
+    rm "/etc/openvpn/easy-rsa/keys/$username.key"
1208 1207
 
1209 1208
     echo $"VPN key created at $user_vpn_cert_file" >> "/var/log/${PROJECT_NAME}.log"
1210 1209
 }

+ 0
- 3
src/freedombone-logging Voir le fichier

@@ -33,9 +33,6 @@ export TEXTDOMAINDIR="/usr/share/locale"
33 33
 
34 34
 WEBSERVER_LOG_LEVEL='warn'
35 35
 
36
-# Shredding could be used here, but especially on microSD
37
-# or SSD it's debatable how useful shredding really is.
38
-# Also the shred command can be very slow on Beaglebone Black
39 36
 REMOVE_FILES_COMMAND='rm -rf'
40 37
 
41 38
 source /usr/local/bin/${PROJECT_NAME}-vars

+ 1
- 2
src/freedombone-pass Voir le fichier

@@ -139,7 +139,6 @@ function clear_passwords {
139 139
     for d in /root/.passwords/*/ ; do
140 140
         USERNAME=$(echo "$d" | awk -F '/' '{print $4}')
141 141
         if [[ "$USERNAME" != 'root' ]]; then
142
-            shred -zu "/root/.passwords/$USERNAME/"*
143 142
             rm -rf "/root/.passwords/$USERNAME"
144 143
         fi
145 144
     done
@@ -287,7 +286,7 @@ fi
287 286
 
288 287
 if [ "${REMOVE_APP}" ]; then
289 288
     if [ -d "${HOME}/.passwords/${CURR_USERNAME}/${REMOVE_APP}" ]; then
290
-        shred -zu "${HOME}/.passwords/${CURR_USERNAME}/${REMOVE_APP}"
289
+        rm "${HOME}/.passwords/${CURR_USERNAME}/${REMOVE_APP}"
291 290
     fi
292 291
     exit 0
293 292
 fi

+ 2
- 2
src/freedombone-recoverkey Voir le fichier

@@ -165,10 +165,10 @@ echo $'Key fragments recombined'
165 165
 # import the gpg key
166 166
 if ! gpg --homedir="/home/$MY_USERNAME/.gnupg" --allow-secret-key-import --import "$KEYS_FILE"; then
167 167
     echo $'Unable to import gpg key'
168
-    shred -zu "$KEYS_FILE"
168
+    rm "$KEYS_FILE"
169 169
     exit 3682
170 170
 fi
171
-shred -zu "$KEYS_FILE"
171
+rm "$KEYS_FILE"
172 172
 chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.gnupg"
173 173
 chmod -R 600 "/home/$MY_USERNAME/.gnupg"
174 174
 

+ 1
- 1
src/freedombone-renew-cert Voir le fichier

@@ -100,7 +100,7 @@ function renew_startssl {
100 100
         # remove the password from the private cert
101 101
         openssl rsa -in /etc/ssl/private/$HOSTNAME.key -out /etc/ssl/private/$HOSTNAME.new.key
102 102
         cp /etc/ssl/private/$HOSTNAME.new.key /etc/ssl/private/$HOSTNAME.key
103
-        shred -zu /etc/ssl/private/$HOSTNAME.new.key
103
+        rm /etc/ssl/private/$HOSTNAME.new.key
104 104
 
105 105
         # bundle the cert
106 106
         cat /etc/ssl/certs/$HOSTNAME.crt /etc/ssl/chains/startssl-sub.class1.server.ca.pem > /etc/ssl/certs/$HOSTNAME.bundle.crt

+ 1
- 1
src/freedombone-repair-database Voir le fichier

@@ -50,7 +50,7 @@ if [ -f $DATABASE_PASSWORD_FILE ]; then
50 50
     ${PROJECT_NAME}-pass -u root -a mariadb -p "$MARIADB_PASSWORD"
51 51
     stored_password=$(${PROJECT_NAME}-pass -u root -a mariadb)
52 52
     if [[ "$stored_password" == "$MARIADB_PASSWORD" ]]; then
53
-        shred -zu $DATABASE_PASSWORD_FILE
53
+        rm $DATABASE_PASSWORD_FILE
54 54
     fi
55 55
 fi
56 56
 

+ 2
- 2
src/freedombone-rmuser Voir le fichier

@@ -110,12 +110,12 @@ fi
110 110
 
111 111
 # remove gpg keys
112 112
 if [ -d "/home/$REMOVE_USERNAME/.gnupg" ]; then
113
-    shred -zu "/home/$REMOVE_USERNAME/.gnupg/"*
113
+    rm "/home/$REMOVE_USERNAME/.gnupg/"*
114 114
 fi
115 115
 
116 116
 # remove ssh keys
117 117
 if [ -d "/home/$REMOVE_USERNAME/.ssh" ]; then
118
-    shred -zu "/home/$REMOVE_USERNAME/.ssh/"*
118
+    rm "/home/$REMOVE_USERNAME/.ssh/"*
119 119
 fi
120 120
 
121 121
 echo $'Detecting installed apps...'

+ 8
- 8
src/freedombone-splitkey Voir le fichier

@@ -155,7 +155,7 @@ if [ ! "$?" = "0" ]; then
155 155
 fi
156 156
 if ! gpg --output "$FRAGMENTS_DIR/backup_pubkey.txt" \
157 157
     --armor --export "$MY_BACKUP_KEY_ID"; then
158
-    shred -zu "$FRAGMENTS_DIR/privkey.txt"
158
+    rm "$FRAGMENTS_DIR/privkey.txt"
159 159
     echo $"Unable to extract backup public key for $MY_BACKUP_KEY_ID"
160 160
     exit 62928
161 161
 fi
@@ -163,7 +163,7 @@ echo "$BACKUP_DUMMY_PASSWORD" | \
163 163
 if ! gpg --output "$FRAGMENTS_DIR/backup_privkey.txt" \
164 164
         --batch --passphrase-fd 0 \
165 165
         --armor --export-secret-key "$MY_BACKUP_KEY_ID"; then
166
-    shred -zu "$FRAGMENTS_DIR/privkey.txt"
166
+    rm "$FRAGMENTS_DIR/privkey.txt"
167 167
     echo $"Unable to extract backup private key for $MY_BACKUP_KEY_ID"
168 168
     exit 13783
169 169
 fi
@@ -176,21 +176,21 @@ cat "$FRAGMENTS_DIR/pubkey.txt" \
176 176
     "$FRAGMENTS_DIR/privkey.txt" \
177 177
     "$FRAGMENTS_DIR/backup_pubkey.txt" \
178 178
     "$FRAGMENTS_DIR/backup_privkey.txt" > "$KEYS_FILE"
179
-shred -zu "$FRAGMENTS_DIR/privkey.txt"
180
-shred -zu "$FRAGMENTS_DIR/pubkey.txt"
181
-shred -zu "$FRAGMENTS_DIR/backup_privkey.txt"
182
-shred -zu "$FRAGMENTS_DIR/backup_pubkey.txt"
179
+rm "$FRAGMENTS_DIR/privkey.txt"
180
+rm "$FRAGMENTS_DIR/pubkey.txt"
181
+rm "$FRAGMENTS_DIR/backup_privkey.txt"
182
+rm "$FRAGMENTS_DIR/backup_pubkey.txt"
183 183
 
184 184
 KEY_SHARES=$((KEY_FRAGMENTS * 2))
185 185
 if ! gfsplit -n "$KEY_FRAGMENTS" -m $KEY_SHARES "$KEYS_FILE"; then
186 186
     echo $"Unable to split the gpg key"
187 187
     rm -rf "$FRAGMENTS_DIR"
188 188
     if [ -f "$KEYS_FILE" ]; then
189
-        shred -zu "$KEYS_FILE"
189
+        rm "$KEYS_FILE"
190 190
     fi
191 191
     exit 63028
192 192
 fi
193
-shred -zu "$KEYS_FILE"
193
+rm "$KEYS_FILE"
194 194
 
195 195
 # set permissions
196 196
 chown -R "$MY_USERNAME":"$MY_USERNAME" "$FRAGMENTS_DIR"

+ 7
- 15
src/freedombone-utils-backup Voir le fichier

@@ -97,7 +97,7 @@ function configure_backup_key {
97 97
         su -m root -c "gpg --homedir /home/$MY_USERNAME/.gnupg --batch --full-gen-key /home/$MY_USERNAME/gpg-genkey.conf" - "$MY_USERNAME"
98 98
         chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.gnupg"
99 99
 
100
-        shred -zu "/home/$MY_USERNAME/gpg-genkey.conf"
100
+        rm "/home/$MY_USERNAME/gpg-genkey.conf"
101 101
         echo $'Checking that the Backup key was created'
102 102
         BACKUP_KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_NAME (backup key)")
103 103
         if [[ $BACKUP_KEY_EXISTS == "no" ]]; then
@@ -127,8 +127,8 @@ function configure_backup_key {
127 127
     gpg --import --import "${MY_BACKUP_KEY}_public.asc"
128 128
     echo "$BACKUP_DUMMY_PASSWORD" | gpg --batch --passphrase-fd 0 --allow-secret-key-import --import "${MY_BACKUP_KEY}_private.asc"
129 129
 
130
-    shred -zu "${MY_BACKUP_KEY}_public.asc"
131
-    shred -zu "${MY_BACKUP_KEY}_private.asc"
130
+    rm "${MY_BACKUP_KEY}_public.asc"
131
+    rm "${MY_BACKUP_KEY}_private.asc"
132 132
 
133 133
     mark_completed "${FUNCNAME[0]}"
134 134
 }
@@ -258,7 +258,6 @@ function backup_database_local_usb {
258 258
     if [ -f "${local_database_dir}/${1}.${database_file_extension}" ]; then
259 259
         if [ ! -s "${local_database_dir}/${1}.${database_file_extension}" ]; then
260 260
             echo $"${1} database could not be saved"
261
-            shred -zu "${local_database_dir}/"*
262 261
             rm -rf "${local_database_dir}"
263 262
             umount "$USB_MOUNT"
264 263
             rm -rf "$USB_MOUNT"
@@ -284,7 +283,6 @@ function backup_directory_to_usb_duplicity {
284 283
         umount "$USB_MOUNT"
285 284
         rm -rf "$USB_MOUNT"
286 285
         if [[ ${1} == "/root/temp"* || ${1} == *"tempbackup" ]]; then
287
-            shred -zu "${1}/"*
288 286
             rm -rf "${1}"
289 287
         fi
290 288
         function_check restart_site
@@ -299,7 +297,6 @@ function backup_directory_to_usb_duplicity {
299 297
             umount "$USB_MOUNT"
300 298
             rm -rf "$USB_MOUNT"
301 299
             if [[ ${1} == "/root/temp"* || ${1} == *"tempbackup" ]]; then
302
-                shred -zu "${1}/"*
303 300
                 rm -rf "${1}"
304 301
             fi
305 302
             function_check restart_site
@@ -332,7 +329,6 @@ function backup_directory_to_usb {
332 329
         backup_directory_to_usb_duplicity "${1}" "${2}"
333 330
 
334 331
         if [[ ${1} == "/root/temp"* || ${1} == *"tempbackup" ]]; then
335
-            shred -zu "${1}/"*
336 332
             rm -rf "${1}"
337 333
         fi
338 334
     fi
@@ -414,7 +410,6 @@ function backup_directory_to_friend_duplicity {
414 410
     # shellcheck disable=SC2181
415 411
     if [ ! "$?" = "0" ]; then
416 412
         if [[ "${1}" == "/root/temp"* || ${1} == *"tempbackup" ]]; then
417
-            shred -zu "${1}/"*
418 413
             rm -rf "${1}"
419 414
         fi
420 415
         function_check restart_site
@@ -427,7 +422,6 @@ function backup_directory_to_friend_duplicity {
427 422
         # shellcheck disable=SC2181
428 423
         if [ ! "$?" = "0" ]; then
429 424
             if [[ "${1}" == "/root/temp"* || ${1} == *"tempbackup" ]]; then
430
-                shred -zu "${1}/"*
431 425
                 rm -rf "${1}"
432 426
             fi
433 427
             function_check restart_site
@@ -457,7 +451,6 @@ function backup_directory_to_friend {
457 451
     backup_directory_to_friend_duplicity "${1}" "${2}"
458 452
 
459 453
     if [[ "${1}" == "/root/temp"* || ${1} == *"tempbackup" ]]; then
460
-        shred -zu "/root/temp${2}/"*
461 454
         rm -rf "/root/temp${2}"
462 455
     fi
463 456
 }
@@ -508,7 +501,6 @@ function backup_database_remote {
508 501
     if [ -f "${local_database_dir}/${1}.${database_file_extension}" ]; then
509 502
         if [ ! -s "${local_database_dir}/${1}.${database_file_extension}" ]; then
510 503
             echo $"${1} database could not be saved"
511
-            shred -zu "${local_database_dir}/"*
512 504
             rm -rf "${local_database_dir}"
513 505
             # Send a warning email
514 506
             echo $"Unable to export ${1} database" | mail -s $"${PROJECT_NAME} backup to friends" "$ADMIN_EMAIL_ADDRESS"
@@ -629,9 +621,9 @@ function restore_database_from_friend {
629 621
             exit 8735271
630 622
         fi
631 623
         if [ -d "${local_database_dir}/${RESTORE_SUBDIR}/temp${1}data" ]; then
632
-            shred -zu "${local_database_dir}/${RESTORE_SUBDIR}/temp${1}data/"*
624
+            rm "${local_database_dir}/${RESTORE_SUBDIR}/temp${1}data/"*
633 625
         else
634
-            shred -zu "${local_database_dir}/*.${database_file_extension}"
626
+            rm "${local_database_dir}/*.${database_file_extension}"
635 627
         fi
636 628
         rm -rf "${local_database_dir}"
637 629
         echo $"Restoring ${1} installation"
@@ -739,9 +731,9 @@ function restore_database {
739 731
             exit 482638995
740 732
         fi
741 733
         if [ -d "${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data" ]; then
742
-            shred -zu "${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data/"*
734
+            rm "${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data/"*
743 735
         else
744
-            shred -zu "${local_database_dir}/*.${database_file_extension}"
736
+            rm "${local_database_dir}/*.${database_file_extension}"
745 737
         fi
746 738
 
747 739
         rm -rf "${local_database_dir}"

+ 4
- 4
src/freedombone-utils-database Voir le fichier

@@ -139,7 +139,7 @@ function get_mariadb_password {
139 139
         "${PROJECT_NAME}-pass" -u root -a mariadb -p "$MARIADB_PASSWORD"
140 140
         stored_password=$("${PROJECT_NAME}-pass" -u root -a mariadb)
141 141
         if [[ "$stored_password" == "$MARIADB_PASSWORD" ]]; then
142
-            shred -zu $DATABASE_PASSWORD_FILE
142
+            rm $DATABASE_PASSWORD_FILE
143 143
             echo $'MariaDB password moved into password store'
144 144
             return
145 145
         fi
@@ -311,7 +311,7 @@ quit" > "$INSTALL_DIR/batch.sql"
311 311
     chmod 600 "$INSTALL_DIR/batch.sql"
312 312
     keep_database_running
313 313
     mysql -u root --password="$MARIADB_PASSWORD" < "$INSTALL_DIR/batch.sql"
314
-    shred -zu "$INSTALL_DIR/batch.sql"
314
+    rm "$INSTALL_DIR/batch.sql"
315 315
 }
316 316
 
317 317
 function initialise_database {
@@ -359,7 +359,7 @@ quit" > "$INSTALL_DIR/batch.sql"
359 359
     chmod 600 "$INSTALL_DIR/batch.sql"
360 360
     keep_database_running
361 361
     mysql -u root --password="$MARIADB_PASSWORD" < "$INSTALL_DIR/batch.sql"
362
-    shred -zu "$INSTALL_DIR/batch.sql"
362
+    rm "$INSTALL_DIR/batch.sql"
363 363
 }
364 364
 
365 365
 function run_query_with_output {
@@ -385,7 +385,7 @@ quit" > "$INSTALL_DIR/batch.sql"
385 385
     chmod 600 "$INSTALL_DIR/batch.sql"
386 386
     keep_database_running
387 387
     mysql -u root --password="$MARIADB_PASSWORD" < "$INSTALL_DIR/batch.sql"
388
-    shred -zu "$INSTALL_DIR/batch.sql"
388
+    rm "$INSTALL_DIR/batch.sql"
389 389
 }
390 390
 
391 391
 

+ 3
- 3
src/freedombone-utils-gpg Voir le fichier

@@ -118,7 +118,7 @@ function gpg_create_key {
118 118
         echo $"A GPG key for $MY_EMAIL_ADDRESS could not be created"
119 119
         exit 63621
120 120
     fi
121
-    shred -zu "/home/$key_username/gpg-genkey.conf"
121
+    rm "/home/$key_username/gpg-genkey.conf"
122 122
     CURR_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$key_username" "$MY_EMAIL_ADDRESS")
123 123
     if [ ${#CURR_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
124 124
         echo $"GPG public key ID could not be obtained for $MY_EMAIL_ADDRESS"
@@ -196,7 +196,7 @@ function gpg_reconstruct_key {
196 196
     fi
197 197
 
198 198
     if ! gpg --homedir="/home/$key_username/.gnupg" --allow-secret-key-import --import "$KEYS_FILE"; then
199
-        shred -zu "$KEYS_FILE"
199
+        rm "$KEYS_FILE"
200 200
         rm -rf "/home/$key_username/.tempgnupg"
201 201
         if [ "$key_interactive" ]; then
202 202
             dialog --title $"Recover Encryption Keys" --msgbox $'Unable to import gpg key' 6 70
@@ -205,7 +205,7 @@ function gpg_reconstruct_key {
205 205
         fi
206 206
         exit 96547
207 207
     fi
208
-    shred -zu "$KEYS_FILE"
208
+    rm "$KEYS_FILE"
209 209
 
210 210
     gpg_set_permissions "$key_username"
211 211
 

+ 0
- 2
src/freedombone-utils-onion Voir le fichier

@@ -136,11 +136,9 @@ function remove_onion_service {
136 136
         fi
137 137
     fi
138 138
     if [ -d "${HIDDEN_SERVICE_PATH}${onion_service_name}" ]; then
139
-        shred -zu "${HIDDEN_SERVICE_PATH}${onion_service_name}/"*
140 139
         rm -rf "${HIDDEN_SERVICE_PATH}${onion_service_name}"
141 140
     fi
142 141
     if [ -d "${HIDDEN_SERVICE_PATH}${onion_service_name}_mobile" ]; then
143
-        shred -zu "${HIDDEN_SERVICE_PATH}${onion_service_name}_mobile/"*
144 142
         rm -rf "${HIDDEN_SERVICE_PATH}${onion_service_name}_mobile"
145 143
     fi
146 144
     remove_completion_param "${onion_service_name} onion domain"

+ 1
- 1
src/freedombone-utils-postgresql Voir le fichier

@@ -202,7 +202,7 @@ quit" > "$INSTALL_DIR/batch.sql"
202 202
     chmod 600 "$INSTALL_DIR/batch.sql"
203 203
     cd /etc/postgresql || exit 247284684
204 204
     sudo -u postgres psql -d "$database_name" --file="$INSTALL_DIR/batch.sql"
205
-    shred -zu "$INSTALL_DIR/batch.sql"
205
+    rm "$INSTALL_DIR/batch.sql"
206 206
 }
207 207
 
208 208
 # NOTE: deliberately there is no "exit 0"