From 845fb2d60585be5567ac10aa0a53ab45c628648c Mon Sep 17 00:00:00 2001
From: Joey Hess <joeyh@joeyh.name>
Date: Thu, 15 Sep 2016 22:49:38 -0400
Subject: Added --backup-server and --restore-server

To aid in backing up keysafe servers with minimal information leakage.

This commit was sponsored by Andrea Rota.
---
 CmdLine.hs | 123 ++++++++++++++++++++++++++++++++++---------------------------
 1 file changed, 69 insertions(+), 54 deletions(-)

(limited to 'CmdLine.hs')

diff --git a/CmdLine.hs b/CmdLine.hs
index 686fcb5..f4a6b92 100644
--- a/CmdLine.hs
+++ b/CmdLine.hs
@@ -29,7 +29,7 @@ data CmdLine = CmdLine
 	, serverConfig :: ServerConfig
 	}
 
-data Mode = Backup | Restore | UploadQueued | Server | Chaff HostName | Benchmark | Test
+data Mode = Backup | Restore | UploadQueued | Server | GenBackup FilePath | RestoreBackup FilePath | Chaff HostName | Benchmark | Test
 	deriving (Show)
 
 data ServerConfig = ServerConfig
@@ -40,7 +40,7 @@ data ServerConfig = ServerConfig
 
 parse :: Parser CmdLine
 parse = CmdLine
-	<$> optional (backup <|> restore <|> uploadqueued <|> server <|> chaff <|> benchmark <|> test)
+	<$> optional parseMode
 	<*> optional (gpgswitch <|> fileswitch)
 	<*> localstorageswitch
 	<*> localstoragedirectoryopt
@@ -49,37 +49,8 @@ parse = CmdLine
 	<*> optional (ShareParams <$> totalobjects <*> neededobjects)
 	<*> nameopt
 	<*> othernameopt
-	<*> serverconfig
+	<*> parseServerConfig
   where
-	backup = flag' Backup
-		( long "backup"
-		<> help "Store a secret key in keysafe."
-		)
-	restore = flag' Restore
-		( long "restore"
-		<> help "Retrieve a secret key from keysafe."
-		)
-	uploadqueued = flag' UploadQueued
-		( long "uploadqueued"
-		<> help "Upload any data to servers that was queued by a previous --backup run."
-		)
-	server = flag' Server
-		( long "server"
-		<> help "Run as a keysafe server, accepting objects and storing them to ~/.keysafe/objects/local/"
-		)
-	chaff = Chaff <$> strOption
-		( long "chaff"
-		<> metavar "HOSTNAME"
-		<> help "Upload random data to a keysafe server."
-		)
-	benchmark = flag' Benchmark
-		( long "benchmark"
-		<> help "Benchmark speed of keysafe's cryptographic primitives."
-		)
-	test = flag' Test
-		( long "test"
-		<> help "Run test suite."
-		)
 	gpgswitch = GpgKey . KeyId . T.pack <$> strOption
 		( long "gpgkeyid"
 		<> metavar "KEYID"
@@ -127,28 +98,72 @@ parse = CmdLine
 		<> metavar "N"
 		<> help "Specify other name used for key backup/restore, avoiding the usual prompt."
 		)
-	serverconfig = ServerConfig
-		<$> option auto
-			( long "port"
-			<> metavar "P"
-			<> value 80
-			<> showDefault
-			<> help "Port for server to listen on."
-			)
-		<*> option str
-			( long "address"
-			<> metavar "A"
-			<> value "127.0.0.1"
-			<> showDefault
-			<> help "Address for server to bind to. (Use \"*\" to bind to all addresses.)"
-			)
-		<*> option auto
-			( long "months-to-fill-half-disk"
-			<> metavar "N"
-			<> value 12
-			<> showDefault
-			<> help "Server rate-limits requests and requires proof of work, to avoid too many objects being stored. This is an lower bound on how long it could possibly take for half of the current disk space to be filled."
-			)
+
+parseMode :: Parser Mode
+parseMode = 
+	flag' Backup
+		( long "backup"
+		<> help "Store a secret key in keysafe."
+		)
+	<|> flag' Restore
+		( long "restore"
+		<> help "Retrieve a secret key from keysafe."
+		)
+	<|> flag' UploadQueued
+		( long "uploadqueued"
+		<> help "Upload any data to servers that was queued by a previous --backup run."
+		)
+	<|> flag' Server
+		( long "server"
+		<> help "Run as a keysafe server, accepting objects and storing them to ~/.keysafe/objects/local/"
+		)
+	<|> GenBackup <$> strOption
+		( long "backup-server"
+		<> metavar "BACKUPDIR"
+		<> help "Run on a server, populates the directory with a gpg encrypted backup of all objects stored in the --store-directory. This is designed to be rsynced offsite (with --delete) to back up the a keysafe server with minimal information leakage."
+		)
+	<|> RestoreBackup <$> strOption
+		( long "restore-server"
+		<> metavar "BACKUPDIR"
+		<> help "Restore all objects present in the gpg-encrypted backups in the specified directory."
+		)
+	<|> Chaff <$> strOption
+		( long "chaff"
+		<> metavar "HOSTNAME"
+		<> help "Upload random data to a keysafe server."
+		)
+	<|> flag' Benchmark
+		( long "benchmark"
+		<> help "Benchmark speed of keysafe's cryptographic primitives."
+		)
+	<|> flag' Test
+		( long "test"
+		<> help "Run test suite."
+		)
+
+parseServerConfig :: Parser ServerConfig
+parseServerConfig = ServerConfig
+	<$> option auto
+		( long "port"
+		<> metavar "P"
+		<> value 80
+		<> showDefault
+		<> help "Port for server to listen on."
+		)
+	<*> option str
+		( long "address"
+		<> metavar "A"
+		<> value "127.0.0.1"
+		<> showDefault
+		<> help "Address for server to bind to. (Use \"*\" to bind to all addresses.)"
+		)
+	<*> option auto
+		( long "months-to-fill-half-disk"
+		<> metavar "N"
+		<> value 12
+		<> showDefault
+		<> help "Server rate-limits requests and requires proof of work, to avoid too many objects being stored. This is an lower bound on how long it could possibly take for half of the current disk space to be filled."
+		)
 
 get :: IO CmdLine
 get = execParser opts
-- 
cgit v1.2.3