From bfe2259a237215da3dc43f0bfc9563e1d43f943f Mon Sep 17 00:00:00 2001 From: Miquel Lionel Date: Sun, 6 Jun 2021 15:32:41 +0100 Subject: a more verbose makefile and explicative readme. - also genpass.pl didn't need a newline when priting argon2id hash --- Makefile | 172 +++++++++++++++++++++++++++++++++++++++++++--------------- README.md | 73 ++++++++++++++++++++----- config.def.mk | 25 +++++++++ config.mk | 24 -------- genpass.pl | 4 +- 5 files changed, 213 insertions(+), 85 deletions(-) create mode 100644 config.def.mk delete mode 100644 config.mk diff --git a/Makefile b/Makefile index 16f4507..d54c135 100644 --- a/Makefile +++ b/Makefile @@ -1,64 +1,148 @@ .POSIX: +# you should comment this line @if non-GNU make +# and execute genpass.pl manually and edit config.mk +# with the resulting argon2id hash. +BOLD=\033[01m +RED=\033[31m +STOP=\033[0m +RANDOM_ARGON2 := $(shell perl genpass.pl > genpass.txt && tail -1 genpass.txt) include config.mk -install: - mkdir -p $(DESTDIR)$(PREFIX)/cookies - mkdir -p $(DESTDIR)$(_GPG_HOMEDIR) - chmod 700 $(DESTDIR)$(_GPG_HOMEDIR) - mkdir -p $(DESTDIR)$(WWWPREFIX)/cgi-bin/l - cp -f gpigeon-template.cgi $(DESTDIR)$(WWWPREFIX)/cgi-bin/ - cp -f index.html $(DESTDIR)$(WWWPREFIX)/ - chmod 700 $(DESTDIR)$(WWWPREFIX)/cgi-bin/gpigeon.cgi - if test -z '$(ARGON2ID_HASH)'; then \ - perl genpass.pl > genpass.txt; \ - ARGON2ID_HASH="`tail -1 genpass.txt`"; \ +gpigeon: gpigeon-template.cgi link-tmpl-template.cgi + @if test -z '$(PREFIX)'; then \ + printf "\n$(RED)No \u0024PREFIX variable defined in config.mk.\n";\ + printf "Look into config.def.mk for the defaults and fix that.$(STOP)\n";\ + exit 1;\ + else \ + printf "\n\u0024PREFIX var is set to $(BOLD)$(PREFIX)$(STOP)";\ fi - sed -e 's|argon2id_hash_goes_here|$(ARGON2ID_HASH)|g' -i $(DESTDIR)$(WWWPREFIX)/cgi-bin/gpigeon.cgi - sed -e "s|cookies_dir_goes_here|$(COOKIES_DIR)|g" -i $(DESTDIR)$(WWWPREFIX)/cgi-bin/gpigeon.cgi - sed -e "s|link_template_path_goes_here|$(LINK_TEMPLATE_PATH)|g" -i $(DESTDIR)$(WWWPREFIX)/cgi-bin/gpigeon.cgi - sed -e "s|msg_char_limit_goes_here|$(MSG_FORM_CHAR_LIMIT)|g" -i $(DESTDIR)$(LINK_TEMPLATE_PATH) - cp -f link-tmpl.cgi $(DESTDIR)$(LINK_TEMPLATE_PATH) - chmod 600 $(DESTDIR)$(LINK_TEMPLATE_PATH) - if test -n '$(MYMAIL_ADDR)'; then \ - sed -e "s|your_addr_goes_here|$(MYMAIL_ADDR)|g" -i $(DESTDIR)$(LINK_TEMPLATE_PATH); \ + + @if test -z '$(WWWPREFIX)'; then\ + printf "\n${RED}No web directory defined in config.mk. Check your config.def.mk for the defaults and fix that.${STOP}";\ + exit 1; \ + else \ + printf "\nThe WWW directory is $(BOLD)$(WWWPREFIX)$(STOP)";\ fi - if test -n '$(MYGPG_ID_0XLONG)'; then \ - sed -e "s|gpgid_goes_here|$(MYGPG_ID_0XLONG)|g" -i $(DESTDIR)$(LINK_TEMPLATE_PATH); \ - gpg --armor --export $(MYGPG_ID_0XLONG) > gpg.txt; \ - gpg --homedir "$(_GPG_HOMEDIR)" --import gpg.txt; \ + + @if test -n '$(COOKIES_DIR)'; then \ + printf "\nThe cookies will be stored in ${BOLD}$(COOKIES_DIR)${STOP}"; \ + sed -e 's|cookies_dir_goes_here|$(COOKIES_DIR)|g;' gpigeon-template.cgi > gpigeon.cgi; \ + else \ + printf "\n${RED}No cookie directory configured. Check your config.def.mk for the defaults and fix that.${STOP}" ;\ + exit 1; \ + fi + @if test -n '$(_GPG_HOMEDIR)'; then \ + printf "\nThe home directory for GPG will be ${BOLD}$(_GPG_HOMEDIR)${STOP}" ;\ + else \ + printf "\n${RED}The GPG home directory for gpigeon wasn't set in config.mk . Fix that.${STOP}" ;\ + $(MAKE) clean ;\ + exit 1;\ fi - if test -n '$(MAILSENDER)'; then \ - sed -e "s|sender_addr_goes_here|$(MAILSENDER)|g" -i $(DESTDIR)$(LINK_TEMPLATE_PATH); \ + @if test -n '$(LINK_TEMPLATE_PATH)'; then \ + printf "\nLink template is at ${BOLD}$(LINK_TEMPLATE_PATH)${STOP}"; \ + sed -e 's|link_template_path_goes_here|$(LINK_TEMPLATE_PATH)|g' gpigeon-template.cgi > gpigeon.cgi; \ + else \ + printf "\n${RED}The path for the link template wasn't set in your config.mk. Fix that.${STOP}" ;\ + exit 1;\ + fi + + @if test -n '$(ARGON2ID_HASH)'; then\ + printf "\nThe argon2id hash is ${BOLD}$(ARGON2ID_HASH)${STOP}"; \ + sed -e 's|argon2id_hash_goes_here|$(ARGON2ID_HASH)|g' gpigeon-template.cgi > gpigeon.cgi; \ + else \ + sed -e 's|argon2id_hash_goes_here|$(RANDOM_ARGON2)|g' gpigeon-template.cgi > gpigeon.cgi; \ + printf "\nThe variable ARGON2ID_HASH wasn't declared in your config.mk thus a password \nand its argon2id hash as been generated (look into `pwd`/genpass.txt)."; \ + printf "\nYour password is:\n${BOLD}`head -1 genpass.txt`${STOP}"; \ + printf "\nAnd the hash is:\n${BOLD}%s${STOP}\n\n" '${RANDOM_ARGON2}'; \ + rm -f genpass.txt; \ fi - if test -n '$(SMTP_DOMAIN)'; then \ - sed -e "s|smtp_domain_goes_here|$(SMTP_DOMAIN)|g" -i $(DESTDIR)$(LINK_TEMPLATE_PATH); \ + @if test -n '$(MYGPG_ID_0XLONG)'; then \ + printf "Mails will be encrypted to you with the ${BOLD}$(MYGPG_ID_0XLONG)${STOP} GPG key\n"; \ + sed -e 's|gpgid_goes_here|$(MYGPG_ID_0XLONG)|g' link-tmpl-template.cgi > link-tmpl.cgi; \ + gpg --armor --export $(MYGPG_ID_0XLONG) > gpg.txt; \ + else \ + printf "${RED}No GPG key found because the 0xlong fingerprint format wasn't set in config.mk. Fix this.${STOP}\n";\ + $(MAKE) clean;\ + exit 1 ;\ fi - if test -n '$(SMTP_PORT)'; then \ - sed -e "s|smtp_port_goes_here|$(SMTP_PORT)|g" -i $(DESTDIR)$(LINK_TEMPLATE_PATH); \ + + @if test -n '$(MSG_FORM_CHAR_LIMIT)'; then \ + printf "Message form will have a message limit of ${BOLD}$(MSG_FORM_CHAR_LIMIT) characters${STOP}\n"; \ + sed -e "s|msg_char_limit_goes_here|$(MSG_FORM_CHAR_LIMIT)|g" link-tmpl-template.cgi > link-tmpl.cgi;\ + else \ + printf "${RED}No character limits were defined in your config.mk. Fix that.${STOP}\n" ;\ + $(MAKE) clean ;\ + exit 1;\ fi - if test -n '$(MAILSENDER_PW)'; then \ - sed -e "s|sender_pw_goes_here|$(MAILSENDER_PW)|g" -i $(DESTDIR)$(LINK_TEMPLATE_PATH); \ + + @if test -n '$(MYMAIL_ADDR)'; then \ + printf "Your mail address is ${BOLD}$(MYMAIL_ADDR)${STOP}\n"; \ + sed -e 's|your_addr_goes_here|$(MYMAIL_ADDR)|g' link-tmpl-template.cgi > link-tmpl.cgi; \ + else \ + printf "There's no mail adress configured for gpigeon in your config.mk !\n" ; \ + $(MAKE) clean ; \ + exit 1; \ fi - sed -e "s|has_mailserver_goes_here|$(HAS_MAILSERVER)|g" -i $(DESTDIR)$(LINK_TEMPLATE_PATH) - sed -e "s|gpg_homedir_goes_here|$(_GPG_HOMEDIR)|g" -i $(DESTDIR)$(LINK_TEMPLATE_PATH) - cp -f styles.css $(DESTDIR)$(WWWPREFIX)/ - chmod 644 $(DESTDIR)$(WWWPREFIX)/styles.css - cp -f favicon.ico $(DESTDIR)$(WWWPREFIX)/ - chmod 644 $(DESTDIR)$(WWWPREFIX)/favicon.ico - cp -rf merci $(DESTDIR)$(PREFIX)/ - chmod 755 -R $(DESTDIR)$(PREFIX) - if test -e 'genpass.txt'; then \ - printf "\n\nThe variable ARGON2ID_HASH wasn't declared thus a password and its argon2id hash as been generated (look into genpass.txt)."; \ - printf "\nYour password is:\n`head -1 genpass.txt`\n\n\n"; \ - rm -rf genpass.txt; \ + + + + @if [ '${HAS_MAILSERVER}' == '1' ]; then \ + printf "Local mail server setup. ${BOLD}Mail::Sendmail module will be used to send the mails${STOP}.\n"; \ + else \ + printf "External mail server setup. ${BOLD}Net::SMTPS module will be used to send the mails${STOP}.\n"; \ + if test -n '$(MAILSENDER)'; then \ + printf "\tEncrypted mails will be sent from ${BOLD}$(MAILSENDER)${STOP}\n"; \ + sed -e 's|sender_addr_goes_here|$(MAILSENDER)|g' link-tmpl-template.cgi > link-tmpl.cgi; \ + else \ + printf "\t${RED}No mail sender adress configured in your config.mk. Fix this.${STOP}\n" ; \ + $(MAKE) clean ; \ + exit 1; \ + fi; \ + if test -n '$(MAILSENDER_PW)'; then \ + printf "\tPassword for ${BOLD}${MAILSENDER}${STOP} is %s.\n" '${MAILSENDER_PW}'; \ + sed -e 's|sender_pw_goes_here|$(MAILSENDER_PW)|g' link-tmpl-template.cgi > link-tmpl.cgi; \ + else\ + printf "\t${RED}Password for the sender address wasn't set in your config.mk. Fix this${STOP}.\n";\ + $(MAKE) clean ; \ + exit 1; \ + fi; \ + if test -n '$(SMTP_DOMAIN)'; then \ + printf "\tSMTP server: ${BOLD}$(SMTP_DOMAIN)${STOP}\n"; \ + sed -e 's|smtp_domain_goes_here|$(SMTP_DOMAIN)|g' link-tmpl-template.cgi > link-tmpl.cgi; \ + else\ + printf "\t${RED}No SMTP server was configured in your config.mk. Fix this.${STOP}\n";\ + $(MAKE) clean ; \ + exit 1; \ + fi; \ + if test -n '$(SMTP_PORT)'; then \ + printf "\tSMTP port: ${BOLD}$(SMTP_PORT)${STOP}\n"; \ + sed -e 's|smtp_port_goes_here|$(SMTP_PORT)|g' link-tmpl-template.cgi > link-tmpl.cgi; \ + else \ + printf "\t${RED}No SMTP port configured in your config.mk. Fix this${STOP}.\n"; \ + $(MAKE) clean ; \ + exit 1; \ + fi; \ fi + @sed -e 's|has_mailserver_goes_here|$(HAS_MAILSERVER)|g' link-tmpl-template.cgi > link-tmpl.cgi + @sed -e 's|gpg_homedir_goes_here|$(_GPG_HOMEDIR)|g' link-tmpl-template.cgi > link-tmpl.cgi + @printf "\nDone preparing files. You can now type\nsudo make install\nin your terminal.\n" + +install: + mkdir -p $(DESTDIR)$(COOKIES_DIR) + mkdir -m700 -p $(DESTDIR)$(_GPG_HOMEDIR) + gpg --homedir "$(DESTDIR)$(_GPG_HOMEDIR)" --import gpg.txt; \ + mkdir -p $(DESTDIR)$(WWWPREFIX)/cgi-bin/l + install -Dm700 gpigeon.cgi $(DESTDIR)$(GPIGEON_PATH) + install -Dm600 link-tmpl.cgi $(DESTDIR)$(LINK_TEMPLATE_PATH) + install -Dm644 index.html favicon.ico styles.css -t $(DESTDIR)$(WWWPREFIX)/ + install -Dm755 merci/* -t $(DESTDIR)$(PREFIX)/merci/ uninstall: rm -rf $(DESTDIR)$(PREFIX) rm -rf $(DESTDIR)$(WWWPREFIX) clean: - rm -f genpass.txt gpg.txt + rm -f genpass.txt gpg.txt link-tmpl.cgi gpigeon.cgi .PHONY: clean install uninstall diff --git a/README.md b/README.md index 873b3d9..ce87785 100644 --- a/README.md +++ b/README.md @@ -1,29 +1,29 @@ GPIGEON ======== -Gpigeon generate links for a non technical person or someone not familiar -with GPG, so they can send you encrypted mails via a one-time -web form. +Gpigeon generate links for a GPG user to be sent to a non technical person (or +not a GPG user) so they can send you encrypted mail messages via a one-time +web link. Feels of déjàvu ? I was inspired by https://hawkpost.co but wasn't really interested in the multi-user perspective and managing a database. -Overview +Features ======== - * Single user. + * Single user: no database required. * One-time GPG form: after sending the encrypted message, the generated form self-destructs. * Cookie based login. If you block cookies, it will switch back to - hidden fields so you can still login, manage and create links. - * A table of the links generated is visible after connecting so you can - keep track of what has been created. You can also delete links + hidden fields so you can still login. + * A table of the links generated is visible when you connect so you can + keep track of what has been created. You can also delete link individually, or all at once. * No javascript used for the moment. Dependencies ============ -You will need perl and the following modules and my perl version is v5.32.0, YMMV: +You will need perl and the following modules and my perl version is **v5.34.0**, YMMV: * HTML::Entities * CGI @@ -39,20 +39,63 @@ You will need perl and the following modules and my perl version is v5.32.0, YMM Having a webserver with CGI support or a separate CGI engine is needed. I'm using nginx and fcgiwrap. -A note on Net::SMTP and Net:SMTPS dependencies: if you have a mailserver well +A note on **Net::SMTP** and **Net:SMTPS** dependencies: if you have a mailserver well configured with SPF and OpenDKIM (so your chances to get your mail treated as spam is greatly reduced) you should set the `HAS_MAILSERVER` -variable to 1 in the config.mk file. +variable in +[link-tmpl.cgi](https://git.les-miquelots.net/gpigeon/plain/link-tmpl.cgi) to 1. Installation ============ -Edit the config.mk file to customize the installation to your needs, and then -execute: -`sudo make` +Don't forget to copy `config.def.mk` into `config.mk` and tune +the variable to your liking. Then, you can run the good old: +``` +make +make install #you'll maybe need sudo though +``` You should also look in the [gpigeon-template.cgi](https://git.les-miquelots.net/gpigeon/plain/gpigeon-template.cgi) -and [link-tmpl.cgi](https://git.les-miquelots.net/gpigeon/plain/link-tmpl.cgi) source code, you should figure things out quickly. +and [link-tmpl-template.cgi](https://git.les-miquelots.net/gpigeon/plain/link-tmpl-template.cgi) source code, you should figure things out quickly. **Hint**: look for variables values ending in _goes_here_. + +Your nginx configuration should look like this: +``` +server { + listen 80; + server_name ggon.example.com; + + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 443 ssl http2; + + root /var/www/gpigeon; + server_name ggon.example.com; + ssl_certificate /etc/letsencrypt/live/ggon.example.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/ggon.example.com/privkey.pem; + error_log /var/log/gpigeon.log; + index index.html index.htm; + include /etc/nginx/hotlinking.conf; + location = /cgi-bin/gpigeon.cgi { + ssi off; + gzip off; + fastcgi_pass unix:/run/fcgiwrap.sock; + include /etc/nginx/fastcgi_params; + } + + location ~ ^/cgi-bin/l/(.*).cgi$ { + ssi off; + gzip off; + fastcgi_pass unix:/run/fcgiwrap.sock; + include /etc/nginx/fastcgi_params; + } + + include errorpages.conf; +} +``` diff --git a/config.def.mk b/config.def.mk new file mode 100644 index 0000000..5917230 --- /dev/null +++ b/config.def.mk @@ -0,0 +1,25 @@ +# Customize below to fit your system + +# paths +PREFIX = /usr/share/gpigeon +COOKIES_DIR = $(PREFIX)/cookies +_GPG_HOMEDIR = $(PREFIX)/gnupg +LINK_TEMPLATE_PATH = $(PREFIX)/link-tmpl.cgi +WWWPREFIX = /var/www/gpigeon +GPIGEON_PATH = $(WWWPREFIX)/cgi-bin/gpigeon.cgi + +# CGI tuning stuff +MSG_FORM_CHAR_LIMIT = 3000 + +# argon2id hash. generated by genpass.pl if empty when running make +ARGON2ID_HASH = + +# gpg and email vars +HAS_MAILSERVER = 0# choose 0 if you'll use an external mail server, 1 if local mail server installed. +# you don't need to set the 3 last variables if you got a local mailserver. +MYGPG_ID_0XLONG =# the 0xlong format of your gpg key. +MYMAIL_ADDR =# your mail address +MAILSENDER =# the mailer address that'll send you the encrypted mails +MAILSENDER_PW =# password for the mailer address +SMTP_DOMAIN =# smtp domain pour the mailer +SMTP_PORT =# smtp port for the mailer diff --git a/config.mk b/config.mk deleted file mode 100644 index abb2299..0000000 --- a/config.mk +++ /dev/null @@ -1,24 +0,0 @@ -# Customize below to fit your system - -# paths -PREFIX = /usr/share/webapps/gpigeon -COOKIES_DIR = $(PREFIX)/cookies -_GPG_HOMEDIR = $(PREFIX)/gnupg -LINK_TEMPLATE_PATH = $(PREFIX)/link-tmpl.cgi -WWWPREFIX = /var/www/gpigeon - -# argon2id hash. generated by genpass.pl if empty -ARGON2ID_HASH = - -# gpg and email vars -HAS_MAILSERVER = 0# 0 if you'll use an external mail server, 1 if local. -# you don't need to set the 3 last variables if you got a local mailserver. -MYGPG_ID_0XLONG =# the 0xlong format of your gpg key. -MYMAIL_ADDR =# your mail address -MAILSENDER =# the mailer address that'll send you the encrypted mails. -MAILSENDER_PW =# password for the mailer address -SMTP_DOMAIN =# smtp domain pour the mailer -SMTP_PORT =# smtp port for the mailer - -# CGI stuff -MSG_FORM_CHAR_LIMIT = 3000 diff --git a/genpass.pl b/genpass.pl index f7e6488..44b0f53 100755 --- a/genpass.pl +++ b/genpass.pl @@ -5,5 +5,5 @@ use Crypt::Argon2 qw/argon2id_pass/; my $pass = `openssl rand -base64 32`; my $salt = `openssl rand 16`; chomp $pass; -print "$pass\n"; -print argon2id_pass($pass, $salt, 3, '32M', 1, 32),"\n"; +print $pass,"\n"; +print argon2id_pass($pass, $salt, 3, '32M', 1, 32); -- cgit v1.2.3-70-g09d2