everything

ci_prep.sh

@@ -18,8 +18,7 @@ for filename in confs/*; do
     basename=$(basename $filename)
     hash_sha256 $basename $(cat ./key)
     output=$crypt_ret
-    encrypt "$(cat $filename)" $(cat ./key)
-    echo "$crypt_ret" > $output
+    encrypt_file $filename $(cat ./key) $output
     scp -P77 -o StrictHostKeychecking=no -i ./id_root $output root@parrot.quacker.org:/dat/apps/nginx/http_dl/root/pub
     rm $output
 done
@@ -45,5 +44,4 @@ touch .htpasswd
 htpasswd -b ./.htpasswd liangyifang liangyifang
 htpasswd -b ./.htpasswd ruyuechun ruyuechun
 htpasswd -b ./.htpasswd liuxiangdong liuxiangdong
-encrypt "$(cat ./.htpasswd)" "$(cat ./key)"
-echo "$crypt_ret" > image/nginx/.htpasswd
+encrypt_file ./.htpasswd "$(cat ./key)" image/htpasswd

image/crypt.sh

@@ -4,7 +4,23 @@ decrypt()
 {
     input=$1
     key=$2
-    crypt_ret=$(echo $input | openssl enc -d -salt -aes-256-cbc -a -md sha512 -pbkdf2 -pass pass:$key)
+    crypt_ret=$(echo $input | openssl enc -d -salt -aes-256-cbc -a -A -md sha512 -pbkdf2 -pass pass:$key)
+}
+
+decrypt_file()
+{
+    input=$1
+    key=$2
+    output=$3
+    openssl enc -d -salt -aes-256-cbc -a -md sha512 -pbkdf2 -pass pass:$key -in $input -out $output
+}
+
+encrypt_file()
+{
+    input=$1
+    key=$2
+    output=$3
+    openssl enc -e -salt -aes-256-cbc -a -md sha512 -pbkdf2 -pass pass:$key -in $input -out $output
 }
 
 encrypt()

image/run.sh

@@ -46,11 +46,9 @@ URL=$URL/$crypt_ret
 wget $URL -O /opt/$FQDN
 
 echo "Decrypting..."
-decrypt $(cat /opt/$FQDN) $KEY
-echo $crypt_ret > /opt/config.json
+decrypt_file /opt/$FQDN $KEY /opt/config.json
 
-decrypt $(cat /opt/nginx/.htpasswd) $KEY
-echo $crypt_ret > /opt/nginx/.htpasswd
+decrypt_file /opt/htpasswd $KEY /opt/nginx/.htpasswd
 
 echo ""
 echo "===== Starting cron ====="