#!/bin/bash
# file: gnucash_wrapper.sh
# Pete Nesbitt, Jan 2013
# wrapper script to decrypt/encrypt GnuCash data files
# could easily adapt to other apps
# uses (requires) Xdialog for password entry
### !! SEE INITIAL SETUP (BELOW) PRIOR TO FIRST RUN
#####################################################################
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
#####################################################################
#### Initial Setup #######################################################
# Start with a working gnu_cahs account env, with your layout in place.
# This app expects to be started by referencing an encrypted file,
# 1) locate your gnucash data file,
# usually .gnucash, like "finances.gnucash"
#
# 2) rename the file then encrypt it. (ex using finance book set)
# mv finances.gnucash finances.gnucash_decrypted
# openssl enc -e -aes-256-cbc -in finances.gnucash_decrypted -out $finances.gnucash -pass stdin
# --this will prompt for a password.
# --this will be your permanent password for this account set. (don't lose it!)
#
# 3) update the variable below to point to the new encrypted file:
# DATA_FILE="/full/path/to/encrypted_file"
#
# 4) optionally create a 'xpm' icon from the gnucash png icon
# I used gimp and /usr/share/gnucash/pixmaps/gnucash-icon-32x32.png
#
# -once the icon is created, update the APP_ICON variable below
#
# From now on, instead of starting GNUCash with it's binary, start it by running this script.
# You will likely want to set your desktop menu to use this script as well.
#
##########################################################################
# UPDATE THIS VAR
#gnucash data file (FQFN)
DATA_FILE="/data/docs/gnucash/finances.gnucash"
# UPDATE THIS VAR ONLY IF YOU MADE AN ICON
#icon used in passwd box, must be a xpm file. (Not Required)
APP_ICON="/data/media/images/app_images/icon-gnucash.xpm"
#################################
APP_NAME="GnuCash" #just for display in pwd box
APP="/usr/bin/gnucash"
# decrypt file
DECRYPTED_FILE=${DATA_FILE}_decrypted
################################
# first do a quick icon test
file ${APP_ICON} |grep pixmap &> /dev/null
ICON_VAL=$?
if [ ${ICON_VAL} -eq 0 ];then
ICON="--icon ${APP_ICON}"
else
ICON=""
fi
##### Functions ###########
get_password() {
FILEPASS=`Xdialog --center ${ICON} --password --timeout 30 --stdout --inputbox "Enter ${APP_NAME} Password" 0 0`
PASS_VAL=$?
#timeout's will exit 255, make sure we bail now
if [ ${PASS_VAL} -ne 0 ];then
exit 1
fi
}
decrypt_file() {
# decrypt the source data file
openssl enc -d -aes-256-cbc -in ${DATA_FILE} -out ${DECRYPTED_FILE} -pass stdin < /dev/null
${FILEPASS}
EOPW
DEC_VAL=$?
}
decrypt_check() {
REDO_PASS="no"
if [ ${DEC_VAL} -ne 0 ];then
# option to redo password
Xdialog --center ${ICON} --stdout --yesno "Password Failed\nRetry?" 0 0
REDO_VAL=$?
if [ ${REDO_VAL} -eq 0 ];then
REDO_PASS="yes"
else
exit 1
fi
fi
}
encrypt_file() {
openssl enc -e -aes-256-cbc -in ${DECRYPTED_FILE} -out ${DATA_FILE} -pass stdin < /dev/null
${FILEPASS}
EOPW
SSL_VAL=$?
}
encrypt_check() {
# remove decrypted copy and any working files (note the *)
if [ ${SSL_VAL} -eq 0 ];then
shred -u ${DECRYPTED_FILE}*
Xdialog --center ${ICON} --infobox "Successfully (re)Encrypted Data File" 0 0 8000 # 1000's of a seconds
else
Xdialog --center ${ICON} --msgbox "WARNING: SSL Encryption ERROR, exit:${SSL_VAL}\n Un-Encrypted File Remains (${DECRYPTED_FILE})" 0 0
exit 1
fi
}
################################
# Start of main area
get_password
# decrypt data file
decrypt_file
decrypt_check
#check if we need to retry the password
if [ "${REDO_PASS}" = "yes" ];then
get_password
decrypt_file
decrypt_check
fi
# use the decrypted file in application
${APP} ${DECRYPTED_FILE}
# once done, encrypt file and remove plain (working) file
encrypt_file
encrypt_check
unset FILEPASS
#eof