m1st0 · July 5, 2025 04:06
diff --git a/mariadb_gpg_unwrapper.zsh b/mariadb_gpg_unwrapper.zsh
 #!/usr/bin/zsh
 # Decrypts encrypted MariaDB credentials and runs a MariaDB manual backup

 # Author: Maulik Mistry
 # Please share support: https://www.paypal.com/paypalme/m1st0

 # License: BSD License 2.0
 # Copyright (c) 2023–2025, Maulik Mistry
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
 #     * Redistributions of source code must retain the above copyright
 #       notice, this list of conditions and the following disclaimer.
 #     * Redistributions in binary form must reproduce the above copyright
 #       notice, this list of conditions and the following disclaimer in the
 #       documentation and/or other materials provided with the distribution.
 #     * Neither the name of the <organization> nor the
 #       names of its contributors may be used to endorse or promote products
 #       derived from this software without specific prior written permission.
 #
 # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 # DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY
 # DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 # (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 # ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 # Encrypted credentials file path
 enc_file="$HOME/.local/share/mariadb/mariadb.conf.gpg"

 # Temporary decrypted file
 tmp_file="/tmp/mariadb_my.cnf.$$"

 # Check existence
 if [[ ! -f "$enc_file" ]]; then
  echo "Encrypted credentials file not found: $enc_file"
  exit 1
 fi

 # Decrypt to temp file
 gpg --quiet --decrypt "$enc_file" > "$tmp_file"
 if [[ $? -ne 0 ]]; then
  echo "Failed to decrypt credentials file."
  rm -f "$tmp_file"
  exit 1
 fi

 chmod 600 "$tmp_file"

 # Run specified MariaDB client command with arguments
 # Usage: ./mariadb_gpg_unwrapper.zsh mysqldump --all-databases
 cmd="$1"
 shift
 "$cmd" --defaults-file="$tmp_file" "$@"

 # Clean up
 rm -f "$tmp_file"

diff --git a/mariadb_manual_backup.zsh b/mariadb_manual_backup.zsh
 #!/usr/bin/zsh
 # Manual backup of mariadb with encrypted credentials

 # Author: Maulik Mistry
 # Please share support: https://www.paypal.com/paypalme/m1st0

 # License: BSD License 2.0
 # Copyright (c) 2023–2025, Maulik Mistry
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
 #     * Redistributions of source code must retain the above copyright
 #       notice, this list of conditions and the following disclaimer.
 #     * Redistributions in binary form must reproduce the above copyright
 #       notice, this list of conditions and the following disclaimer in the
 #       documentation and/or other materials provided with the distribution.
 #     * Neither the name of the <organization> nor the
 #       names of its contributors may be used to endorse or promote products
 #       derived from this software without specific prior written permission.
 #
 # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 # DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY
 # DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 # (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 # ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 # Configurable variables
 backup_root="/var/lib/mysql-backup"
 new_backup_dir="/tmp/mariadb_new_backup_$(date +%Y%m%d)"
 final_backup_dir="$HOME/mariadb_backups"  # Change to your actual backups directory

 # Safety check: do not allow root of home or suspicious paths
 # This can be expanded later
 if [[ "$final_backup_dir" == "$HOME" ]] || [[ "$final_backup_dir" == "$HOME/" ]]; then
  echo "Refusing to use home directory root as backup destination."
  exit 1
 fi

 # Create new backup directory
 mkdir -p "$new_backup_dir"

 # Dump the MariaDB databases
 echo "Starting MariaDB dump..."
 # Get the directory of the current script
 script_dir="${0:A:h}"
 # Call the gpg unwrapping script in the same directory
 "$script_dir/mariadb_gpg_unwrapper.zsh" mysqldump --all-databases --single-transaction --quick --lock-tables=false > "$new_backup_dir/mariadb_new_backup_$(date +%Y%m%d)"
 if [[ $? -ne 0 ]]; then
  echo "Backup failed; aborting."
  rm -rf "$new_backup_dir"
  exit 1
 fi
 echo "Dump completed: $new_backup_dir/mariadb_new_backup_$(date +%Y%m%d)"

 # Verify backup file exists and is not empty
 if [[ ! -s "$new_backup_dir/mariadb_new_backup_$(date +%Y%m%d)" ]]; then
  echo "Backup file is empty; aborting."
  rm -rf "$new_backup_dir"
  exit 1
 fi

 # Move old backup to temporary location before deleting
 old_backup_tmp="${final_backup_dir}_old_$(date +%s)"
 if [[ -d "$final_backup_dir" ]]; then
  mv "$final_backup_dir" "$old_backup_tmp"
 fi

 # Move new backup to final location
 mv "$new_backup_dir" "$final_backup_dir"

 # Verify move
 if [[ -d "$final_backup_dir" && -s "$final_backup_dir/mariadb_new_backup_$(date +%Y%m%d)" ]]; then
  echo "New backup verified in $final_backup_dir"

  # Remove old backup safely
  if [[ -d "$old_backup_tmp" ]]; then
    rm -rf "$old_backup_tmp"
    echo "Old backup $old_backup_tmp deleted."
  fi
 else
  echo "New backup verification failed; restoring old backup."

  # Restore old backup
  if [[ -d "$old_backup_tmp" ]]; then
    mv "$old_backup_tmp" "$final_backup_dir"
  fi
  rm -rf "$new_backup_dir"
  exit 1
 fi

 echo "Backup process completed successfully."
	#!/usr/bin/zsh
	# Decrypts encrypted MariaDB credentials and runs a MariaDB manual backup

	# Author: Maulik Mistry
	# Please share support: https://www.paypal.com/paypalme/m1st0

	# License: BSD License 2.0
	# Copyright (c) 2023–2025, Maulik Mistry
	# All rights reserved.
	#
	# Redistribution and use in source and binary forms, with or without
	# modification, are permitted provided that the following conditions are met:
	# * Redistributions of source code must retain the above copyright
	# notice, this list of conditions and the following disclaimer.
	# * Redistributions in binary form must reproduce the above copyright
	# notice, this list of conditions and the following disclaimer in the
	# documentation and/or other materials provided with the distribution.
	# * Neither the name of the <organization> nor the
	# names of its contributors may be used to endorse or promote products
	# derived from this software without specific prior written permission.
	#
	# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
	# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
	# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
	# DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY
	# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
	# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
	# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
	# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

	# Encrypted credentials file path
	enc_file="$HOME/.local/share/mariadb/mariadb.conf.gpg"

	# Temporary decrypted file
	tmp_file="/tmp/mariadb_my.cnf.$$"

	# Check existence
	if [[ ! -f "$enc_file" ]]; then
	echo "Encrypted credentials file not found: $enc_file"
	exit 1
	fi

	# Decrypt to temp file
	gpg --quiet --decrypt "$enc_file" > "$tmp_file"
	if [[ $? -ne 0 ]]; then
	echo "Failed to decrypt credentials file."
	rm -f "$tmp_file"
	exit 1
	fi

	chmod 600 "$tmp_file"

	# Run specified MariaDB client command with arguments
	# Usage: ./mariadb_gpg_unwrapper.zsh mysqldump --all-databases
	cmd="$1"
	shift
	"$cmd" --defaults-file="$tmp_file" "$@"

	# Clean up
	rm -f "$tmp_file"
	#!/usr/bin/zsh
	# Manual backup of mariadb with encrypted credentials

	# Author: Maulik Mistry
	# Please share support: https://www.paypal.com/paypalme/m1st0

	# License: BSD License 2.0
	# Copyright (c) 2023–2025, Maulik Mistry
	# All rights reserved.
	#
	# Redistribution and use in source and binary forms, with or without
	# modification, are permitted provided that the following conditions are met:
	# * Redistributions of source code must retain the above copyright
	# notice, this list of conditions and the following disclaimer.
	# * Redistributions in binary form must reproduce the above copyright
	# notice, this list of conditions and the following disclaimer in the
	# documentation and/or other materials provided with the distribution.
	# * Neither the name of the <organization> nor the
	# names of its contributors may be used to endorse or promote products
	# derived from this software without specific prior written permission.
	#
	# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
	# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
	# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
	# DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY
	# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
	# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
	# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
	# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

	# Configurable variables
	backup_root="/var/lib/mysql-backup"
	new_backup_dir="/tmp/mariadb_new_backup_$(date +%Y%m%d)"
	final_backup_dir="$HOME/mariadb_backups" # Change to your actual backups directory

	# Safety check: do not allow root of home or suspicious paths
	# This can be expanded later
	if [[ "$final_backup_dir" == "$HOME" ]] \|\| [[ "$final_backup_dir" == "$HOME/" ]]; then
	echo "Refusing to use home directory root as backup destination."
	exit 1
	fi

	# Create new backup directory
	mkdir -p "$new_backup_dir"

	# Dump the MariaDB databases
	echo "Starting MariaDB dump..."
	# Get the directory of the current script
	script_dir="${0:A:h}"
	# Call the gpg unwrapping script in the same directory
	"$script_dir/mariadb_gpg_unwrapper.zsh" mysqldump --all-databases --single-transaction --quick --lock-tables=false > "$new_backup_dir/mariadb_new_backup_$(date +%Y%m%d)"
	if [[ $? -ne 0 ]]; then
	echo "Backup failed; aborting."
	rm -rf "$new_backup_dir"
	exit 1
	fi
	echo "Dump completed: $new_backup_dir/mariadb_new_backup_$(date +%Y%m%d)"

	# Verify backup file exists and is not empty
	if [[ ! -s "$new_backup_dir/mariadb_new_backup_$(date +%Y%m%d)" ]]; then
	echo "Backup file is empty; aborting."
	rm -rf "$new_backup_dir"
	exit 1
	fi

	# Move old backup to temporary location before deleting
	old_backup_tmp="${final_backup_dir}_old_$(date +%s)"
	if [[ -d "$final_backup_dir" ]]; then
	mv "$final_backup_dir" "$old_backup_tmp"
	fi

	# Move new backup to final location
	mv "$new_backup_dir" "$final_backup_dir"

	# Verify move
	if [[ -d "$final_backup_dir" && -s "$final_backup_dir/mariadb_new_backup_$(date +%Y%m%d)" ]]; then
	echo "New backup verified in $final_backup_dir"

	# Remove old backup safely
	if [[ -d "$old_backup_tmp" ]]; then
	rm -rf "$old_backup_tmp"
	echo "Old backup $old_backup_tmp deleted."
	fi
	else
	echo "New backup verification failed; restoring old backup."

	# Restore old backup
	if [[ -d "$old_backup_tmp" ]]; then
	mv "$old_backup_tmp" "$final_backup_dir"
	fi
	rm -rf "$new_backup_dir"
	exit 1
	fi

	echo "Backup process completed successfully."