Basic approach to encrypting backups.

Essentially, ensure that openmrs.zip and buendia.tar.gz are encrypted
using the Buendia system key.

The patient chart ZIP is already encrypted with the OpenMRS server
password, so we're leaving that untouched for now.

packages/buendia-backup/data/usr/bin/buendia-backup

@@ -137,7 +137,9 @@ echo "Saving Buendia configuration..."
 # about any which might be missing.
 config_paths=$(ls -d /usr/share/buendia/{counts,distilled,openmrs,profiles,site} || true)
 tar cfz "$new_dir/buendia.tar.gz" --exclude '*.omod' $config_paths
-ls -l "$new_dir/buendia.tar.gz"
+encrypt_file "$new_dir/buendia.tar.gz"
+rm "$new_dir/buendia.tar.gz"
+ls -l "$new_dir/buendia.tar.gz.enc"
 
 # ---- Back up the MySQL database.
 
@@ -148,7 +150,9 @@ if ! buendia-mysql-dump openmrs "$new_dir/openmrs.zip" >"$tmp/out" 2>&1; then
     echo "buendia-mysql-dump failed!"
     exit 1
 fi
-ls -l "$new_dir/openmrs.zip"
+encrypt_file "$new_dir/openmrs.zip"
+rm "$new_dir/openmrs.zip"
+ls -l "$new_dir/openmrs.zip.enc"
 
 # ---- Back up the package list and non-base packages.
 

packages/buendia-backup/data/usr/bin/buendia-restore

@@ -141,6 +141,8 @@ if [ $progress_state -le $PROGRESS_SETTINGS_NEXT ]; then
   echo
   echo "Restoring settings..."
   mv /usr/share/buendia/site /usr/share/buendia/site.$$
+  # FIXME: This could fail if there isn't enough space on $root
+  decrypt_file "$root/buendia.tar.gz"
   if tar -xzf $root/buendia.tar.gz -C / usr/share/buendia/site; then
     rm -rf /usr/share/buendia/site.$$
   else
@@ -171,6 +173,8 @@ if [ $progress_state -le $PROGRESS_MYSQL_NEXT ]; then
   # ---- Restore the MySQL database.
   echo
   echo "Restoring MySQL database..."
+  # FIXME: This could fail if there isn't enough space on $root
+  decrypt_file "$root/openmrs.zip"
   service tomcat7 stop
   if ! buendia-mysql-load -f openmrs "$root/openmrs.zip" >"$tmp/out" 2>&1; then
     if [ -e $tmp/out ]; then

packages/buendia-backup/data/usr/share/buendia/tests/40-backup-to-local

@@ -8,12 +8,16 @@ test_10_run_backup_cron () {
 
 # Then it stores a tarball of site configs locally
 test_20_cron_saved_site_config () {
-    tar tfz $BUENDIA_TEST_BACKUP_TARGET/buendia.tar.gz
+    cp $BUENDIA_TEST_BACKUP_TARGET/buendia.tar.gz.enc .
+    decrypt_file buendia.tar.gz
+    tar tfz buendia.tar.gz
 }
 
 # And it stores a database dump locally
 test_20_cron_saved_database_dump () {
-    unzip -t $BUENDIA_TEST_BACKUP_TARGET/openmrs.zip
+    cp $BUENDIA_TEST_BACKUP_TARGET/openmrs.zip.enc .
+    decrypt_file openmrs.zip
+    unzip -t openmrs.zip
 }
 
 test_20_cron_saved_package_list () {

packages/buendia-backup/data/usr/share/buendia/tests/50-backup-to-external-safe

@@ -16,12 +16,16 @@ test_10_run_backup_cron () {
 
 # Then it stores a tarball of site configs on the external device
 test_20_cron_saved_site_config () {
-    tar tfz $BUENDIA_TEST_BACKUP_TARGET/buendia.tar.gz
+    cp $BUENDIA_TEST_BACKUP_TARGET/buendia.tar.gz.enc .
+    decrypt_file buendia.tar.gz
+    tar tfz buendia.tar.gz
 }
 
 # And it stores a database dump on the external device
 test_20_cron_saved_database_dump () {
-    unzip -t $BUENDIA_TEST_BACKUP_TARGET/openmrs.zip
+    cp $BUENDIA_TEST_BACKUP_TARGET/openmrs.zip.enc .
+    decrypt_file openmrs.zip
+    unzip -t openmrs.zip
 }
 
 # And it stores a package listing on the external device