summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Cady <d@jerkface.net>2016-04-29 07:48:05 -0400
committerAndrew Cady <d@jerkface.net>2016-04-29 07:49:07 -0400
commitd1836ad0ad5ff506522a63b715af3eaef46034e1 (patch)
tree5965191ddaf12bec80d74034fbeefdf27811ff68
parent5825072303098848e16ddd3c4a31b36506ed6430 (diff)
child generation script: generates tmpfs containing child
-rwxr-xr-xkeygen.sh132
1 files changed, 74 insertions, 58 deletions
diff --git a/keygen.sh b/keygen.sh
index 005a5a4..716359b 100755
--- a/keygen.sh
+++ b/keygen.sh
@@ -2,22 +2,22 @@
2 2
3gpg_set_ultimate_trust() 3gpg_set_ultimate_trust()
4{ 4{
5 local keygrip 5 local keygrip
6 keygrip=$(gpg -K --with-colons|sed -ne '/^sec:/{p;q}'|cut -d: -f5) 6 keygrip=$(gpg -K --with-colons|sed -ne '/^sec:/{p;q}'|cut -d: -f5) || return
7 7
8 expect - -- "$keygrip" <<'END' 8 expect - -- "$keygrip" <<'END'
9 9
10 set keygrip "[lindex $argv 0]" 10 set keygrip "[lindex $argv 0]"
11 11
12 spawn gpg --edit-key "$keygrip" trust 12 spawn gpg --edit-key "$keygrip" trust
13 13
14 expect "Your decision?" 14 expect "Your decision?"
15 send -- "5\n" 15 send -- "5\n"
16 expect "Do you really want to set this key to ultimate trust?" 16 expect "Do you really want to set this key to ultimate trust?"
17 send -- "y\n" 17 send -- "y\n"
18 expect "gpg>" 18 expect "gpg>"
19 send -- "save\n" 19 send -- "save\n"
20 send_tty "\r" 20 send_tty "\r"
21 21
22END 22END
23} 23}
@@ -25,82 +25,98 @@ END
25add() 25add()
26{ 26{
27 kiki merge \ 27 kiki merge \
28 --flow=sync \ 28 --flow=sync \
29 --home${2:+="$2"} \ 29 --home${2:+="$2"} \
30 --create=rsa:4096 \ 30 --create=rsa:4096 \
31 --flow=spill,match="$1" \ 31 --flow=spill,match="$1" \
32 --type=pem \ 32 --type=pem \
33 --access=secret \ 33 --access=secret \
34 nil 34 nil
35} 35}
36 36
37silent() { "$@" >/dev/null 2>&1; }
38
39init() 37init()
40{ 38{
41 local root="$1" 39 local root="$1"
42 40
43 if [ "$root" ]; then 41 if [ "$root" ]; then
44 mkdir -m0600 -p "$root"/root/.gnupg 42 mkdir -m0600 -p "$root"/root/.gnupg
45 fi 43 fi
46 44
47 kiki init ${root:+--chroot "$root"} 45 kiki init ${root:+--chroot "$root"}
48 add encrypt ${root:+"$root/root/.gnupg"} 46 add encrypt ${root:+"$root/root/.gnupg"}
49 add sign ${root:+"$root/root/.gnupg"} 47 add sign ${root:+"$root/root/.gnupg"}
50 48
51 ( 49 (
52 [ "$root" ] && export GNUPGHOME="$root/root/.gnupg/" 50 [ "$root" ] && export GNUPGHOME="$root/root/.gnupg/"
53 gpg_set_ultimate_trust 51 gpg_set_ultimate_trust
54 ) 52 )
55} 53}
56 54
57sync() 55sync()
58{ 56{
59 local home1="$1"/root/.gnupg home2="$2"/root/.gnupg 57 local home1="$1"/root/.gnupg home2="$2"/root/.gnupg
60 kiki sync-public \ 58 kiki sync-public \
61 --homedir "$home1" \ 59 --homedir "$home1" \
62 --passphrase-fd=0 \ 60 --passphrase-fd=0 \
63 --import-if-authentic \ 61 --import-if-authentic \
64 --autosign \ 62 --autosign \
65 --keyrings "$home2"/pubring.gpg 63 --keyrings "$home2"/pubring.gpg
66 kiki sync-secret \ 64 kiki sync-secret \
67 --homedir "$home1" \ 65 --homedir "$home1" \
68 --autosign --import 66 --autosign --import
69} 67}
70 68
71doublecheck() 69doublecheck()
72{ 70{
73 gpg2 --clearsign </dev/null | gpg2 --homedir "$1"/root/.gnupg --verify 71 gpg2 --clearsign </dev/null | gpg2 --homedir "$1"/root/.gnupg --verify
74 gpg2 --clearsign --homedir "$1"/root/.gnupg </dev/null | gpg2 --verify 72 gpg2 --clearsign --homedir "$1"/root/.gnupg </dev/null | gpg2 --verify
75} 73}
76 74
77silent() 75silent()
78{ 76{
79 exec 3>&1 4>&2 77 exec 3>&1 4>&2
80 exec >/dev/null 2>&1 78 exec >/dev/null 2>&1
81} 79}
82 80
83noisy() 81noisy()
84{ 82{
85 exec >&3 2>&1 83 exec >&3 2>&1
86} 84}
87 85
88set -e 86new_child()
87{
88 local root="$1"
89 init "$root"
89 90
90silent 91 sync "$root" ''
92 sync '' "$root"
91 93
92 init 94 gpg2 --check-trustdb
93 init child 95 gpg2 --check-trustdb --homedir "$root"/root/.gnupg
94 96
95 sync child '' 97 doublecheck "$root"
96 sync '' child 98}
97 99
98 gpg2 --check-trustdb
99 gpg2 --check-trustdb --homedir child/root/.gnupg
100 100
101 doublecheck child 101child_dir=$1
102 102
103set -e
104
105[ "$(id -u)" = 0 ]
106[ "$child_dir" ]
107[ ! -d "$child_dir" ]
108which expect >/dev/null
109
110mkdir "$child_dir"
111trap -- 'umount "$child_dir"; rmdir "$child_dir"' EXIT
112mount -t tmpfs -o mode=0700 tmpfs "$child_dir"
113
114silent
115init
116new_child "$child_dir"
103noisy 117noisy
104 118
105gpg2 -k 119trap EXIT
106gpg2 -k --homedir child/root/.gnupg 120
121# gpg2 -k
122# gpg2 -k --homedir "$child_dir"/root/.gnupg