1 files changed, 106 insertions, 0 deletions
diff --git a/keygen.sh b/keygen.sh
new file mode 100755
index 0000000..005a5a4
--- /dev/null
+++ b/keygen.sh
@@ -0,0 +1,106 @@
+#!/bin/sh
+gpg_set_ultimate_trust()
+{
+        local keygrip
+        keygrip=$(gpg -K --with-colons|sed -ne '/^sec:/{p;q}'|cut -d: -f5)
+        expect - -- "$keygrip" <<'END'
+                set keygrip "[lindex $argv 0]"
+                spawn gpg --edit-key "$keygrip" trust
+                expect "Your decision?"
+                send -- "5\n"
+                expect "Do you really want to set this key to ultimate trust?"
+                send -- "y\n"
+                expect "gpg>"
+                send -- "save\n"
+                send_tty "\r"
+END
+}
+add()
+{
+    kiki merge \
+        --flow=sync \
+        --home${2:+="$2"} \
+        --create=rsa:4096 \
+        --flow=spill,match="$1" \
+        --type=pem \
+        --access=secret \
+        nil
+}
+silent() { "$@" >/dev/null 2>&1; }
+init()
+{
+        local root="$1"
+        if [ "$root" ]; then
+                mkdir -m0600 -p "$root"/root/.gnupg
+        fi
+        kiki init   ${root:+--chroot "$root"}
+        add encrypt ${root:+"$root/root/.gnupg"}
+        add sign    ${root:+"$root/root/.gnupg"}
+        (
+                [ "$root" ] && export GNUPGHOME="$root/root/.gnupg/"
+                gpg_set_ultimate_trust
+        )
+}
+sync()
+{
+        local home1="$1"/root/.gnupg home2="$2"/root/.gnupg
+        kiki sync-public \
+                --homedir "$home1" \
+                --passphrase-fd=0 \
+                --import-if-authentic \
+                --autosign \
+                --keyrings "$home2"/pubring.gpg
+        kiki sync-secret \
+                --homedir "$home1" \
+                --autosign --import
+}
+doublecheck()
+{
+        gpg2 --clearsign </dev/null | gpg2 --homedir "$1"/root/.gnupg --verify
+        gpg2 --clearsign --homedir "$1"/root/.gnupg </dev/null | gpg2 --verify
+}
+silent()
+{
+        exec 3>&1 4>&2
+        exec >/dev/null 2>&1
+}
+noisy()
+{
+        exec >&3 2>&1
+}
+set -e
+silent
+        init
+        init child
+        sync child ''
+        sync '' child
+        gpg2 --check-trustdb
+        gpg2 --check-trustdb --homedir child/root/.gnupg
+        doublecheck child
+noisy
+gpg2 -k
+gpg2 -k --homedir child/root/.gnupg

diff --git a/keygen.sh b/keygen.sh new file mode 100755 index 0000000..005a5a4 --- /dev/null +++ b/keygen.sh
@@ -0,0 +1,106 @@
	1	#!/bin/sh
	2
	3	gpg_set_ultimate_trust()
	4	{
	5	local keygrip
	6	keygrip=$(gpg -K --with-colons\|sed -ne '/^sec:/{p;q}'\|cut -d: -f5)
	7
	8	expect - -- "$keygrip" <<'END'
	9
	10	set keygrip "[lindex $argv 0]"
	11
	12	spawn gpg --edit-key "$keygrip" trust
	13
	14	expect "Your decision?"
	15	send -- "5\n"
	16	expect "Do you really want to set this key to ultimate trust?"
	17	send -- "y\n"
	18	expect "gpg>"
	19	send -- "save\n"
	20	send_tty "\r"
	21
	22	END
	23	}
	24
	25	add()
	26	{
	27	kiki merge \
	28	--flow=sync \
	29	--home${2:+="$2"} \
	30	--create=rsa:4096 \
	31	--flow=spill,match="$1" \
	32	--type=pem \
	33	--access=secret \
	34	nil
	35	}
	36
	37	silent() { "$@" >/dev/null 2>&1; }
	38
	39	init()
	40	{
	41	local root="$1"
	42
	43	if [ "$root" ]; then
	44	mkdir -m0600 -p "$root"/root/.gnupg
	45	fi
	46
	47	kiki init ${root:+--chroot "$root"}
	48	add encrypt ${root:+"$root/root/.gnupg"}
	49	add sign ${root:+"$root/root/.gnupg"}
	50
	51	(
	52	[ "$root" ] && export GNUPGHOME="$root/root/.gnupg/"
	53	gpg_set_ultimate_trust
	54	)
	55	}
	56
	57	sync()
	58	{
	59	local home1="$1"/root/.gnupg home2="$2"/root/.gnupg
	60	kiki sync-public \
	61	--homedir "$home1" \
	62	--passphrase-fd=0 \
	63	--import-if-authentic \
	64	--autosign \
	65	--keyrings "$home2"/pubring.gpg
	66	kiki sync-secret \
	67	--homedir "$home1" \
	68	--autosign --import
	69	}
	70
	71	doublecheck()
	72	{
	73	gpg2 --clearsign </dev/null \| gpg2 --homedir "$1"/root/.gnupg --verify
	74	gpg2 --clearsign --homedir "$1"/root/.gnupg </dev/null \| gpg2 --verify
	75	}
	76
	77	silent()
	78	{
	79	exec 3>&1 4>&2
	80	exec >/dev/null 2>&1
	81	}
	82
	83	noisy()
	84	{
	85	exec >&3 2>&1
	86	}
	87
	88	set -e
	89
	90	silent
	91
	92	init
	93	init child
	94
	95	sync child ''
	96	sync '' child
	97
	98	gpg2 --check-trustdb
	99	gpg2 --check-trustdb --homedir child/root/.gnupg
	100
	101	doublecheck child
	102
	103	noisy
	104
	105	gpg2 -k
	106	gpg2 -k --homedir child/root/.gnupg