1 files changed, 122 insertions, 0 deletions
diff --git a/src/keygen.sh b/src/keygen.sh
new file mode 100755
index 0000000..716359b
--- /dev/null
+++ b/src/keygen.sh
@@ -0,0 +1,122 @@
+#!/bin/sh
+gpg_set_ultimate_trust()
+{
+    local keygrip
+    keygrip=$(gpg -K --with-colons|sed -ne '/^sec:/{p;q}'|cut -d: -f5) || return
+    expect - -- "$keygrip" <<'END'
+        set keygrip "[lindex $argv 0]"
+        spawn gpg --edit-key "$keygrip" trust
+        expect "Your decision?"
+        send -- "5\n"
+        expect "Do you really want to set this key to ultimate trust?"
+        send -- "y\n"
+        expect "gpg>"
+        send -- "save\n"
+        send_tty "\r"
+END
+}
+add()
+{
+    kiki merge \
+        --flow=sync \
+        --home${2:+="$2"} \
+        --create=rsa:4096 \
+        --flow=spill,match="$1" \
+        --type=pem \
+        --access=secret \
+        nil
+}
+init()
+{
+    local root="$1"
+    if [ "$root" ]; then
+        mkdir -m0600 -p "$root"/root/.gnupg
+    fi
+    kiki init   ${root:+--chroot "$root"}
+    add encrypt ${root:+"$root/root/.gnupg"}
+    add sign    ${root:+"$root/root/.gnupg"}
+    (
+        [ "$root" ] && export GNUPGHOME="$root/root/.gnupg/"
+        gpg_set_ultimate_trust
+    )
+}
+sync()
+{
+    local home1="$1"/root/.gnupg home2="$2"/root/.gnupg
+    kiki sync-public \
+        --homedir "$home1" \
+        --passphrase-fd=0 \
+        --import-if-authentic \
+        --autosign \
+        --keyrings "$home2"/pubring.gpg
+    kiki sync-secret \
+        --homedir "$home1" \
+        --autosign --import
+}
+doublecheck()
+{
+    gpg2 --clearsign </dev/null | gpg2 --homedir "$1"/root/.gnupg --verify
+    gpg2 --clearsign --homedir "$1"/root/.gnupg </dev/null | gpg2 --verify
+}
+silent()
+{
+    exec 3>&1 4>&2
+    exec >/dev/null 2>&1
+}
+noisy()
+{
+    exec >&3 2>&1
+}
+new_child()
+{
+    local root="$1"
+    init "$root"
+    sync "$root" ''
+    sync '' "$root"
+    gpg2 --check-trustdb
+    gpg2 --check-trustdb --homedir "$root"/root/.gnupg
+    doublecheck "$root"
+}
+child_dir=$1
+set -e
+[ "$(id -u)" = 0 ]
+[ "$child_dir" ]
+[ ! -d "$child_dir" ]
+which expect >/dev/null
+mkdir "$child_dir"
+trap -- 'umount "$child_dir"; rmdir "$child_dir"' EXIT
+mount -t tmpfs -o mode=0700 tmpfs "$child_dir"
+silent
+init
+new_child "$child_dir"
+noisy
+trap EXIT
+# gpg2 -k
+# gpg2 -k --homedir "$child_dir"/root/.gnupg

diff --git a/src/keygen.sh b/src/keygen.sh new file mode 100755 index 0000000..716359b --- /dev/null +++ b/src/keygen.sh
@@ -0,0 +1,122 @@
	1	#!/bin/sh
	2
	3	gpg_set_ultimate_trust()
	4	{
	5	local keygrip
	6	keygrip=$(gpg -K --with-colons\|sed -ne '/^sec:/{p;q}'\|cut -d: -f5) \|\| return
	7
	8	expect - -- "$keygrip" <<'END'
	9
	10	set keygrip "[lindex $argv 0]"
	11
	12	spawn gpg --edit-key "$keygrip" trust
	13
	14	expect "Your decision?"
	15	send -- "5\n"
	16	expect "Do you really want to set this key to ultimate trust?"
	17	send -- "y\n"
	18	expect "gpg>"
	19	send -- "save\n"
	20	send_tty "\r"
	21
	22	END
	23	}
	24
	25	add()
	26	{
	27	kiki merge \
	28	--flow=sync \
	29	--home${2:+="$2"} \
	30	--create=rsa:4096 \
	31	--flow=spill,match="$1" \
	32	--type=pem \
	33	--access=secret \
	34	nil
	35	}
	36
	37	init()
	38	{
	39	local root="$1"
	40
	41	if [ "$root" ]; then
	42	mkdir -m0600 -p "$root"/root/.gnupg
	43	fi
	44
	45	kiki init ${root:+--chroot "$root"}
	46	add encrypt ${root:+"$root/root/.gnupg"}
	47	add sign ${root:+"$root/root/.gnupg"}
	48
	49	(
	50	[ "$root" ] && export GNUPGHOME="$root/root/.gnupg/"
	51	gpg_set_ultimate_trust
	52	)
	53	}
	54
	55	sync()
	56	{
	57	local home1="$1"/root/.gnupg home2="$2"/root/.gnupg
	58	kiki sync-public \
	59	--homedir "$home1" \
	60	--passphrase-fd=0 \
	61	--import-if-authentic \
	62	--autosign \
	63	--keyrings "$home2"/pubring.gpg
	64	kiki sync-secret \
	65	--homedir "$home1" \
	66	--autosign --import
	67	}
	68
	69	doublecheck()
	70	{
	71	gpg2 --clearsign </dev/null \| gpg2 --homedir "$1"/root/.gnupg --verify
	72	gpg2 --clearsign --homedir "$1"/root/.gnupg </dev/null \| gpg2 --verify
	73	}
	74
	75	silent()
	76	{
	77	exec 3>&1 4>&2
	78	exec >/dev/null 2>&1
	79	}
	80
	81	noisy()
	82	{
	83	exec >&3 2>&1
	84	}
	85
	86	new_child()
	87	{
	88	local root="$1"
	89	init "$root"
	90
	91	sync "$root" ''
	92	sync '' "$root"
	93
	94	gpg2 --check-trustdb
	95	gpg2 --check-trustdb --homedir "$root"/root/.gnupg
	96
	97	doublecheck "$root"
	98	}
	99
	100
	101	child_dir=$1
	102
	103	set -e
	104
	105	[ "$(id -u)" = 0 ]
	106	[ "$child_dir" ]
	107	[ ! -d "$child_dir" ]
	108	which expect >/dev/null
	109
	110	mkdir "$child_dir"
	111	trap -- 'umount "$child_dir"; rmdir "$child_dir"' EXIT
	112	mount -t tmpfs -o mode=0700 tmpfs "$child_dir"
	113
	114	silent
	115	init
	116	new_child "$child_dir"
	117	noisy
	118
	119	trap EXIT
	120
	121	# gpg2 -k
	122	# gpg2 -k --homedir "$child_dir"/root/.gnupg