diff options
Diffstat (limited to 'src/samizdat-password-agent')
-rwxr-xr-x | src/samizdat-password-agent | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/src/samizdat-password-agent b/src/samizdat-password-agent new file mode 100755 index 0000000..0fb26c6 --- /dev/null +++ b/src/samizdat-password-agent | |||
@@ -0,0 +1,73 @@ | |||
1 | #!/bin/sh | ||
2 | [ "$(id -u)" -gt 0 ] && exec sudo "$0" "$@" | ||
3 | |||
4 | scan_gnupg_db() | ||
5 | { | ||
6 | keylist= | ||
7 | mainkeygrip= | ||
8 | uid= | ||
9 | local IFS=' | ||
10 | ' | ||
11 | for record in $(gpg2 --with-fingerp --with-fingerp --with-colons -K | cut -d: -f1,5,10); do | ||
12 | : "$record" | ||
13 | case "$record" in | ||
14 | fpr:*) keylist="$keylist ${record##*:}" ;; | ||
15 | sec:*) | ||
16 | if [ -z "$mainkeygrip" ]; then | ||
17 | mainkeygrip="${record#sec:}" | ||
18 | mainkeygrip="${mainkeygrip%%:*}" | ||
19 | fi ;; | ||
20 | uid:*) : ${uid:=${record#uid:*:}} ;; | ||
21 | esac | ||
22 | done | ||
23 | } | ||
24 | |||
25 | eval $(samizdat-gpg-agent) | ||
26 | |||
27 | gpg2_test_sign() | ||
28 | { | ||
29 | GPG_TTY=none gpg2 \ | ||
30 | --ignore-valid-from --ignore-time-conflict --no-tty --batch --clearsign </dev/null >/dev/null 2>&1 | ||
31 | } | ||
32 | |||
33 | if [ ! "$FORCE_PINENTRY" ] && gpg2_test_sign; then | ||
34 | echo "Made signature with default key successfully. No additional passphrase is needed." >&2 | ||
35 | exit | ||
36 | fi | ||
37 | |||
38 | scan_gnupg_db # get $uid | ||
39 | |||
40 | if [ "$uid" ]; then | ||
41 | DESC='Please enter the passphrase to unlock the secret key for the OpenPGP certificate:%0A'"'$uid'." | ||
42 | else | ||
43 | DESC='Please enter the passphrase to unlock the secret key for the OpenPGP certificate.' | ||
44 | fi | ||
45 | |||
46 | exec samizdat-pinentry \ | ||
47 | --setdesc "$DESC" \ | ||
48 | --ttyname "$(tty)" \ | ||
49 | --socket "${GPG_AGENT_INFO%%:*}" \ | ||
50 | --resocket /root/"${GPG_AGENT_INFO%%:*}" \ | ||
51 | --tell-immediately ' | ||
52 | read secret | ||
53 | for grip in '"$keylist"' -; do | ||
54 | read status || break | ||
55 | printf "< %s\n" "$status" >&2 | ||
56 | [ -z "${status##OK*}" ] || break | ||
57 | [ "$grip" = - ] && break | ||
58 | printf "> PRESET_PASSPHRASE %s -1 %%s\n" "$grip" >&2 | ||
59 | printf "PRESET_PASSPHRASE %s -1 %s\n" "$grip" "$secret" | ||
60 | done | ||
61 | ' \ | ||
62 | --validate ' | ||
63 | exec 7<&0 | ||
64 | gpgoutput=$(gpg2 --batch --no-tty --ignore-valid-from --ignore-time-conflict \ | ||
65 | --passphrase-fd 7 --default-key '"$mainkeygrip"' --clearsign </dev/null >/dev/null) | ||
66 | status=$? | ||
67 | case "$gpgoutput" in | ||
68 | *"Bad passphrase"*) echo "Error: Bad passphrase." ;; | ||
69 | "") [ $status -eq 0 ] || echo "Error: gpg returned $status." ;; | ||
70 | *) printf "gpg returned unexpected error (exit status $status):\n%s\n" "$gpgoutput" ;; | ||
71 | esac | ||
72 | exit $status | ||
73 | ' \ | ||