From 153d299a41b9be4e15dab1ca29bb93a74bd2445d Mon Sep 17 00:00:00 2001
From: Andrew Cady <d@jerkface.net>
Date: Fri, 29 Apr 2016 14:36:26 -0400
Subject: fix paths (in progress)

---
 src/keygen.sh | 122 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 122 insertions(+)
 create mode 100755 src/keygen.sh

(limited to 'src/keygen.sh')

diff --git a/src/keygen.sh b/src/keygen.sh
new file mode 100755
index 0000000..716359b
--- /dev/null
+++ b/src/keygen.sh
@@ -0,0 +1,122 @@
+#!/bin/sh
+
+gpg_set_ultimate_trust()
+{
+    local keygrip
+    keygrip=$(gpg -K --with-colons|sed -ne '/^sec:/{p;q}'|cut -d: -f5) || return
+
+    expect - -- "$keygrip" <<'END'
+
+        set keygrip "[lindex $argv 0]"
+
+        spawn gpg --edit-key "$keygrip" trust
+
+        expect "Your decision?"
+        send -- "5\n"
+        expect "Do you really want to set this key to ultimate trust?"
+        send -- "y\n"
+        expect "gpg>"
+        send -- "save\n"
+        send_tty "\r"
+
+END
+}
+
+add()
+{
+    kiki merge \
+        --flow=sync \
+        --home${2:+="$2"} \
+        --create=rsa:4096 \
+        --flow=spill,match="$1" \
+        --type=pem \
+        --access=secret \
+        nil
+}
+
+init()
+{
+    local root="$1"
+
+    if [ "$root" ]; then
+        mkdir -m0600 -p "$root"/root/.gnupg
+    fi
+
+    kiki init   ${root:+--chroot "$root"}
+    add encrypt ${root:+"$root/root/.gnupg"}
+    add sign    ${root:+"$root/root/.gnupg"}
+
+    (
+        [ "$root" ] && export GNUPGHOME="$root/root/.gnupg/"
+        gpg_set_ultimate_trust
+    )
+}
+
+sync()
+{
+    local home1="$1"/root/.gnupg home2="$2"/root/.gnupg
+    kiki sync-public \
+        --homedir "$home1" \
+        --passphrase-fd=0 \
+        --import-if-authentic \
+        --autosign \
+        --keyrings "$home2"/pubring.gpg
+    kiki sync-secret \
+        --homedir "$home1" \
+        --autosign --import
+}
+
+doublecheck()
+{
+    gpg2 --clearsign </dev/null | gpg2 --homedir "$1"/root/.gnupg --verify
+    gpg2 --clearsign --homedir "$1"/root/.gnupg </dev/null | gpg2 --verify
+}
+
+silent()
+{
+    exec 3>&1 4>&2
+    exec >/dev/null 2>&1
+}
+
+noisy()
+{
+    exec >&3 2>&1
+}
+
+new_child()
+{
+    local root="$1"
+    init "$root"
+
+    sync "$root" ''
+    sync '' "$root"
+
+    gpg2 --check-trustdb
+    gpg2 --check-trustdb --homedir "$root"/root/.gnupg
+
+    doublecheck "$root"
+}
+
+
+child_dir=$1
+
+set -e
+
+[ "$(id -u)" = 0 ]
+[ "$child_dir" ]
+[ ! -d "$child_dir" ]
+which expect >/dev/null
+
+mkdir "$child_dir"
+trap -- 'umount "$child_dir"; rmdir "$child_dir"' EXIT
+mount -t tmpfs -o mode=0700 tmpfs "$child_dir"
+
+silent
+init
+new_child "$child_dir"
+noisy
+
+trap EXIT
+
+# gpg2 -k
+# gpg2 -k --homedir "$child_dir"/root/.gnupg
-- 
cgit v1.2.3