#!/bin/sh gpg_set_ultimate_trust() { local keygrip keygrip=$(gpg -K --with-colons|sed -ne '/^sec:/{p;q}'|cut -d: -f5) || return expect - -- "$keygrip" <<'END' set keygrip "[lindex $argv 0]" spawn gpg --edit-key "$keygrip" trust expect "Your decision?" send -- "5\n" expect "Do you really want to set this key to ultimate trust?" send -- "y\n" expect "gpg>" send -- "save\n" send_tty "\r" END } add() { kiki merge \ --flow=sync \ --home${2:+="$2"} \ --create=rsa:4096 \ --flow=spill,match="$1" \ --type=pem \ --access=secret \ nil } init() { local root="$1" if [ "$root" ]; then mkdir -m0600 -p "$root"/root/.gnupg fi kiki init ${root:+--chroot "$root"} add encrypt ${root:+"$root/root/.gnupg"} add sign ${root:+"$root/root/.gnupg"} ( [ "$root" ] && export GNUPGHOME="$root/root/.gnupg/" gpg_set_ultimate_trust ) } sync() { local home1="$1"/root/.gnupg home2="$2"/root/.gnupg kiki sync-public \ --homedir "$home1" \ --passphrase-fd=0 \ --import-if-authentic \ --autosign \ --keyrings "$home2"/pubring.gpg kiki sync-secret \ --homedir "$home1" \ --autosign --import } doublecheck() { gpg2 --clearsign &1 4>&2 exec >/dev/null 2>&1 } noisy() { exec >&3 2>&1 } new_child() { local root="$1" init "$root" sync "$root" '' sync '' "$root" gpg2 --check-trustdb gpg2 --check-trustdb --homedir "$root"/root/.gnupg doublecheck "$root" } child_dir=$1 set -e [ "$(id -u)" = 0 ] [ "$child_dir" ] [ ! -d "$child_dir" ] which expect >/dev/null mkdir "$child_dir" trap -- 'umount "$child_dir"; rmdir "$child_dir"' EXIT mount -t tmpfs -o mode=0700 tmpfs "$child_dir" silent init new_child "$child_dir" noisy trap EXIT # gpg2 -k # gpg2 -k --homedir "$child_dir"/root/.gnupg