blob: 005a5a458003c22303908c98d0ad790f55407f29 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
#!/bin/sh
gpg_set_ultimate_trust()
{
local keygrip
keygrip=$(gpg -K --with-colons|sed -ne '/^sec:/{p;q}'|cut -d: -f5)
expect - -- "$keygrip" <<'END'
set keygrip "[lindex $argv 0]"
spawn gpg --edit-key "$keygrip" trust
expect "Your decision?"
send -- "5\n"
expect "Do you really want to set this key to ultimate trust?"
send -- "y\n"
expect "gpg>"
send -- "save\n"
send_tty "\r"
END
}
add()
{
kiki merge \
--flow=sync \
--home${2:+="$2"} \
--create=rsa:4096 \
--flow=spill,match="$1" \
--type=pem \
--access=secret \
nil
}
silent() { "$@" >/dev/null 2>&1; }
init()
{
local root="$1"
if [ "$root" ]; then
mkdir -m0600 -p "$root"/root/.gnupg
fi
kiki init ${root:+--chroot "$root"}
add encrypt ${root:+"$root/root/.gnupg"}
add sign ${root:+"$root/root/.gnupg"}
(
[ "$root" ] && export GNUPGHOME="$root/root/.gnupg/"
gpg_set_ultimate_trust
)
}
sync()
{
local home1="$1"/root/.gnupg home2="$2"/root/.gnupg
kiki sync-public \
--homedir "$home1" \
--passphrase-fd=0 \
--import-if-authentic \
--autosign \
--keyrings "$home2"/pubring.gpg
kiki sync-secret \
--homedir "$home1" \
--autosign --import
}
doublecheck()
{
gpg2 --clearsign </dev/null | gpg2 --homedir "$1"/root/.gnupg --verify
gpg2 --clearsign --homedir "$1"/root/.gnupg </dev/null | gpg2 --verify
}
silent()
{
exec 3>&1 4>&2
exec >/dev/null 2>&1
}
noisy()
{
exec >&3 2>&1
}
set -e
silent
init
init child
sync child ''
sync '' child
gpg2 --check-trustdb
gpg2 --check-trustdb --homedir child/root/.gnupg
doublecheck child
noisy
gpg2 -k
gpg2 -k --homedir child/root/.gnupg
|