blob: c51e26869daee55c608d5ebb3b95bb55c159adf1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
#!/bin/sh
gpg_set_ultimate_trust()
{
local keygrip
keygrip=$(gpg2 -K --with-colons --with-fingerprint --with-fingerprint|sed -ne '/^sec/{n;p;q}'|cut -d: -f10)
printf '%s:6:\n' "$keygrip" | gpg2 --import-ownertrust
}
add()
{
kiki merge \
--flow=sync \
--home${2:+="$2"} \
--create=rsa:4096 \
--flow=spill,match="$1" \
--type=pem \
--access=secret \
nil
}
init()
{
local root="$1"
if [ "$root" ]; then
mkdir -m0600 -p "$root"/root/.gnupg
fi
kiki init ${root:+--chroot "$root"}
# add encrypt ${root:+"$root/root/.gnupg"}
# add sign ${root:+"$root/root/.gnupg"}
(
[ "$root" ] && export GNUPGHOME="$root/root/.gnupg/"
gpg_set_ultimate_trust
)
}
sync()
{
local home1="$1"/root/.gnupg home2="$2"/root/.gnupg
kiki sync-public \
--homedir "$home1" \
--passphrase-fd=0 \
--import-if-authentic \
--autosign \
--keyrings "$home2"/pubring.gpg
kiki sync-secret \
--homedir "$home1" \
--autosign --import
}
doublecheck()
{
local o='--ignore-time-conflict'
gpg2 $o --clearsign --homedir "$2"/root/.gnupg </dev/null | gpg2 $o --homedir "$1"/root/.gnupg --verify
gpg2 $o --clearsign --homedir "$1"/root/.gnupg </dev/null | gpg2 $o --homedir "$2"/root/.gnupg --verify
}
silent()
{
case "$-" in
*x*) return ;;
esac
SILENT=y
exec 3>&1 4>&2
exec >/dev/null 2>&1
}
noisy()
{
if [ "$SILENT" ]; then
exec >&3 2>&1
fi
}
new_child()
{
local child_root="$1" parent_root="$2"
init "$child_root"
sync "$child_root" "$parent_root"
sync "$parent_root" "$child_root"
for d in "$parent_root"/root/.gnupg "$child_root"/root/.gnupg
do
gpg2 --import --homedir "$d" < "$d/pubring.gpg"
gpg2 --import --homedir "$d" < "$d/secring.gpg"
gpg2 --check-trustdb --homedir "$d"
done
doublecheck "$child_root" "$parent_root"
}
ls -lL "$(which kiki)"
child_dir=$1
set -e
[ "$(id -u)" = 0 ]
# Hate. So much hate.
# TODO: document the fail
[ -d /run/user/0 ] || mkdir -p /run/user/0
[ "$child_dir" ]
[ ! -d "$child_dir" ]
mkdir "$child_dir"
trap -- 'umount "$child_dir"; rmdir "$child_dir"' EXIT
mount -t tmpfs -o mode=0700 tmpfs "$child_dir"
if [ "$PARENT_ROOT" ]
then
parent_root=$PARENT_ROOT
else
parent_root=
fi
silent
init "$parent_root"
new_child "$child_dir" "$parent_root"
noisy
trap EXIT
# gpg2 -k
# gpg2 -k --homedir "$child_dir"/root/.gnupg
|
