cryptonomic-gpg implemented

author: Andrew Cady <d@jerkface.net> 2021-09-28 18:22:12 -0400
committer: Andrew Cady <d@jerkface.net> 2021-09-28 18:22:12 -0400
commit: 827db94875107b8272dcbb5b551b10d83b725657 (patch)
tree: c2a97ccb7788d34269a9f8530913bb29a3aa7e73 /selfpublish.sh
parent: 9355f2c2070a2ce07de92de742062e7351d3ef8c (diff)
1 files changed, 71 insertions, 21 deletions
diff --git a/selfpublish.sh b/selfpublish.sh
index 7a600ba..2f6caae 100644
--- a/selfpublish.sh
+++ b/selfpublish.sh
@@ -181,6 +181,12 @@ EOF
    control_file_file /usr/lib/cryptonomic/cryptonomic-gpg 755 <<'EOF'
 #!/bin/sh
+die()
+{
+    printf 'Error: %s\n' "$*"
+    exit 1
+}
 process_colons()
 {
    local callback="$*" IFS process_colons_break=
@@ -272,6 +278,61 @@ GPG()
    fi
 }
+ensure_key_exists()
+{
+    # 2. CHECK IF EXISTING SECRET KEY
+    t=$(GPG -K --with-colons)
+    if [ "$t" ]
+    then
+        # 3. CHECK IF EXISTING KEY HAS UID
+        if GPG -K --with-colons | find_secret_key_with_domain "${cryptonomic_hostname#*.}" | grep -q . && ! force
+        then
+            return
+        fi
+        # 4. ADD UID TO EXISTING KEY
+        gpg_default_key=$(GPG -K --with-colons | process_colons match_first_secret_key show_fpr)
+        [ "$gpg_default_key" ]
+        GPG --quick-add-uid "$gpg_default_key" "$uid" || force
+        verbose GPG -K "$gpg_default_key"
+    else
+        # 2.5 GENERATE NEW KEY
+        GPG --batch --passphrase '' --quick-generate-key "$uid"
+        verbose GPG -K "$uid"
+    fi
+}
+make_directories_maybe_become_root()
+{
+    if [ -d "$html_dir" ]
+    then
+        if [ -d "$hu_dir" ]
+        then
+            [ -w "$hu_dir" ] || exec sudo -- "$0" "$@" || die "failed to exec sudo"
+        else
+            [ -w "$html_dir" ] || exec sudo -- "$0" "$@" || die "failed to exec sudo"
+            mkdir -p "$hu_dir"
+        fi
+    else
+        die "Directory not found: '$html_dir' -- you probably need to run selfpublish.sh"
+        # TODO: just run selfpublish here
+    fi
+}
+process_key()
+{
+    local uid="$1" domain="${1#*@}" destdir="$2" tdir
+    while read keyid some_uid
+    do
+        [ "$some_uid" = "$uid" ] || continue
+        tempdir=$(mktemp -d)
+        /usr/lib/gnupg/gpg-wks-client --install-key -C "$tempdir" "$keyid" "$uid" 2>/dev/null
+        mkdir -p "$destdir"
+        mv "$tempdir"/"$domain"/hu/* -t "$destdir"
+        rm -rf "$tempdir"
+    done
+}
 set -e
 # 1. GET CRYPTONOMIC UID
@@ -281,34 +342,23 @@ cryptonomic_hostname=$(cryptonomic hostname)
 if [ "$SUDO_USER" ]
 then
    username=$SUDO_USER
+    export GNUPGHOME=~$username/.gnupg
 else
    username=$(id -un)
 fi
 [ "$username" ]
 uid=${username}@${cryptonomic_hostname}
+html_dir=/srv/${cryptonomic_hostname#*.}/public_html
+hu_dir=$html_dir/.well-known/openpgpkey/hu
-# 2. CHECK IF EXISTING SECRET KEY
+ensure_key_exists
-t=$(GPG -K --with-colons)
-if [ "$t" ]
-then
-    # 3. CHECK IF EXISTING KEY HAS UID
-    if GPG -K --with-colons | find_secret_key_with_domain "${cryptonomic_hostname#*.}" | grep -q . && ! force
-    then
-        exit
-    fi
-    # 4. ADD UID TO EXISTING KEY
+make_directories_maybe_become_root
-    gpg_default_key=$(GPG -K --with-colons | process_colons match_first_secret_key show_fpr)
-    [ "$gpg_default_key" ]
+GPG --list-options show-only-fpr-mbox -k "$uid" 2>&- | process_key "$uid" "$hu_dir"
-    GPG --quick-add-uid "$gpg_default_key" "$uid" || force
-    verbose GPG -K "$gpg_default_key"
+printf 'gpg --locate-keys %s\n' "$uid"
-    exit 0
-else
-    # 2.5 GENERATE NEW KEY
-    GPG --batch --passphrase '' --quick-generate-key "$uid"
-    verbose GPG -K "$uid"
-    exit 0
-fi
 EOF
    control_file_file /usr/bin/cryptonomic 755 <<'EOF'
 #!/bin/dash
author	Andrew Cady <d@jerkface.net>	2021-09-28 18:22:12 -0400
committer	Andrew Cady <d@jerkface.net>	2021-09-28 18:22:12 -0400
commit	827db94875107b8272dcbb5b551b10d83b725657 (patch)
tree	c2a97ccb7788d34269a9f8530913bb29a3aa7e73 /selfpublish.sh
parent	9355f2c2070a2ce07de92de742062e7351d3ef8c (diff)

diff --git a/selfpublish.sh b/selfpublish.sh index 7a600ba..2f6caae 100644 --- a/selfpublish.sh +++ b/selfpublish.sh
@@ -181,6 +181,12 @@ EOF
181	control_file_file /usr/lib/cryptonomic/cryptonomic-gpg 755 <<'EOF'	181	control_file_file /usr/lib/cryptonomic/cryptonomic-gpg 755 <<'EOF'
182	#!/bin/sh	182	#!/bin/sh
183		183
		184	die()
		185	{
		186	printf 'Error: %s\n' "$*"
		187	exit 1
		188	}
		189
184	process_colons()	190	process_colons()
185	{	191	{
186	local callback="$*" IFS process_colons_break=	192	local callback="$*" IFS process_colons_break=
@@ -272,6 +278,61 @@ GPG()
272	fi	278	fi
273	}	279	}
274		280
		281	ensure_key_exists()
		282	{
		283	# 2. CHECK IF EXISTING SECRET KEY
		284	t=$(GPG -K --with-colons)
		285	if [ "$t" ]
		286	then
		287	# 3. CHECK IF EXISTING KEY HAS UID
		288	if GPG -K --with-colons \| find_secret_key_with_domain "${cryptonomic_hostname#*.}" \| grep -q . && ! force
		289	then
		290	return
		291	fi
		292
		293	# 4. ADD UID TO EXISTING KEY
		294	gpg_default_key=$(GPG -K --with-colons \| process_colons match_first_secret_key show_fpr)
		295	[ "$gpg_default_key" ]
		296	GPG --quick-add-uid "$gpg_default_key" "$uid" \|\| force
		297	verbose GPG -K "$gpg_default_key"
		298	else
		299	# 2.5 GENERATE NEW KEY
		300	GPG --batch --passphrase '' --quick-generate-key "$uid"
		301	verbose GPG -K "$uid"
		302	fi
		303	}
		304
		305	make_directories_maybe_become_root()
		306	{
		307	if [ -d "$html_dir" ]
		308	then
		309	if [ -d "$hu_dir" ]
		310	then
		311	[ -w "$hu_dir" ] \|\| exec sudo -- "$0" "$@" \|\| die "failed to exec sudo"
		312	else
		313	[ -w "$html_dir" ] \|\| exec sudo -- "$0" "$@" \|\| die "failed to exec sudo"
		314	mkdir -p "$hu_dir"
		315	fi
		316	else
		317	die "Directory not found: '$html_dir' -- you probably need to run selfpublish.sh"
		318	# TODO: just run selfpublish here
		319	fi
		320	}
		321
		322	process_key()
		323	{
		324	local uid="$1" domain="${1#*@}" destdir="$2" tdir
		325	while read keyid some_uid
		326	do
		327	[ "$some_uid" = "$uid" ] \|\| continue
		328	tempdir=$(mktemp -d)
		329	/usr/lib/gnupg/gpg-wks-client --install-key -C "$tempdir" "$keyid" "$uid" 2>/dev/null
		330	mkdir -p "$destdir"
		331	mv "$tempdir"/"$domain"/hu/* -t "$destdir"
		332	rm -rf "$tempdir"
		333	done
		334	}
		335
275	set -e	336	set -e
276		337
277	# 1. GET CRYPTONOMIC UID	338	# 1. GET CRYPTONOMIC UID
@@ -281,34 +342,23 @@ cryptonomic_hostname=$(cryptonomic hostname)
281	if [ "$SUDO_USER" ]	342	if [ "$SUDO_USER" ]
282	then	343	then
283	username=$SUDO_USER	344	username=$SUDO_USER
		345	export GNUPGHOME=~$username/.gnupg
284	else	346	else
285	username=$(id -un)	347	username=$(id -un)
286	fi	348	fi
287	[ "$username" ]	349	[ "$username" ]
		350
288	uid=${username}@${cryptonomic_hostname}	351	uid=${username}@${cryptonomic_hostname}
		352	html_dir=/srv/${cryptonomic_hostname#*.}/public_html
		353	hu_dir=$html_dir/.well-known/openpgpkey/hu
289		354
290	# 2. CHECK IF EXISTING SECRET KEY	355	ensure_key_exists
291	t=$(GPG -K --with-colons)
292	if [ "$t" ]
293	then
294	# 3. CHECK IF EXISTING KEY HAS UID
295	if GPG -K --with-colons \| find_secret_key_with_domain "${cryptonomic_hostname#*.}" \| grep -q . && ! force
296	then
297	exit
298	fi
299		356
300	# 4. ADD UID TO EXISTING KEY	357	make_directories_maybe_become_root
301	gpg_default_key=$(GPG -K --with-colons \| process_colons match_first_secret_key show_fpr)	358
302	[ "$gpg_default_key" ]	359	GPG --list-options show-only-fpr-mbox -k "$uid" 2>&- \| process_key "$uid" "$hu_dir"
303	GPG --quick-add-uid "$gpg_default_key" "$uid" \|\| force	360
304	verbose GPG -K "$gpg_default_key"	361	printf 'gpg --locate-keys %s\n' "$uid"
305	exit 0
306	else
307	# 2.5 GENERATE NEW KEY
308	GPG --batch --passphrase '' --quick-generate-key "$uid"
309	verbose GPG -K "$uid"
310	exit 0
311	fi
312	EOF	362	EOF
313	control_file_file /usr/bin/cryptonomic 755 <<'EOF'	363	control_file_file /usr/bin/cryptonomic 755 <<'EOF'
314	#!/bin/dash	364	#!/bin/dash