Fix creation of backup key

src/freedombone-adduser

@@ -157,6 +157,7 @@ if [ ! -f $MY_GPG_PUBLIC_KEY ]; then
     userdel -r $ADD_USERNAME
     exit 7
 fi
+gpg_allow_tty $ADD_USERNAME
 
 # add a monkeysphere subkey
 #echo $'Adding monkeysphere subkey'

src/freedombone-base-email

@@ -1646,36 +1646,14 @@ function configure_gpg {
         fi
         MY_GPG_PUBLIC_KEY=/tmp/public_key.gpg
         su -m root -c "gpg --homedir /home/$MY_USERNAME/.gnupg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME
-
-        if grep -q "install_email" $COMPLETION_FILE; then
-            if ! grep -q $"Change your GPG password" /home/$MY_USERNAME/README; then
-                echo '' >> /home/$MY_USERNAME/README
-                echo '' >> /home/$MY_USERNAME/README
-                echo $'# Change your GPG password' >> /home/$MY_USERNAME/README
-                echo $"It's very important to add a password to your GPG key so that" >> /home/$MY_USERNAME/README
-                echo $"if anyone does get access to your email they still won't be able" >> /home/$MY_USERNAME/README
-                echo $'to read them without knowning the GPG password.' >> /home/$MY_USERNAME/README
-                echo $'You can change the it with:' >> /home/$MY_USERNAME/README
-                echo '' >> /home/$MY_USERNAME/README
-                echo "  gpg --edit-key $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README
-                echo '  passwd' >> /home/$MY_USERNAME/README
-                echo '  save' >> /home/$MY_USERNAME/README
-                echo '  quit' >> /home/$MY_USERNAME/README
-            fi
-            if ! grep -q $"Publish your GPG public key" /home/$MY_USERNAME/README; then
-                echo '' >> /home/$MY_USERNAME/README
-                echo '' >> /home/$MY_USERNAME/README
-                echo $'# Publish your GPG public key' >> /home/$MY_USERNAME/README
-                echo $'So that others can send emails to you securely you should' >> /home/$MY_USERNAME/README
-                echo $'publish your GPG public key with the command:' >> /home/$MY_USERNAME/README
-                echo '' >> /home/$MY_USERNAME/README
-                echo "  gpg --send-keys $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README
-            fi
-            chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
-            chmod 600 /home/$MY_USERNAME/README
-        fi
     fi
 
+    if [ ! -d /root/.gnupg ]; then
+        cp -r /home/$MY_USERNAME/.gnupg /root/
+    fi
+    gpg_allow_tty root
+    gpg_allow_tty $MY_USERNAME
+
     mark_completed $FUNCNAME
 }
 

src/freedombone-utils-backup

@@ -51,22 +51,6 @@ function restart_site {
     SUSPENDED_SITE=
 }
 
-function backup_create_password {
-    BACKUP_PASSWORD_FILE=$(mktemp /tmp/fileXXXXX)
-    # Note: this doesn't need to be secure, it's just a way of
-    # getting around the forced interactivity of the gpg agent
-    echo -n "$BACKUP_DUMMY_PASSWORD" > $BACKUP_PASSWORD_FILE
-}
-
-function backup_remove_password {
-    if [ ! $BACKUP_PASSWORD_FILE ]; then
-        return
-    fi
-    if [ -f $BACKUP_PASSWORD_FILE ]; then
-        shred -zu $BACKUP_PASSWORD_FILE
-    fi
-}
-
 function configure_backup_key {
     if [[ $(is_completed $FUNCNAME) == "1" ]]; then
         return
@@ -104,20 +88,17 @@ function configure_backup_key {
         fi
     fi
 
-    backup_create_password
-
     MY_BACKUP_KEY_ID=$(su -c "gpg --list-keys \"$MY_NAME (backup key)\"" - $MY_USERNAME | sed -n '2p' | sed 's/^[ \t]*//')
     echo "Backup key: $MY_BACKUP_KEY_ID"
     MY_BACKUP_KEY=/home/$MY_USERNAME/backup_key
     su -m root -c "gpg --homedir /home/$MY_USERNAME/.gnupg --output ${MY_BACKUP_KEY}_public.asc --armor --export $MY_BACKUP_KEY_ID" - $MY_USERNAME
-    su -m root -c "gpg --homedir /home/$MY_USERNAME/.gnupg --output ${MY_BACKUP_KEY}_private.asc --armor --passphrase-fd $BACKUP_PASSWORD_FILE --export-secret-key $MY_BACKUP_KEY_ID" - $MY_USERNAME
+    su -m root -c "echo '$BACKUP_DUMMY_PASSWORD' | gpg --homedir /home/$MY_USERNAME/.gnupg --output ${MY_BACKUP_KEY}_private.asc --armor --batch --passphrase-fd 0 --export-secret-key $MY_BACKUP_KEY_ID" - $MY_USERNAME
+
     if [ ! -f ${MY_BACKUP_KEY}_public.asc ]; then
-        backup_remove_password
         echo 'Public backup key could not be exported'
         exit 36829
     fi
     if [ ! -f ${MY_BACKUP_KEY}_private.asc ]; then
-        backup_remove_password
         echo 'Private backup key could not be exported'
         exit 29235
     fi
@@ -128,7 +109,6 @@ function configure_backup_key {
 
     shred -zu ${MY_BACKUP_KEY}_public.asc
     shred -zu ${MY_BACKUP_KEY}_private.asc
-    backup_remove_password
 
     mark_completed $FUNCNAME
 }

src/freedombone-utils-gpg

@@ -28,6 +28,25 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+function gpg_allow_tty {
+    gpg_username=$1
+
+    if [[ $gpg_username == 'root' ]]; then
+        if ! grep -q 'GPG_TTY' /root/.bashrc; then
+            echo '' >> /root/.bashrc
+            echo 'GPG_TTY=$(tty)' >> /root/.bashrc
+            echo 'export GPG_TTY' >> /root/.bashrc
+        fi
+    else
+        if ! grep -q 'GPG_TTY' /home/$gpg_username/.bashrc; then
+            echo '' >> /home/$gpg_username/.bashrc
+            echo 'GPG_TTY=$(tty)' >> /home/$gpg_username/.bashrc
+            echo 'export GPG_TTY' >> /home/$gpg_username/.bashrc
+            chown $gpg_username:$gpg_username /home/$gpg_username/.bashrc
+        fi
+    fi
+}
+
 function gpg_pubkey_from_email {
     key_owner_username=$1
     key_email_address=$2