From 75b0eb429106000970bb073ba2eee11d8fab3801 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 3 Jun 2017 13:57:24 +0100
Subject: [PATCH] gpg stuff

---
 src/freedombone-adduser      |  2 +-
 src/freedombone-base-email   |  4 ++--
 src/freedombone-splitkey     |  7 ++++++-
 src/freedombone-utils-backup |  2 +-
 src/freedombone-utils-gpg    | 28 +++++++++++++++++++++++++++-
 5 files changed, 37 insertions(+), 6 deletions(-)

diff --git a/src/freedombone-adduser b/src/freedombone-adduser
index 009ff208..1af53292 100755
--- a/src/freedombone-adduser
+++ b/src/freedombone-adduser
@@ -157,7 +157,7 @@ if [ ! -f $MY_GPG_PUBLIC_KEY ]; then
     userdel -r $ADD_USERNAME
     exit 7
 fi
-gpg_allow_tty $ADD_USERNAME
+gpg_agent_setup $ADD_USERNAME
 
 # add a monkeysphere subkey
 #echo $'Adding monkeysphere subkey'
diff --git a/src/freedombone-base-email b/src/freedombone-base-email
index a5a3cdc1..99cf3f47 100755
--- a/src/freedombone-base-email
+++ b/src/freedombone-base-email
@@ -1651,8 +1651,8 @@ function configure_gpg {
     if [ ! -d /root/.gnupg ]; then
         cp -r /home/$MY_USERNAME/.gnupg /root/
     fi
-    gpg_allow_tty root
-    gpg_allow_tty $MY_USERNAME
+    gpg_agent_setup root
+    gpg_agent_setup $MY_USERNAME
 
     mark_completed $FUNCNAME
 }
diff --git a/src/freedombone-splitkey b/src/freedombone-splitkey
index df8f2fce..9e58c2e0 100755
--- a/src/freedombone-splitkey
+++ b/src/freedombone-splitkey
@@ -39,6 +39,9 @@ PROJECT_NAME='freedombone'
 export TEXTDOMAIN=${PROJECT_NAME}-splitkey
 export TEXTDOMAINDIR="/usr/share/locale"
 
+# Dummy password to get around not being able to create a key without passphrase
+BACKUP_DUMMY_PASSWORD='backup'
+
 KEY_FRAGMENTS=3
 MY_USERNAME=
 MY_EMAIL_ADDRESS=
@@ -137,7 +140,9 @@ if [ ! "$?" = "0" ]; then
     echo $"Unable to extract backup public key for $MY_BACKUP_KEY_ID"
     exit 62928
 fi
-gpg --output $FRAGMENTS_DIR/backup_privkey.txt \
+echo '$BACKUP_DUMMY_PASSWORD' | \
+    gpg --output $FRAGMENTS_DIR/backup_privkey.txt \
+    --batch --passphrase-fd 0 \
     --armor --export-secret-key $MY_BACKUP_KEY_ID
 if [ ! "$?" = "0" ]; then
     echo $"Unable to extract backup private key for $MY_BACKUP_KEY_ID"
diff --git a/src/freedombone-utils-backup b/src/freedombone-utils-backup
index 9fffcbfe..c15814b4 100755
--- a/src/freedombone-utils-backup
+++ b/src/freedombone-utils-backup
@@ -105,7 +105,7 @@ function configure_backup_key {
 
     # import backup key to root user
     gpg --import --import ${MY_BACKUP_KEY}_public.asc
-    gpg --allow-secret-key-import --import ${MY_BACKUP_KEY}_private.asc
+    echo '$BACKUP_DUMMY_PASSWORD' | gpg --batch --passphrase-fd 0 --allow-secret-key-import --import ${MY_BACKUP_KEY}_private.asc
 
     shred -zu ${MY_BACKUP_KEY}_public.asc
     shred -zu ${MY_BACKUP_KEY}_private.asc
diff --git a/src/freedombone-utils-gpg b/src/freedombone-utils-gpg
index 722c4568..ec9f3847 100755
--- a/src/freedombone-utils-gpg
+++ b/src/freedombone-utils-gpg
@@ -28,7 +28,7 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-function gpg_allow_tty {
+function gpg_agent_setup {
     gpg_username=$1
 
     if [[ $gpg_username == 'root' ]]; then
@@ -37,6 +37,19 @@ function gpg_allow_tty {
             echo 'GPG_TTY=$(tty)' >> /root/.bashrc
             echo 'export GPG_TTY' >> /root/.bashrc
         fi
+        if ! grep -q 'use-agent' /root/.gnupg/gpg.conf; then
+            echo 'use-agent' >> /root/.gnupg/gpg.conf
+        fi
+        if ! grep -q 'pinentry-mode loopback' /root/.gnupg/gpg.conf; then
+            echo 'pinentry-mode loopback' >> /root/.gnupg/gpg.conf
+        fi
+        if [ ! -f /root/.gnupg/gpg-agent.conf ]; then
+            touch /root/.gnupg/gpg-agent.conf
+        fi
+        if ! grep -q 'allow-loopback-pinentry' /root/.gnupg/gpg-agent.conf; then
+            echo 'allow-loopback-pinentry' >> /root/.gnupg/gpg-agent.conf
+        fi
+        echo RELOADAGENT | gpg-connect-agent
     else
         if ! grep -q 'GPG_TTY' /home/$gpg_username/.bashrc; then
             echo '' >> /home/$gpg_username/.bashrc
@@ -44,6 +57,19 @@ function gpg_allow_tty {
             echo 'export GPG_TTY' >> /home/$gpg_username/.bashrc
             chown $gpg_username:$gpg_username /home/$gpg_username/.bashrc
         fi
+        if ! grep -q 'use-agent' /home/$gpg_username/.gnupg/gpg.conf; then
+            echo 'use-agent' >> /home/$gpg_username/.gnupg/gpg.conf
+        fi
+        if ! grep -q 'pinentry-mode loopback' /home/$gpg_username/.gnupg/gpg.conf; then
+            echo 'pinentry-mode loopback' >> /home/$gpg_username/.gnupg/gpg.conf
+        fi
+        if [ ! -f /home/$gpg_username/.gnupg/gpg-agent.conf ]; then
+            touch /home/$gpg_username/.gnupg/gpg-agent.conf
+        fi
+        if ! grep -q 'allow-loopback-pinentry' /home/$gpg_username/.gnupg/gpg-agent.conf; then
+            echo 'allow-loopback-pinentry' >> /home/$gpg_username/.gnupg/gpg-agent.conf
+        fi
+        su -c "echo RELOADAGENT | gpg-connect-agent" - $gpg_username
     fi
 }