gpg stuff

src/freedombone-adduser

@@ -157,7 +157,7 @@ if [ ! -f $MY_GPG_PUBLIC_KEY ]; then
     userdel -r $ADD_USERNAME
     exit 7
 fi
-gpg_allow_tty $ADD_USERNAME
+gpg_agent_setup $ADD_USERNAME
 
 # add a monkeysphere subkey
 #echo $'Adding monkeysphere subkey'

src/freedombone-base-email

@@ -1651,8 +1651,8 @@ function configure_gpg {
     if [ ! -d /root/.gnupg ]; then
         cp -r /home/$MY_USERNAME/.gnupg /root/
     fi
-    gpg_allow_tty root
+    gpg_agent_setup root
-    gpg_allow_tty $MY_USERNAME
+    gpg_agent_setup $MY_USERNAME
 
     mark_completed $FUNCNAME
 }

src/freedombone-splitkey

@@ -39,6 +39,9 @@ PROJECT_NAME='freedombone'
 export TEXTDOMAIN=${PROJECT_NAME}-splitkey
 export TEXTDOMAINDIR="/usr/share/locale"
 
+# Dummy password to get around not being able to create a key without passphrase
+BACKUP_DUMMY_PASSWORD='backup'
+
 KEY_FRAGMENTS=3
 MY_USERNAME=
 MY_EMAIL_ADDRESS=
@@ -137,7 +140,9 @@ if [ ! "$?" = "0" ]; then
     echo $"Unable to extract backup public key for $MY_BACKUP_KEY_ID"
     exit 62928
 fi
-gpg --output $FRAGMENTS_DIR/backup_privkey.txt \
+echo '$BACKUP_DUMMY_PASSWORD' | \
+    gpg --output $FRAGMENTS_DIR/backup_privkey.txt \
+    --batch --passphrase-fd 0 \
     --armor --export-secret-key $MY_BACKUP_KEY_ID
 if [ ! "$?" = "0" ]; then
     echo $"Unable to extract backup private key for $MY_BACKUP_KEY_ID"

src/freedombone-utils-backup

@@ -105,7 +105,7 @@ function configure_backup_key {
 
     # import backup key to root user
     gpg --import --import ${MY_BACKUP_KEY}_public.asc
-    gpg --allow-secret-key-import --import ${MY_BACKUP_KEY}_private.asc
+    echo '$BACKUP_DUMMY_PASSWORD' | gpg --batch --passphrase-fd 0 --allow-secret-key-import --import ${MY_BACKUP_KEY}_private.asc
 
     shred -zu ${MY_BACKUP_KEY}_public.asc
     shred -zu ${MY_BACKUP_KEY}_private.asc

src/freedombone-utils-gpg

@@ -28,7 +28,7 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-function gpg_allow_tty {
+function gpg_agent_setup {
     gpg_username=$1
 
     if [[ $gpg_username == 'root' ]]; then
@@ -37,6 +37,19 @@ function gpg_allow_tty {
             echo 'GPG_TTY=$(tty)' >> /root/.bashrc
             echo 'export GPG_TTY' >> /root/.bashrc
         fi
+        if ! grep -q 'use-agent' /root/.gnupg/gpg.conf; then
+            echo 'use-agent' >> /root/.gnupg/gpg.conf
+        fi
+        if ! grep -q 'pinentry-mode loopback' /root/.gnupg/gpg.conf; then
+            echo 'pinentry-mode loopback' >> /root/.gnupg/gpg.conf
+        fi
+        if [ ! -f /root/.gnupg/gpg-agent.conf ]; then
+            touch /root/.gnupg/gpg-agent.conf
+        fi
+        if ! grep -q 'allow-loopback-pinentry' /root/.gnupg/gpg-agent.conf; then
+            echo 'allow-loopback-pinentry' >> /root/.gnupg/gpg-agent.conf
+        fi
+        echo RELOADAGENT | gpg-connect-agent
     else
         if ! grep -q 'GPG_TTY' /home/$gpg_username/.bashrc; then
             echo '' >> /home/$gpg_username/.bashrc
@@ -44,6 +57,19 @@ function gpg_allow_tty {
             echo 'export GPG_TTY' >> /home/$gpg_username/.bashrc
             chown $gpg_username:$gpg_username /home/$gpg_username/.bashrc
         fi
+        if ! grep -q 'use-agent' /home/$gpg_username/.gnupg/gpg.conf; then
+            echo 'use-agent' >> /home/$gpg_username/.gnupg/gpg.conf
+        fi
+        if ! grep -q 'pinentry-mode loopback' /home/$gpg_username/.gnupg/gpg.conf; then
+            echo 'pinentry-mode loopback' >> /home/$gpg_username/.gnupg/gpg.conf
+        fi
+        if [ ! -f /home/$gpg_username/.gnupg/gpg-agent.conf ]; then
+            touch /home/$gpg_username/.gnupg/gpg-agent.conf
+        fi
+        if ! grep -q 'allow-loopback-pinentry' /home/$gpg_username/.gnupg/gpg-agent.conf; then
+            echo 'allow-loopback-pinentry' >> /home/$gpg_username/.gnupg/gpg-agent.conf
+        fi
+        su -c "echo RELOADAGENT | gpg-connect-agent" - $gpg_username
     fi
 }