gpg stuff

This commit is contained in:
Bob Mottram 2017-06-03 13:57:24 +01:00
parent f495828a2d
commit 75b0eb4291
5 changed files with 37 additions and 6 deletions

View File

@ -157,7 +157,7 @@ if [ ! -f $MY_GPG_PUBLIC_KEY ]; then
userdel -r $ADD_USERNAME
exit 7
fi
gpg_allow_tty $ADD_USERNAME
gpg_agent_setup $ADD_USERNAME
# add a monkeysphere subkey
#echo $'Adding monkeysphere subkey'

View File

@ -1651,8 +1651,8 @@ function configure_gpg {
if [ ! -d /root/.gnupg ]; then
cp -r /home/$MY_USERNAME/.gnupg /root/
fi
gpg_allow_tty root
gpg_allow_tty $MY_USERNAME
gpg_agent_setup root
gpg_agent_setup $MY_USERNAME
mark_completed $FUNCNAME
}

View File

@ -39,6 +39,9 @@ PROJECT_NAME='freedombone'
export TEXTDOMAIN=${PROJECT_NAME}-splitkey
export TEXTDOMAINDIR="/usr/share/locale"
# Dummy password to get around not being able to create a key without passphrase
BACKUP_DUMMY_PASSWORD='backup'
KEY_FRAGMENTS=3
MY_USERNAME=
MY_EMAIL_ADDRESS=
@ -137,7 +140,9 @@ if [ ! "$?" = "0" ]; then
echo $"Unable to extract backup public key for $MY_BACKUP_KEY_ID"
exit 62928
fi
echo '$BACKUP_DUMMY_PASSWORD' | \
gpg --output $FRAGMENTS_DIR/backup_privkey.txt \
--batch --passphrase-fd 0 \
--armor --export-secret-key $MY_BACKUP_KEY_ID
if [ ! "$?" = "0" ]; then
echo $"Unable to extract backup private key for $MY_BACKUP_KEY_ID"

View File

@ -105,7 +105,7 @@ function configure_backup_key {
# import backup key to root user
gpg --import --import ${MY_BACKUP_KEY}_public.asc
gpg --allow-secret-key-import --import ${MY_BACKUP_KEY}_private.asc
echo '$BACKUP_DUMMY_PASSWORD' | gpg --batch --passphrase-fd 0 --allow-secret-key-import --import ${MY_BACKUP_KEY}_private.asc
shred -zu ${MY_BACKUP_KEY}_public.asc
shred -zu ${MY_BACKUP_KEY}_private.asc

View File

@ -28,7 +28,7 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
function gpg_allow_tty {
function gpg_agent_setup {
gpg_username=$1
if [[ $gpg_username == 'root' ]]; then
@ -37,6 +37,19 @@ function gpg_allow_tty {
echo 'GPG_TTY=$(tty)' >> /root/.bashrc
echo 'export GPG_TTY' >> /root/.bashrc
fi
if ! grep -q 'use-agent' /root/.gnupg/gpg.conf; then
echo 'use-agent' >> /root/.gnupg/gpg.conf
fi
if ! grep -q 'pinentry-mode loopback' /root/.gnupg/gpg.conf; then
echo 'pinentry-mode loopback' >> /root/.gnupg/gpg.conf
fi
if [ ! -f /root/.gnupg/gpg-agent.conf ]; then
touch /root/.gnupg/gpg-agent.conf
fi
if ! grep -q 'allow-loopback-pinentry' /root/.gnupg/gpg-agent.conf; then
echo 'allow-loopback-pinentry' >> /root/.gnupg/gpg-agent.conf
fi
echo RELOADAGENT | gpg-connect-agent
else
if ! grep -q 'GPG_TTY' /home/$gpg_username/.bashrc; then
echo '' >> /home/$gpg_username/.bashrc
@ -44,6 +57,19 @@ function gpg_allow_tty {
echo 'export GPG_TTY' >> /home/$gpg_username/.bashrc
chown $gpg_username:$gpg_username /home/$gpg_username/.bashrc
fi
if ! grep -q 'use-agent' /home/$gpg_username/.gnupg/gpg.conf; then
echo 'use-agent' >> /home/$gpg_username/.gnupg/gpg.conf
fi
if ! grep -q 'pinentry-mode loopback' /home/$gpg_username/.gnupg/gpg.conf; then
echo 'pinentry-mode loopback' >> /home/$gpg_username/.gnupg/gpg.conf
fi
if [ ! -f /home/$gpg_username/.gnupg/gpg-agent.conf ]; then
touch /home/$gpg_username/.gnupg/gpg-agent.conf
fi
if ! grep -q 'allow-loopback-pinentry' /home/$gpg_username/.gnupg/gpg-agent.conf; then
echo 'allow-loopback-pinentry' >> /home/$gpg_username/.gnupg/gpg-agent.conf
fi
su -c "echo RELOADAGENT | gpg-connect-agent" - $gpg_username
fi
}