diff --git a/src/freedombone-adduser b/src/freedombone-adduser index d24abbbe..009ff208 100755 --- a/src/freedombone-adduser +++ b/src/freedombone-adduser @@ -157,6 +157,7 @@ if [ ! -f $MY_GPG_PUBLIC_KEY ]; then userdel -r $ADD_USERNAME exit 7 fi +gpg_allow_tty $ADD_USERNAME # add a monkeysphere subkey #echo $'Adding monkeysphere subkey' diff --git a/src/freedombone-base-email b/src/freedombone-base-email index 11d5d3bb..a5a3cdc1 100755 --- a/src/freedombone-base-email +++ b/src/freedombone-base-email @@ -1646,36 +1646,14 @@ function configure_gpg { fi MY_GPG_PUBLIC_KEY=/tmp/public_key.gpg su -m root -c "gpg --homedir /home/$MY_USERNAME/.gnupg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME - - if grep -q "install_email" $COMPLETION_FILE; then - if ! grep -q $"Change your GPG password" /home/$MY_USERNAME/README; then - echo '' >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo $'# Change your GPG password' >> /home/$MY_USERNAME/README - echo $"It's very important to add a password to your GPG key so that" >> /home/$MY_USERNAME/README - echo $"if anyone does get access to your email they still won't be able" >> /home/$MY_USERNAME/README - echo $'to read them without knowning the GPG password.' >> /home/$MY_USERNAME/README - echo $'You can change the it with:' >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo " gpg --edit-key $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README - echo ' passwd' >> /home/$MY_USERNAME/README - echo ' save' >> /home/$MY_USERNAME/README - echo ' quit' >> /home/$MY_USERNAME/README - fi - if ! grep -q $"Publish your GPG public key" /home/$MY_USERNAME/README; then - echo '' >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo $'# Publish your GPG public key' >> /home/$MY_USERNAME/README - echo $'So that others can send emails to you securely you should' >> /home/$MY_USERNAME/README - echo $'publish your GPG public key with the command:' >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo " gpg --send-keys $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README - fi - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README - chmod 600 /home/$MY_USERNAME/README - fi fi + if [ ! -d /root/.gnupg ]; then + cp -r /home/$MY_USERNAME/.gnupg /root/ + fi + gpg_allow_tty root + gpg_allow_tty $MY_USERNAME + mark_completed $FUNCNAME } diff --git a/src/freedombone-utils-backup b/src/freedombone-utils-backup index f178be04..9fffcbfe 100755 --- a/src/freedombone-utils-backup +++ b/src/freedombone-utils-backup @@ -51,22 +51,6 @@ function restart_site { SUSPENDED_SITE= } -function backup_create_password { - BACKUP_PASSWORD_FILE=$(mktemp /tmp/fileXXXXX) - # Note: this doesn't need to be secure, it's just a way of - # getting around the forced interactivity of the gpg agent - echo -n "$BACKUP_DUMMY_PASSWORD" > $BACKUP_PASSWORD_FILE -} - -function backup_remove_password { - if [ ! $BACKUP_PASSWORD_FILE ]; then - return - fi - if [ -f $BACKUP_PASSWORD_FILE ]; then - shred -zu $BACKUP_PASSWORD_FILE - fi -} - function configure_backup_key { if [[ $(is_completed $FUNCNAME) == "1" ]]; then return @@ -104,20 +88,17 @@ function configure_backup_key { fi fi - backup_create_password - MY_BACKUP_KEY_ID=$(su -c "gpg --list-keys \"$MY_NAME (backup key)\"" - $MY_USERNAME | sed -n '2p' | sed 's/^[ \t]*//') echo "Backup key: $MY_BACKUP_KEY_ID" MY_BACKUP_KEY=/home/$MY_USERNAME/backup_key su -m root -c "gpg --homedir /home/$MY_USERNAME/.gnupg --output ${MY_BACKUP_KEY}_public.asc --armor --export $MY_BACKUP_KEY_ID" - $MY_USERNAME - su -m root -c "gpg --homedir /home/$MY_USERNAME/.gnupg --output ${MY_BACKUP_KEY}_private.asc --armor --passphrase-fd $BACKUP_PASSWORD_FILE --export-secret-key $MY_BACKUP_KEY_ID" - $MY_USERNAME + su -m root -c "echo '$BACKUP_DUMMY_PASSWORD' | gpg --homedir /home/$MY_USERNAME/.gnupg --output ${MY_BACKUP_KEY}_private.asc --armor --batch --passphrase-fd 0 --export-secret-key $MY_BACKUP_KEY_ID" - $MY_USERNAME + if [ ! -f ${MY_BACKUP_KEY}_public.asc ]; then - backup_remove_password echo 'Public backup key could not be exported' exit 36829 fi if [ ! -f ${MY_BACKUP_KEY}_private.asc ]; then - backup_remove_password echo 'Private backup key could not be exported' exit 29235 fi @@ -128,7 +109,6 @@ function configure_backup_key { shred -zu ${MY_BACKUP_KEY}_public.asc shred -zu ${MY_BACKUP_KEY}_private.asc - backup_remove_password mark_completed $FUNCNAME } diff --git a/src/freedombone-utils-gpg b/src/freedombone-utils-gpg index 17300aa2..722c4568 100755 --- a/src/freedombone-utils-gpg +++ b/src/freedombone-utils-gpg @@ -28,6 +28,25 @@ # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . +function gpg_allow_tty { + gpg_username=$1 + + if [[ $gpg_username == 'root' ]]; then + if ! grep -q 'GPG_TTY' /root/.bashrc; then + echo '' >> /root/.bashrc + echo 'GPG_TTY=$(tty)' >> /root/.bashrc + echo 'export GPG_TTY' >> /root/.bashrc + fi + else + if ! grep -q 'GPG_TTY' /home/$gpg_username/.bashrc; then + echo '' >> /home/$gpg_username/.bashrc + echo 'GPG_TTY=$(tty)' >> /home/$gpg_username/.bashrc + echo 'export GPG_TTY' >> /home/$gpg_username/.bashrc + chown $gpg_username:$gpg_username /home/$gpg_username/.bashrc + fi + fi +} + function gpg_pubkey_from_email { key_owner_username=$1 key_email_address=$2