Rewrite gpg-init Bash script in Python
parent
44cdeed024
commit
0f85ae6e2c
@ -1,2 +1,5 @@
|
|||||||
[MESSAGES CONTROL]
|
[MESSAGES CONTROL]
|
||||||
disable=invalid-name, missing-docstring, locally-disabled, unbalanced-tuple-unpacking,no-else-return
|
disable=invalid-name, missing-docstring, locally-disabled, unbalanced-tuple-unpacking,no-else-return
|
||||||
|
|
||||||
|
[SIMILARITIES]
|
||||||
|
min-similarity-lines=5
|
||||||
|
@ -1,62 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
set -eu
|
|
||||||
|
|
||||||
USER_ID="${1}"
|
|
||||||
shift
|
|
||||||
ARGS="$*"
|
|
||||||
|
|
||||||
DEVICE=${DEVICE:="trezor"} # or "ledger"
|
|
||||||
CURVE=${CURVE:="nist256p1"} # or "ed25519"
|
|
||||||
TIMESTAMP=${TIMESTAMP:=`date +%s`} # key creation timestamp
|
|
||||||
HOMEDIR=~/.gnupg/${DEVICE}
|
|
||||||
|
|
||||||
# NOTE: starting from GnuPG 2.2, gpg2 -> gpg
|
|
||||||
GPG_BINARY=$(python -c "import libagent.gpg.keyring as k; print(k.get_gnupg_binary())")
|
|
||||||
${GPG_BINARY} --version # verify that GnuPG 2.1+ is installed
|
|
||||||
|
|
||||||
# Prepare new GPG home directory for hardware-based identity
|
|
||||||
rm -rf "${HOMEDIR}"
|
|
||||||
mkdir -p "${HOMEDIR}"
|
|
||||||
chmod 700 "${HOMEDIR}"
|
|
||||||
|
|
||||||
# Generate new GPG identity and import into GPG keyring
|
|
||||||
$DEVICE-gpg create -v "${USER_ID}" -t "${TIMESTAMP}" -e "${CURVE}" ${ARGS} > "${HOMEDIR}/pubkey.asc"
|
|
||||||
${GPG_BINARY} --homedir "${HOMEDIR}" -q --import < "${HOMEDIR}/pubkey.asc"
|
|
||||||
rm -f "${HOMEDIR}/S.gpg-agent" # (otherwise, our agent won't be started automatically)
|
|
||||||
|
|
||||||
# Make new GPG identity with "ultimate" trust (via its fingerprint)
|
|
||||||
FINGERPRINT=$(${GPG_BINARY} --homedir "${HOMEDIR}" --list-public-keys --with-fingerprint --with-colons | sed -n -E 's/^fpr:::::::::([0-9A-F]+):$/\1/p' | head -n1)
|
|
||||||
echo "${FINGERPRINT}:6" | ${GPG_BINARY} --homedir "${HOMEDIR}" --import-ownertrust 2> /dev/null
|
|
||||||
|
|
||||||
AGENT_PATH="$(which ${DEVICE}-gpg-agent)"
|
|
||||||
|
|
||||||
# Prepare GPG configuration file
|
|
||||||
echo "# Hardware-based GPG configuration
|
|
||||||
agent-program ${AGENT_PATH}
|
|
||||||
personal-digest-preferences SHA512
|
|
||||||
default-key \"${USER_ID}\"
|
|
||||||
" > "${HOMEDIR}/gpg.conf"
|
|
||||||
|
|
||||||
# Prepare GPG agent configuration file
|
|
||||||
echo "# Hardware-based GPG agent emulator
|
|
||||||
log-file ${HOMEDIR}/gpg-agent.log
|
|
||||||
verbosity 2
|
|
||||||
" > "${HOMEDIR}/gpg-agent.conf"
|
|
||||||
|
|
||||||
# Prepare a helper script for setting up the new identity
|
|
||||||
echo "#!/bin/bash
|
|
||||||
set -eu
|
|
||||||
export GNUPGHOME=${HOMEDIR}
|
|
||||||
COMMAND=\$*
|
|
||||||
if [ -z \"\${COMMAND}\" ]
|
|
||||||
then
|
|
||||||
\${SHELL}
|
|
||||||
else
|
|
||||||
\${COMMAND}
|
|
||||||
fi
|
|
||||||
" > "${HOMEDIR}/env"
|
|
||||||
chmod u+x "${HOMEDIR}/env"
|
|
||||||
|
|
||||||
echo "Starting ${DEVICE}-gpg-agent at ${HOMEDIR}..."
|
|
||||||
# Load agent and make sure it responds with the new identity
|
|
||||||
GNUPGHOME="${HOMEDIR}" ${GPG_BINARY} -K 2> /dev/null
|
|
Loading…
Reference in New Issue