Bob Mottram 8 gadus atpakaļ
vecāks
revīzija
75b0eb4291

+ 1
- 1
src/freedombone-adduser Parādīt failu

@@ -157,7 +157,7 @@ if [ ! -f $MY_GPG_PUBLIC_KEY ]; then
157 157
     userdel -r $ADD_USERNAME
158 158
     exit 7
159 159
 fi
160
-gpg_allow_tty $ADD_USERNAME
160
+gpg_agent_setup $ADD_USERNAME
161 161
 
162 162
 # add a monkeysphere subkey
163 163
 #echo $'Adding monkeysphere subkey'

+ 2
- 2
src/freedombone-base-email Parādīt failu

@@ -1651,8 +1651,8 @@ function configure_gpg {
1651 1651
     if [ ! -d /root/.gnupg ]; then
1652 1652
         cp -r /home/$MY_USERNAME/.gnupg /root/
1653 1653
     fi
1654
-    gpg_allow_tty root
1655
-    gpg_allow_tty $MY_USERNAME
1654
+    gpg_agent_setup root
1655
+    gpg_agent_setup $MY_USERNAME
1656 1656
 
1657 1657
     mark_completed $FUNCNAME
1658 1658
 }

+ 6
- 1
src/freedombone-splitkey Parādīt failu

@@ -39,6 +39,9 @@ PROJECT_NAME='freedombone'
39 39
 export TEXTDOMAIN=${PROJECT_NAME}-splitkey
40 40
 export TEXTDOMAINDIR="/usr/share/locale"
41 41
 
42
+# Dummy password to get around not being able to create a key without passphrase
43
+BACKUP_DUMMY_PASSWORD='backup'
44
+
42 45
 KEY_FRAGMENTS=3
43 46
 MY_USERNAME=
44 47
 MY_EMAIL_ADDRESS=
@@ -137,7 +140,9 @@ if [ ! "$?" = "0" ]; then
137 140
     echo $"Unable to extract backup public key for $MY_BACKUP_KEY_ID"
138 141
     exit 62928
139 142
 fi
140
-gpg --output $FRAGMENTS_DIR/backup_privkey.txt \
143
+echo '$BACKUP_DUMMY_PASSWORD' | \
144
+    gpg --output $FRAGMENTS_DIR/backup_privkey.txt \
145
+    --batch --passphrase-fd 0 \
141 146
     --armor --export-secret-key $MY_BACKUP_KEY_ID
142 147
 if [ ! "$?" = "0" ]; then
143 148
     echo $"Unable to extract backup private key for $MY_BACKUP_KEY_ID"

+ 1
- 1
src/freedombone-utils-backup Parādīt failu

@@ -105,7 +105,7 @@ function configure_backup_key {
105 105
 
106 106
     # import backup key to root user
107 107
     gpg --import --import ${MY_BACKUP_KEY}_public.asc
108
-    gpg --allow-secret-key-import --import ${MY_BACKUP_KEY}_private.asc
108
+    echo '$BACKUP_DUMMY_PASSWORD' | gpg --batch --passphrase-fd 0 --allow-secret-key-import --import ${MY_BACKUP_KEY}_private.asc
109 109
 
110 110
     shred -zu ${MY_BACKUP_KEY}_public.asc
111 111
     shred -zu ${MY_BACKUP_KEY}_private.asc

+ 27
- 1
src/freedombone-utils-gpg Parādīt failu

@@ -28,7 +28,7 @@
28 28
 # You should have received a copy of the GNU Affero General Public License
29 29
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
30 30
 
31
-function gpg_allow_tty {
31
+function gpg_agent_setup {
32 32
     gpg_username=$1
33 33
 
34 34
     if [[ $gpg_username == 'root' ]]; then
@@ -37,6 +37,19 @@ function gpg_allow_tty {
37 37
             echo 'GPG_TTY=$(tty)' >> /root/.bashrc
38 38
             echo 'export GPG_TTY' >> /root/.bashrc
39 39
         fi
40
+        if ! grep -q 'use-agent' /root/.gnupg/gpg.conf; then
41
+            echo 'use-agent' >> /root/.gnupg/gpg.conf
42
+        fi
43
+        if ! grep -q 'pinentry-mode loopback' /root/.gnupg/gpg.conf; then
44
+            echo 'pinentry-mode loopback' >> /root/.gnupg/gpg.conf
45
+        fi
46
+        if [ ! -f /root/.gnupg/gpg-agent.conf ]; then
47
+            touch /root/.gnupg/gpg-agent.conf
48
+        fi
49
+        if ! grep -q 'allow-loopback-pinentry' /root/.gnupg/gpg-agent.conf; then
50
+            echo 'allow-loopback-pinentry' >> /root/.gnupg/gpg-agent.conf
51
+        fi
52
+        echo RELOADAGENT | gpg-connect-agent
40 53
     else
41 54
         if ! grep -q 'GPG_TTY' /home/$gpg_username/.bashrc; then
42 55
             echo '' >> /home/$gpg_username/.bashrc
@@ -44,6 +57,19 @@ function gpg_allow_tty {
44 57
             echo 'export GPG_TTY' >> /home/$gpg_username/.bashrc
45 58
             chown $gpg_username:$gpg_username /home/$gpg_username/.bashrc
46 59
         fi
60
+        if ! grep -q 'use-agent' /home/$gpg_username/.gnupg/gpg.conf; then
61
+            echo 'use-agent' >> /home/$gpg_username/.gnupg/gpg.conf
62
+        fi
63
+        if ! grep -q 'pinentry-mode loopback' /home/$gpg_username/.gnupg/gpg.conf; then
64
+            echo 'pinentry-mode loopback' >> /home/$gpg_username/.gnupg/gpg.conf
65
+        fi
66
+        if [ ! -f /home/$gpg_username/.gnupg/gpg-agent.conf ]; then
67
+            touch /home/$gpg_username/.gnupg/gpg-agent.conf
68
+        fi
69
+        if ! grep -q 'allow-loopback-pinentry' /home/$gpg_username/.gnupg/gpg-agent.conf; then
70
+            echo 'allow-loopback-pinentry' >> /home/$gpg_username/.gnupg/gpg-agent.conf
71
+        fi
72
+        su -c "echo RELOADAGENT | gpg-connect-agent" - $gpg_username
47 73
     fi
48 74
 }
49 75