|
@@ -319,11 +319,15 @@ function create_backup_script {
|
319
|
319
|
# This is a compromise. backup needs access to things which the user
|
320
|
320
|
# doesn't have access to, but also needs to be able to encrypt as the user
|
321
|
321
|
# Perhaps there is some better way to do this.
|
|
322
|
+ # Maybe there should be a separate backup GPG key. Discuss.
|
|
323
|
+ su -c "gpg --export-ownertrust > ~/temp_trust.txt" - $MY_USERNAME
|
322
|
324
|
su -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME
|
323
|
325
|
su -c "gpg --output ~/temp_private_key.txt --armor --export-secret-key $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME
|
|
326
|
+ gpg --import-ownertrust < /home/$MY_USERNAME/temp_trust.txt
|
324
|
327
|
gpg --import $MY_GPG_PUBLIC_KEY
|
325
|
328
|
gpg --allow-secret-key-import --import /home/$MY_USERNAME/temp_private_key.txt
|
326
|
329
|
shred -zu /home/$MY_USERNAME/temp_private_key.txt
|
|
330
|
+ shred -zu /home/$MY_USERNAME/temp_trust.txt
|
327
|
331
|
fi
|
328
|
332
|
|
329
|
333
|
echo '#!/bin/bash' > /usr/bin/$BACKUP_SCRIPT_NAME
|