|
@@ -7413,6 +7413,25 @@ function create_gpg_subkey {
|
7413
|
7413
|
echo 'create_gpg_subkey' >> $COMPLETION_FILE
|
7414
|
7414
|
}
|
7415
|
7415
|
|
|
7416
|
+function gpg_key_exists {
|
|
7417
|
+ key_owner_username=$1
|
|
7418
|
+ key_search_text=$2
|
|
7419
|
+ if [[ $key_owner_username != "root" ]]; then
|
|
7420
|
+ KEY_EXISTS=$(su -c "gpg --list-keys \"${key_search_text}\"" - $key_owner_username)
|
|
7421
|
+ else
|
|
7422
|
+ KEY_EXISTS=$(gpg --list-keys "${key_search_text}")
|
|
7423
|
+ fi
|
|
7424
|
+ if [ ! $KEY_EXISTS ]; then
|
|
7425
|
+ echo "no"
|
|
7426
|
+ return
|
|
7427
|
+ fi
|
|
7428
|
+ if [ $KEY_EXISTS == *"error"* ]; then
|
|
7429
|
+ echo "no"
|
|
7430
|
+ return
|
|
7431
|
+ fi
|
|
7432
|
+ echo "yes"
|
|
7433
|
+}
|
|
7434
|
+
|
7416
|
7435
|
function configure_gpg {
|
7417
|
7436
|
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
|
7418
|
7437
|
return
|
|
@@ -7422,52 +7441,62 @@ function configure_gpg {
|
7422
|
7441
|
fi
|
7423
|
7442
|
apt-get -y install gnupg
|
7424
|
7443
|
|
|
7444
|
+ gpg_dir=/home/$MY_USERNAME/.gnupg
|
|
7445
|
+
|
7425
|
7446
|
# if gpg keys directory was previously imported from usb
|
7426
|
|
- if [[ $GPG_KEYS_IMPORTED == "yes" && -d /home/$MY_USERNAME/.gnupg ]]; then
|
7427
|
|
- sed -i "s|keyserver hkp://keys.gnupg.net|keyserver $GPG_KEYSERVER|g" /home/$MY_USERNAME/.gnupg/gpg.conf
|
|
7447
|
+ if [[ $GPG_KEYS_IMPORTED == "yes" && -d $gpg_dir ]]; then
|
|
7448
|
+ echo 'GPG keys were imported'
|
|
7449
|
+ sed -i "s|keyserver hkp://keys.gnupg.net|keyserver $GPG_KEYSERVER|g" $gpg_dir/gpg.conf
|
7428
|
7450
|
MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
|
7429
|
|
- chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg
|
7430
|
|
- chmod 700 /home/$MY_USERNAME/.gnupg
|
7431
|
|
- chmod 600 /home/$MY_USERNAME/.gnupg/*
|
|
7451
|
+ chown -R $MY_USERNAME:$MY_USERNAME $gpg_dir
|
|
7452
|
+ chmod 700 $gpg_dir
|
|
7453
|
+ chmod 600 $gpg_dir/*
|
7432
|
7454
|
echo 'configure_gpg' >> $COMPLETION_FILE
|
7433
|
7455
|
return
|
7434
|
7456
|
fi
|
7435
|
7457
|
|
7436
|
|
- if [ ! -d /home/$MY_USERNAME/.gnupg ]; then
|
7437
|
|
- mkdir /home/$MY_USERNAME/.gnupg
|
7438
|
|
- echo "keyserver $GPG_KEYSERVER" >> /home/$MY_USERNAME/.gnupg/gpg.conf
|
7439
|
|
- echo 'keyserver-options auto-key-retrieve' >> /home/$MY_USERNAME/.gnupg/gpg.conf
|
|
7458
|
+ if [ ! -d $gpg_dir ]; then
|
|
7459
|
+ mkdir $gpg_dir
|
|
7460
|
+ echo "keyserver $GPG_KEYSERVER" >> $gpg_dir/gpg.conf
|
|
7461
|
+ echo 'keyserver-options auto-key-retrieve' >> $gpg_dir/gpg.conf
|
7440
|
7462
|
fi
|
7441
|
7463
|
|
7442
|
|
- sed -i "s|keyserver hkp://keys.gnupg.net|keyserver $GPG_KEYSERVER|g" /home/$MY_USERNAME/.gnupg/gpg.conf
|
|
7464
|
+ sed -i "s|keyserver hkp://keys.gnupg.net|keyserver $GPG_KEYSERVER|g" $gpg_dir/gpg.conf
|
7443
|
7465
|
|
7444
|
|
- if ! grep -q "# default preferences" /home/$MY_USERNAME/.gnupg/gpg.conf; then
|
7445
|
|
- echo '' >> /home/$MY_USERNAME/.gnupg/gpg.conf
|
7446
|
|
- echo '# default preferences' >> /home/$MY_USERNAME/.gnupg/gpg.conf
|
7447
|
|
- echo 'personal-digest-preferences SHA256' >> /home/$MY_USERNAME/.gnupg/gpg.conf
|
7448
|
|
- echo 'cert-digest-algo SHA256' >> /home/$MY_USERNAME/.gnupg/gpg.conf
|
7449
|
|
- echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed' >> /home/$MY_USERNAME/.gnupg/gpg.conf
|
|
7466
|
+ if ! grep -q "# default preferences" $gpg_dir/gpg.conf; then
|
|
7467
|
+ echo '' >> $gpg_dir/gpg.conf
|
|
7468
|
+ echo '# default preferences' >> $gpg_dir/gpg.conf
|
|
7469
|
+ echo 'personal-digest-preferences SHA256' >> $gpg_dir/gpg.conf
|
|
7470
|
+ echo 'cert-digest-algo SHA256' >> $gpg_dir/gpg.conf
|
|
7471
|
+ echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed' >> $gpg_dir/gpg.conf
|
7450
|
7472
|
fi
|
7451
|
7473
|
|
7452
|
|
- chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg
|
7453
|
|
- chmod 700 /home/$MY_USERNAME/.gnupg
|
7454
|
|
- chmod 600 /home/$MY_USERNAME/.gnupg/*
|
|
7474
|
+ chown -R $MY_USERNAME:$MY_USERNAME $gpg_dir
|
|
7475
|
+ chmod 700 $gpg_dir
|
|
7476
|
+ chmod 600 $gpg_dir/*
|
7455
|
7477
|
|
7456
|
7478
|
if [[ $MY_GPG_PUBLIC_KEY && $MY_GPG_PRIVATE_KEY ]]; then
|
7457
|
|
- echo "Public key: $MY_GPG_PUBLIC_KEY"
|
7458
|
|
- echo "Private key: $MY_GPG_PRIVATE_KEY"
|
|
7479
|
+ echo $'Importing GPG keys from file'
|
|
7480
|
+ echo $"Public key: $MY_GPG_PUBLIC_KEY"
|
|
7481
|
+ echo $"Private key: $MY_GPG_PRIVATE_KEY"
|
7459
|
7482
|
|
7460
|
7483
|
# use your existing GPG keys which were exported
|
7461
|
7484
|
if [ ! -f $MY_GPG_PUBLIC_KEY ]; then
|
7462
|
|
- echo "GPG public key file $MY_GPG_PUBLIC_KEY was not found"
|
7463
|
|
- exit 5
|
|
7485
|
+ echo $"GPG public key file $MY_GPG_PUBLIC_KEY was not found"
|
|
7486
|
+ exit 2483
|
7464
|
7487
|
fi
|
7465
|
7488
|
if [ ! -f $MY_GPG_PRIVATE_KEY ]; then
|
7466
|
|
- echo "GPG private key file $MY_GPG_PRIVATE_KEY was not found"
|
7467
|
|
- exit 6
|
|
7489
|
+ echo $"GPG private key file $MY_GPG_PRIVATE_KEY was not found"
|
|
7490
|
+ exit 5383
|
7468
|
7491
|
fi
|
7469
|
7492
|
su -c "gpg --import $MY_GPG_PUBLIC_KEY" - $MY_USERNAME
|
7470
|
7493
|
su -c "gpg --allow-secret-key-import --import $MY_GPG_PRIVATE_KEY" - $MY_USERNAME
|
|
7494
|
+ KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
|
|
7495
|
+ if [[ $KEY_EXISTS == "no" ]]; then
|
|
7496
|
+ echo $"The GPG key for $MY_EMAIL_ADDRESS could not be imported"
|
|
7497
|
+ exit 13821
|
|
7498
|
+ fi
|
|
7499
|
+
|
7471
|
7500
|
# for security ensure that the private key file doesn't linger around
|
7472
|
7501
|
shred -zu $MY_GPG_PRIVATE_KEY
|
7473
|
7502
|
MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
|
|
@@ -7481,7 +7510,13 @@ function configure_gpg {
|
7481
|
7510
|
echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf
|
7482
|
7511
|
echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf
|
7483
|
7512
|
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf
|
|
7513
|
+ echo $'Generating a new GPG key'
|
7484
|
7514
|
su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
|
|
7515
|
+ KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
|
|
7516
|
+ if [[ $KEY_EXISTS == "no" ]]; then
|
|
7517
|
+ echo $"A GPG key for $MY_EMAIL_ADDRESS could not be created"
|
|
7518
|
+ exit 6362
|
|
7519
|
+ fi
|
7485
|
7520
|
shred -zu /home/$MY_USERNAME/gpg-genkey.conf
|
7486
|
7521
|
MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
|
7487
|
7522
|
MY_GPG_PUBLIC_KEY=/tmp/public_key.gpg
|
|
@@ -7533,19 +7568,14 @@ function configure_backup_key {
|
7533
|
7568
|
fi
|
7534
|
7569
|
apt-get -y install gnupg
|
7535
|
7570
|
|
7536
|
|
- BACKUP_KEY_EXISTS=$(gpg --list-keys "$MY_NAME (backup key)")
|
7537
|
|
- if [ $BACKUP_KEY_EXISTS ]; then
|
7538
|
|
- if [ $BACKUP_KEY_EXISTS != *"error"* ]; then
|
7539
|
|
- return
|
7540
|
|
- fi
|
|
7571
|
+ BACKUP_KEY_EXISTS=$(gpg_key_exists "root" "$MY_NAME (backup key)")
|
|
7572
|
+ if [[ $BACKUP_KEY_EXISTS == "yes" ]]; then
|
|
7573
|
+ return
|
7541
|
7574
|
fi
|
7542
|
7575
|
|
7543
|
7576
|
# Generate a GPG key for backups
|
7544
|
|
- BACKUP_KEY_EXISTS=$(su -c "gpg --list-keys \"$MY_NAME (backup key)\"" - $MY_USERNAME)
|
7545
|
|
- if [ ! $BACKUP_KEY_EXISTS ]; then
|
7546
|
|
- BACKUP_KEY_EXISTS='error'
|
7547
|
|
- fi
|
7548
|
|
- if [ $BACKUP_KEY_EXISTS == *"error"* ]; then
|
|
7577
|
+ BACKUP_KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_NAME (backup key)")
|
|
7578
|
+ if [[ $BACKUP_KEY_EXISTS == "no" ]]; then
|
7549
|
7579
|
echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf
|
7550
|
7580
|
echo 'Key-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
|
7551
|
7581
|
echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf
|
|
@@ -7555,10 +7585,12 @@ function configure_backup_key {
|
7555
|
7585
|
echo "Name-Comment: backup key" >> /home/$MY_USERNAME/gpg-genkey.conf
|
7556
|
7586
|
echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf
|
7557
|
7587
|
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf
|
|
7588
|
+ echo 'Backup key does not exist. Creating it.'
|
7558
|
7589
|
su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
|
7559
|
7590
|
shred -zu /home/$MY_USERNAME/gpg-genkey.conf
|
7560
|
|
- BACKUP_KEY_EXISTS=$(su -c "gpg --list-keys \"$MY_NAME (backup key)\"" - $MY_USERNAME)
|
7561
|
|
- if [ ! "$?" = "0" ]; then
|
|
7591
|
+ echo 'Checking that the Backup key was created'
|
|
7592
|
+ BACKUP_KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_NAME (backup key)")
|
|
7593
|
+ if [[ $BACKUP_KEY_EXISTS == "no" ]]; then
|
7562
|
7594
|
echo 'Backup key could not be created'
|
7563
|
7595
|
exit 43382
|
7564
|
7596
|
fi
|