free
/
freedombone
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
6691 Commits
5 Branches
Tree: 6bb05c99c7
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6bb05c99c7'
${ noResults }
freedombone/src/freedombone-utils-gpg

freedombone-utils-gpg 4.7KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122 
  1. #!/bin/bash

  2. #

  3. # .---.                  .              .

  4. # |                      |              |

  5. # |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.

  6. # |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'

  7. # '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'

  8. #

  9. #                    Freedom in the Cloud

  10. #

  11. # gpg functions

  12. #

  13. # License

  14. # =======

  15. #

  16. # Copyright (C) 2016 Bob Mottram <bob@freedombone.net>

  17. #

  18. # This program is free software: you can redistribute it and/or modify

  19. # it under the terms of the GNU Affero General Public License as published by

  20. # the Free Software Foundation, either version 3 of the License, or

  21. # (at your option) any later version.

  22. #

  23. # This program is distributed in the hope that it will be useful,

  24. # but WITHOUT ANY WARRANTY; without even the implied warranty of

  25. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  26. # GNU Affero General Public License for more details.

  27. #

  28. # You should have received a copy of the GNU Affero General Public License

  29. # along with this program.  If not, see <http://www.gnu.org/licenses/>.

  30. 

  31. function gpg_agent_setup {

  32.     gpg_username=$1

  33. 

  34.     if [[ $gpg_username == 'root' ]]; then

  35.         if ! grep -q 'GPG_TTY' /root/.bashrc; then

  36.             echo '' >> /root/.bashrc

  37.             echo 'GPG_TTY=$(tty)' >> /root/.bashrc

  38.             echo 'export GPG_TTY' >> /root/.bashrc

  39.         fi

  40.         if ! grep -q 'use-agent' /root/.gnupg/gpg.conf; then

  41.             echo 'use-agent' >> /root/.gnupg/gpg.conf

  42.         fi

  43.         if ! grep -q 'pinentry-mode loopback' /root/.gnupg/gpg.conf; then

  44.             echo 'pinentry-mode loopback' >> /root/.gnupg/gpg.conf

  45.         fi

  46.         if [ ! -f /root/.gnupg/gpg-agent.conf ]; then

  47.             touch /root/.gnupg/gpg-agent.conf

  48.         fi

  49.         if ! grep -q 'allow-loopback-pinentry' /root/.gnupg/gpg-agent.conf; then

  50.             echo 'allow-loopback-pinentry' >> /root/.gnupg/gpg-agent.conf

  51.         fi

  52.         echo RELOADAGENT | gpg-connect-agent

  53.     else

  54.         if ! grep -q 'GPG_TTY' /home/$gpg_username/.bashrc; then

  55.             echo '' >> /home/$gpg_username/.bashrc

  56.             echo 'GPG_TTY=$(tty)' >> /home/$gpg_username/.bashrc

  57.             echo 'export GPG_TTY' >> /home/$gpg_username/.bashrc

  58.             chown $gpg_username:$gpg_username /home/$gpg_username/.bashrc

  59.         fi

  60.         if ! grep -q 'use-agent' /home/$gpg_username/.gnupg/gpg.conf; then

  61.             echo 'use-agent' >> /home/$gpg_username/.gnupg/gpg.conf

  62.         fi

  63.         if ! grep -q 'pinentry-mode loopback' /home/$gpg_username/.gnupg/gpg.conf; then

  64.             echo 'pinentry-mode loopback' >> /home/$gpg_username/.gnupg/gpg.conf

  65.         fi

  66.         if [ ! -f /home/$gpg_username/.gnupg/gpg-agent.conf ]; then

  67.             touch /home/$gpg_username/.gnupg/gpg-agent.conf

  68.         fi

  69.         if ! grep -q 'allow-loopback-pinentry' /home/$gpg_username/.gnupg/gpg-agent.conf; then

  70.             echo 'allow-loopback-pinentry' >> /home/$gpg_username/.gnupg/gpg-agent.conf

  71.         fi

  72.         su -c "echo RELOADAGENT | gpg-connect-agent" - $gpg_username

  73.     fi

  74. }

  75. 

  76. function gpg_pubkey_from_email {

  77.     key_owner_username=$1

  78.     key_email_address=$2

  79.     key_id=

  80.     if [[ $key_owner_username != "root" ]]; then

  81.         key_id=$(su -c "gpg --list-keys $key_email_address" - $key_owner_username | sed -n '2p' | sed 's/^[ \t]*//')

  82.     else

  83.         key_id=$(gpg --list-keys $key_email_address | sed -n '2p' | sed 's/^[ \t]*//')

  84.     fi

  85.     echo $key_id

  86. }

  87. 

  88. function enable_email_encryption_at_rest {

  89.     for d in /home/*/ ; do

  90.         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')

  91.         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then

  92.             if grep '#| /usr/bin/gpgit.pl' /home/$USERNAME/.procmailrc; then

  93.                 sed -i 's@#| /usr/bin/gpgit.pl@| /usr/bin/gpgit.pl@g' /home/$USERNAME/.procmailrc

  94.                 sed -i 's|#:0 f|:0 f|g' /home/$USERNAME/.procmailrc

  95.             fi

  96.         fi

  97.     done

  98. 

  99.     if grep '#| /usr/bin/gpgit.pl' /etc/skel/.procmailrc; then

  100.         sed -i 's@#| /usr/bin/gpgit.pl@| /usr/bin/gpgit.pl@g' /etc/skel/.procmailrc

  101.         sed -i 's|#:0 f|:0 f|g' /etc/skel/.procmailrc

  102.     fi

  103. }

  104. 

  105. function disable_email_encryption_at_rest {

  106.     for d in /home/*/ ; do

  107.         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')

  108.         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then

  109.             if ! grep '#| /usr/bin/gpgit.pl' /home/$USERNAME/.procmailrc; then

  110.                 sed -i 's@| /usr/bin/gpgit.pl@#| /usr/bin/gpgit.pl@g' /home/$USERNAME/.procmailrc

  111.                 sed -i 's|:0 f|#:0 f|g' /home/$USERNAME/.procmailrc

  112.             fi

  113.         fi

  114.     done

  115. 

  116.     if ! grep '#| /usr/bin/gpgit.pl' /etc/skel/.procmailrc; then

  117.         sed -i 's@| /usr/bin/gpgit.pl@#| /usr/bin/gpgit.pl@g' /etc/skel/.procmailrc

  118.         sed -i 's|:0 f|#:0 f|g' /etc/skel/.procmailrc

  119.     fi

  120. }

  121. 

  122. # NOTE: deliberately no exit 0