From 61a2deee65fd2dd572f9e1473e0a35dcb36d330e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=27rysiek=27=20Wo=C5=BAniak?= Date: Thu, 23 Feb 2017 23:58:33 +0100 Subject: [PATCH] run.sh: managing the secret keys saner now --- run.sh | 44 ++++++++++++++++++++++++++++++++++++++------ 1 file changed, 38 insertions(+), 6 deletions(-) diff --git a/run.sh b/run.sh index 70109d4..63f42d4 100644 --- a/run.sh +++ b/run.sh @@ -144,6 +144,44 @@ ln -s "$KUVERT_CONFIG_DIR/kuvert.conf" "$KUVERT_HOME/.kuvert" # making sure the env is AOK export HOME="$KUVERT_HOME" export GNUPGHOME="$KUVERT_GNUPG_DIR" +# make sure said settings will be in effect upon each and every +# su - $KUVERT_USER within the container +# as that's how we'll manage gpg the keyring... +echo "export GNUPGHOME=\"$KUVERT_GNUPG_DIR\"" > "$KUVERT_HOME"/.profile +chown "$KUVERT_USER":"$KUVERT_GROUP" "$KUVERT_HOME"/.profile + +# let's check up on the keyring, +# creating it if needed +echo -ne "+-- keys in keyring: " +# this has to be run as the target user +su -p -c "env PATH=\"$PATH\" gpg --list-keys" "$KUVERT_USER" 2>/dev/null | egrep '^pub' | wc -l + +# if there are no secret keys in the keyring, +# generate a new password-less secret key +SECRET_KEYS="$( su -p -c "env PATH=\"$PATH\" gpg --list-secret-keys" "$KUVERT_USER" 2>/dev/null | egrep '^sec' )" +if [[ "$SECRET_KEYS" == "" ]]; then + echo "+-- no secret keys found, generating one for: $KUVERT_USER@localhost" + echo + echo " WARNING: this secret key will not be password-protected!" + echo + # https://www.gnupg.org/documentation/manuals/gnupg/Unattended-GPG-key-generation.html + su -p -c "env PATH=\"$PATH\" gpg --batch --gen-key" "$KUVERT_USER" </dev/null | wc -l - echo -e "+-- running:\n\t$*" exec su -p -c "env PATH=\"$PATH\" $*" "$KUVERT_USER" \ No newline at end of file