From 5ae154f2ed5423722f9c4609843e3fc865cbe472 Mon Sep 17 00:00:00 2001 From: Thorsten Glaser Date: Wed, 28 Aug 2013 10:06:46 +0200 Subject: [PATCH] gpg2 and OpenSuSE workarounds --- bash-ksh/generate-pgpkey-for-at-work | 71 +++++++++++++++++++++++++----------- 1 file changed, 50 insertions(+), 21 deletions(-) diff --git a/bash-ksh/generate-pgpkey-for-at-work b/bash-ksh/generate-pgpkey-for-at-work index 9cf0dbd..a4474bd 100644 --- a/bash-ksh/generate-pgpkey-for-at-work +++ b/bash-ksh/generate-pgpkey-for-at-work @@ -1,7 +1,7 @@ #!/bin/sh -# $Id: genkey-firmengebrauch.sh 2836 2012-03-22 09:51:20Z tglase $ +# $Id: genkey-firmengebrauch.sh 3773 2013-08-28 08:01:05Z tglase $ #- -# Copyright © 2010, 2011, 2012 +# Copyright © 2010, 2011, 2012, 2013 # Thorsten Glaser # All rights reserved. # @@ -39,6 +39,16 @@ export LC_ALL=C unset LANG LANGUAGE test -z "$BASH_VERSION" || shopt -s extglob # we can now use Korn Shell extensions common to mksh and GNU bash +unset GPG_AGENT_INFO GPG_TTY +nl=' +' +if ! tilde=$(cd && pwd) || [[ -z $tilde ]]; then + tilde=$HOME + if ! tilde=$(cd && pwd) || [[ -z $tilde ]]; then + echo >&2 Eek, what\'s your home directory? + exit 1 + fi +fi # initiate logging cd "$(dirname "$0")" @@ -261,6 +271,20 @@ D2z3JhUEscRFBVURbyc+5yEcHAT33kx+thUrrXd6+kHq6lbMaMl3QSpjEemygTQo EOF +# gpg2, as opposed to gnupg, doesn’t want to not use the agent +vsn=$(gpg --version 2>&1 | head -n 1) +isgpg2=0 +if [[ $vsn = 'gpg (GnuPG) 1.4.'* ]]; then + : okay +elif [[ $vsn = 'gpg (GnuPG) 1.'* ]]; then + echo 'WARNING: Obsolete GnuPG 1.x version, you SHALL update!' +elif [[ $vsn = 'gpg (GnuPG) 2.0.'* ]]; then + isgpg2=1 +else + echo "WARNING: Unknown GnuPG version '$vsn', tell tglase!" +fi + + # show introduction echo " tarent solutions GmbH - PGP Key Generation @@ -329,16 +353,16 @@ fi | sed 's/../16#& /g') (echo "got user info {"; sed 's/^/ /' <"$T/ui"; echo "}") >>"$log" # add entropy from CGIs to that pool (magic code ;) {{{ -if [[ ! -s ~/.gnupg/random_seed ]]; then +if [[ ! -s ${tilde}/.gnupg/random_seed ]]; then # create and fill if it didn't exist - :>~/.gnupg/random_seed - chmod 0600 ~/.gnupg/random_seed - dd if=/dev/urandom of=~/.gnupg/random_seed bs=600 count=1 + :>"${tilde}"/.gnupg/random_seed + chmod 0600 "${tilde}"/.gnupg/random_seed + dd if=/dev/urandom of="${tilde}"/.gnupg/random_seed bs=600 count=1 2>/dev/null fi entropy=$(wget -O - -T 10 --ca-certificate="$T/ca.cer" \ - https://call.mirbsd.org/lb.cgi?genkey.sh,1=$(hostname -f),seed=$RANDOM$RANDOM$RANDOM$RANDOM$RANDOM 2>/dev/null | \ + https://call.mirbsd.org/lb.cgi?genkey.sh,1=$(hostname -f 2>/dev/null || hostname),seed=$RANDOM$RANDOM$RANDOM$RANDOM$RANDOM 2>/dev/null | \ hexdump -ve '1/1 "16#%x "')$x -poolfile=$(hexdump -ve '1/1 "16#%x "' <~/.gnupg/random_seed) +poolfile=$(hexdump -ve '1/1 "16#%x "' <"${tilde}"/.gnupg/random_seed) str2arr entropy str2arr poolfile (( n = ${#poolfile[*]} < ${#entropy[*]} ? ${#entropy[*]} : ${#poolfile[*]} )) @@ -351,7 +375,7 @@ done # write back into the pool file arr2hex poolfile eprint "$(echo ${poolfile[*]} | sed -e 's/16#/\\x/g' -e 's/ //g')" | \ - dd of=~/.gnupg/random_seed conv=notrunc 2>/dev/null + dd of="${tilde}"/.gnupg/random_seed conv=notrunc 2>/dev/null # }}} end of magic code block ;) # check the user information @@ -432,28 +456,28 @@ if [[ $pkid != +([0-9A-F]) ]] || ! gpg -K $pkid; then fi # apply preference settings to our newly generated key +if [[ $isgpg2 = 0 ]]; then + usepw="$nl$(str2utf8 "$resp")" +else + usepw="" +fi gpg --no-use-agent -q -u $pkid --command-fd 4 --edit-key $pkid \ >>"$T/edit.log" 2>&1 4<<-EOF - notation preferred-email-encoding@pgp.com=partitioned,pgpmime - $(str2utf8 "$resp") + notation preferred-email-encoding@pgp.com=partitioned,pgpmime$usepw trust 5 y uid 1 - primary - $(str2utf8 "$resp") + primary$usepw adduid $(str2utf8 "$i_name") $(str2utf8 "$un")@info.tarent.de - Jabber/XMPP - $(str2utf8 "$resp") + Jabber/XMPP$usepw uid 1 uid 2 setpref H8 H3 S8 S4 Z2 Z0 Z1 H9 H10 S9 S7 - y - $(str2utf8 "$resp") - keyserver hkp://tarentpgp.tarent.de - $(str2utf8 "$resp") + y$usepw + keyserver hkp://tarentpgp.tarent.de$usepw save EOF echo "=> $?" >>"$T/edit.log" @@ -468,8 +492,7 @@ gpg --no-ask-cert-level --no-expert --no-use-agent -q -u $pkid --command-fd 4 -- 2 2 - y - $(str2utf8 "$resp") + y$usepw trust 4 save @@ -477,6 +500,12 @@ EOF echo "=> $?" >>"$T/edit.log" sed 's/^/│/' "$T/edit.log" >>"$log" +if [[ $GENKEY_DONTRUN = aye ]]; then + echo >&2 Meh, okay. $vsn + gpg -K + exit 0 +fi + # export our own public key and the signed company key into a keyring rc=0 gpg --export-options no-export-attributes,export-clean \ -- 2.1.4