-
Notifications
You must be signed in to change notification settings - Fork 16
/
Copy pathgenerate_gpg
executable file
·39 lines (32 loc) · 1.08 KB
/
generate_gpg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
#!/bin/bash -e
. settings
if [[ -d $KEYDIR ]] ; then
echo "Keydir $KEYDIR already exists"
exit 1
fi
if [[ -n $FULLGPGKEY ]] ; then
echo "The full GPG key is already set for $VERSION"
echo "You need to use import_gpg_private or remove the setting"
exit 2
fi
mkdir -m 0700 $KEYDIR
( gopass show --password "$PASS_NAME_GPG" 2> /dev/null || gopass generate "$PASS_NAME_GPG" 20 ) > /dev/null
GPG_SETTINGS=$(mktemp)
trap "rm -f $GPG_SETTINGS" EXIT
cat > $GPG_SETTINGS <<EOF
%echo Generating GPG keys
Key-Type: RSA
Key-Length: 4096
Name-Real: $SIGNER_NAME
Name-Comment: $VERSION
Name-Email: $SIGNER
Expire-Date: $GPG_EXPIRE
Passphrase: $(gopass show --password "$PASS_NAME_GPG")
# Do a commit here, so that we can later print "done" :-)
%commit
%echo done
EOF
gpg2 --homedir $KEYDIR --batch --gen-key $GPG_SETTINGS
echo "Setting FULLGPGKEY in ${RELEASEDIR}/settings"
FULLGPGKEY="$(gpg2 --homedir $KEYDIR --batch --list-keys "${SIGNER_NAME} (${VERSION}) <${SIGNER}>" | sed -n '2s/\s//g p')"
echo "FULLGPGKEY='$FULLGPGKEY'" >> "${RELEASEDIR}/settings"