diff --git a/src/freedombone-adduser b/src/freedombone-adduser
index d24abbbefc728737f8555aeefe3e8ea147f02516..009ff2088c0b5d5abcb1569663501813f9018eb6 100755
--- a/src/freedombone-adduser
+++ b/src/freedombone-adduser
@@ -157,6 +157,7 @@ if [ ! -f $MY_GPG_PUBLIC_KEY ]; then
userdel -r $ADD_USERNAME
exit 7
fi
+gpg_allow_tty $ADD_USERNAME
# add a monkeysphere subkey
#echo $'Adding monkeysphere subkey'
diff --git a/src/freedombone-base-email b/src/freedombone-base-email
index 11d5d3bbb72ab198af460a37684994f344774311..a5a3cdc1564e144ede8c1747b08375b38db59aa5 100755
--- a/src/freedombone-base-email
+++ b/src/freedombone-base-email
@@ -1646,35 +1646,13 @@ function configure_gpg {
fi
MY_GPG_PUBLIC_KEY=/tmp/public_key.gpg
su -m root -c "gpg --homedir /home/$MY_USERNAME/.gnupg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME
+ fi
- if grep -q "install_email" $COMPLETION_FILE; then
- if ! grep -q $"Change your GPG password" /home/$MY_USERNAME/README; then
- echo '' >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo $'# Change your GPG password' >> /home/$MY_USERNAME/README
- echo $"It's very important to add a password to your GPG key so that" >> /home/$MY_USERNAME/README
- echo $"if anyone does get access to your email they still won't be able" >> /home/$MY_USERNAME/README
- echo $'to read them without knowning the GPG password.' >> /home/$MY_USERNAME/README
- echo $'You can change the it with:' >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo " gpg --edit-key $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README
- echo ' passwd' >> /home/$MY_USERNAME/README
- echo ' save' >> /home/$MY_USERNAME/README
- echo ' quit' >> /home/$MY_USERNAME/README
- fi
- if ! grep -q $"Publish your GPG public key" /home/$MY_USERNAME/README; then
- echo '' >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo $'# Publish your GPG public key' >> /home/$MY_USERNAME/README
- echo $'So that others can send emails to you securely you should' >> /home/$MY_USERNAME/README
- echo $'publish your GPG public key with the command:' >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo " gpg --send-keys $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README
- fi
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
- chmod 600 /home/$MY_USERNAME/README
- fi
+ if [ ! -d /root/.gnupg ]; then
+ cp -r /home/$MY_USERNAME/.gnupg /root/
fi
+ gpg_allow_tty root
+ gpg_allow_tty $MY_USERNAME
mark_completed $FUNCNAME
}
diff --git a/src/freedombone-utils-backup b/src/freedombone-utils-backup
index f178be04dd756c1932d481bef50a6781ef9eda73..9fffcbfe7f8bc8bc3cf835679bf90d8369d01d93 100755
--- a/src/freedombone-utils-backup
+++ b/src/freedombone-utils-backup
@@ -51,22 +51,6 @@ function restart_site {
SUSPENDED_SITE=
}
-function backup_create_password {
- BACKUP_PASSWORD_FILE=$(mktemp /tmp/fileXXXXX)
- # Note: this doesn't need to be secure, it's just a way of
- # getting around the forced interactivity of the gpg agent
- echo -n "$BACKUP_DUMMY_PASSWORD" > $BACKUP_PASSWORD_FILE
-}
-
-function backup_remove_password {
- if [ ! $BACKUP_PASSWORD_FILE ]; then
- return
- fi
- if [ -f $BACKUP_PASSWORD_FILE ]; then
- shred -zu $BACKUP_PASSWORD_FILE
- fi
-}
-
function configure_backup_key {
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
@@ -104,20 +88,17 @@ function configure_backup_key {
fi
fi
- backup_create_password
-
MY_BACKUP_KEY_ID=$(su -c "gpg --list-keys \"$MY_NAME (backup key)\"" - $MY_USERNAME | sed -n '2p' | sed 's/^[ \t]*//')
echo "Backup key: $MY_BACKUP_KEY_ID"
MY_BACKUP_KEY=/home/$MY_USERNAME/backup_key
su -m root -c "gpg --homedir /home/$MY_USERNAME/.gnupg --output ${MY_BACKUP_KEY}_public.asc --armor --export $MY_BACKUP_KEY_ID" - $MY_USERNAME
- su -m root -c "gpg --homedir /home/$MY_USERNAME/.gnupg --output ${MY_BACKUP_KEY}_private.asc --armor --passphrase-fd $BACKUP_PASSWORD_FILE --export-secret-key $MY_BACKUP_KEY_ID" - $MY_USERNAME
+ su -m root -c "echo '$BACKUP_DUMMY_PASSWORD' | gpg --homedir /home/$MY_USERNAME/.gnupg --output ${MY_BACKUP_KEY}_private.asc --armor --batch --passphrase-fd 0 --export-secret-key $MY_BACKUP_KEY_ID" - $MY_USERNAME
+
if [ ! -f ${MY_BACKUP_KEY}_public.asc ]; then
- backup_remove_password
echo 'Public backup key could not be exported'
exit 36829
fi
if [ ! -f ${MY_BACKUP_KEY}_private.asc ]; then
- backup_remove_password
echo 'Private backup key could not be exported'
exit 29235
fi
@@ -128,7 +109,6 @@ function configure_backup_key {
shred -zu ${MY_BACKUP_KEY}_public.asc
shred -zu ${MY_BACKUP_KEY}_private.asc
- backup_remove_password
mark_completed $FUNCNAME
}
diff --git a/src/freedombone-utils-gpg b/src/freedombone-utils-gpg
index 17300aa2deb31a1b6cee5fb302b95559cf3192a2..722c45682fe9870ba92cfbef7f8c82d7723f9567 100755
--- a/src/freedombone-utils-gpg
+++ b/src/freedombone-utils-gpg
@@ -28,6 +28,25 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
+function gpg_allow_tty {
+ gpg_username=$1
+
+ if [[ $gpg_username == 'root' ]]; then
+ if ! grep -q 'GPG_TTY' /root/.bashrc; then
+ echo '' >> /root/.bashrc
+ echo 'GPG_TTY=$(tty)' >> /root/.bashrc
+ echo 'export GPG_TTY' >> /root/.bashrc
+ fi
+ else
+ if ! grep -q 'GPG_TTY' /home/$gpg_username/.bashrc; then
+ echo '' >> /home/$gpg_username/.bashrc
+ echo 'GPG_TTY=$(tty)' >> /home/$gpg_username/.bashrc
+ echo 'export GPG_TTY' >> /home/$gpg_username/.bashrc
+ chown $gpg_username:$gpg_username /home/$gpg_username/.bashrc
+ fi
+ fi
+}
+
function gpg_pubkey_from_email {
key_owner_username=$1
key_email_address=$2