Fix gpg key generation

bd33b814 · Bob Mottram · d1be62d2 · bd33b814 · bd33b814 · bd33b814
Commit bd33b814 authored 7 years ago by Bob Mottram
--- a/src/freedombone-adduser
+++ b/src/freedombone-adduser
@@ -144,11 +144,12 @@ echo "Name-Real:  $ADD_USERNAME" >> /home/$ADD_USERNAME/gpg-genkey.conf
 echo "Name-Email: $ADD_USERNAME@$HOSTNAME" >> /home/$ADD_USERNAME/gpg-genkey.conf
 echo 'Expire-Date: 0' >> /home/$ADD_USERNAME/gpg-genkey.conf
 chown $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/gpg-genkey.conf
-su -c "gpg --batch --gen-key /home/$ADD_USERNAME/gpg-genkey.conf" - $ADD_USERNAME
+su -m root -c "gpg --homedir /home/$ADD_USERNAME/.gnupg --batch --passphrase '' --gen-key /home/$ADD_USERNAME/gpg-genkey.conf" - $ADD_USERNAME
+chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.gnupg
 shred -zu /home/$ADD_USERNAME/gpg-genkey.conf
 MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$ADD_USERNAME" "$ADD_USERNAME@$HOSTNAME")
 MY_GPG_PUBLIC_KEY=/home/$ADD_USERNAME/public_key.gpg
-su -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $ADD_USERNAME
+su -m root -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $ADD_USERNAME

 if [ ! -f $MY_GPG_PUBLIC_KEY ]; then
    echo "GPG public key was not generated for $ADD_USERNAME@$HOSTNAME $MY_GPG_PUBLIC_KEY_ID"

--- a/src/freedombone-base-email
+++ b/src/freedombone-base-email
@@ -1499,7 +1499,9 @@ function create_gpg_subkey {
    echo "Name-Comment: $GPG_KEY_USAGE" >> /home/$MY_USERNAME/gpg-genkey.conf
    echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf
    chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf
-    su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
+    su -m root -c "gpg --homedir /home/$MY_USERNAME/.gnupg --batch --passphrase '' --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
+    chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg
+
    shred -zu /home/$MY_USERNAME/gpg-genkey.conf
    MY_GPG_SUBKEY_ID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')

@@ -1612,7 +1614,8 @@ function configure_gpg {
        echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf
        chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf
        echo $'Generating a new GPG key'
-        su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
+        su -m root -c "gpg --homedir /home/$MY_USERNAME/.gnupg --batch --passphrase '' --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
+        chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg
        KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
        if [[ $KEY_EXISTS == "no" ]]; then
            echo $"A GPG key for $MY_EMAIL_ADDRESS could not be created"
@@ -1624,7 +1627,7 @@ function configure_gpg {
            echo $'GPG public key ID could not be obtained'
        fi
        MY_GPG_PUBLIC_KEY=/tmp/public_key.gpg
-        su -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME
+        su -m root -c "gpg --homedir /home/$MY_USERNAME/.gnupg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME

        if grep -q "install_email" $COMPLETION_FILE; then
            if ! grep -q $"Change your GPG password" /home/$MY_USERNAME/README; then

--- a/src/freedombone-utils-backup
+++ b/src/freedombone-utils-backup
@@ -72,7 +72,9 @@ function configure_backup_key {
        echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf
        chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf
        echo $'Backup key does not exist. Creating it.'
-        su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
+        su -m root -c "gpg --homedir /home/$MY_USERNAME/.gnupg --batch --passphrase '' --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
+        chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg
+
        shred -zu /home/$MY_USERNAME/gpg-genkey.conf
        echo $'Checking that the Backup key was created'
        BACKUP_KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_NAME (backup key)")
@@ -84,8 +86,8 @@ function configure_backup_key {
    MY_BACKUP_KEY_ID=$(su -c "gpg --list-keys \"$MY_NAME (backup key)\" | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
    echo "Backup key: $MY_BACKUP_KEY_ID"
    MY_BACKUP_KEY=/home/$MY_USERNAME/backup_key
-    su -c "gpg --output ${MY_BACKUP_KEY}_public.asc --armor --export $MY_BACKUP_KEY_ID" - $MY_USERNAME
-    su -c "gpg --output ${MY_BACKUP_KEY}_private.asc --armor --export-secret-key $MY_BACKUP_KEY_ID" - $MY_USERNAME
+    su -m root -c "gpg --homedir /home/$MY_USERNAME/.gnupg --output ${MY_BACKUP_KEY}_public.asc --armor --export $MY_BACKUP_KEY_ID" - $MY_USERNAME
+    su -m root -c "gpg --homedir /home/$MY_USERNAME/.gnupg --output ${MY_BACKUP_KEY}_private.asc --armor --export-secret-key $MY_BACKUP_KEY_ID" - $MY_USERNAME
    if [ ! -f ${MY_BACKUP_KEY}_public.asc ]; then
        echo 'Public backup key could not be exported'
        exit 36829