diff --git a/openpgp/gitprotect.sh b/openpgp/gitprotect.sh index e727cb1f24a989b3d2db030ed92ef8f763ce67b8..e2938e3a774685a3cb9354020d4b9d82ea0e0373 100755 --- a/openpgp/gitprotect.sh +++ b/openpgp/gitprotect.sh @@ -188,6 +188,7 @@ inGit || exit "$ERR_NOTINGIT" # Set-up some default values. gnupgHome="$(pwd)/.gnupg" +gnupgArgs=("--homedir" "$gnupgHome" "--batch") if [[ $command == "init" ]]; then if [[ -d $gnupgHome ]]; then @@ -200,7 +201,7 @@ if [[ $command == "init" ]]; then chmod 700 "$gnupgHome" # Initialise the GnuPG files in local directory. - gpg2 --batch --homedir "$gnupgHome" --list-keys 2>/dev/null + gpg2 "${gnupgArgs[@]}" --list-keys 2>/dev/null # Set-up a .gitignore file that will exclude some temporary files from being # tracked, as well as decrypted files. @@ -246,14 +247,14 @@ elif [[ $command == "addkey" ]]; then # First try accessing a file by the given key name. Otherwise treat it # as key identifier. if [[ -f $key ]]; then - if ! gpg2 --batch --homedir "$gnupgHome" --import "$key"; then + if ! gpg2 "${gnupgArgs[@]}" --import "$key"; then echo "ERROR: Failed to add key from file '$key'." >&2 fi else if ! gpg2 --batch --list-keys "$key" >/dev/null 2>&1; then echo "WARN: Key with identifier '$key' not found in user's GnuPG keyring. Skipping." >&2 else - ! gpg2 --batch --armor --export "$key" | gpg2 --batch --homedir "$gnupgHome" --import + ! gpg2 --batch --armor --export "$key" | gpg2 "${gnupgArgs[@]}" --import if [[ ${PIPESTATUS[0]} != 0 ]]; then echo "ERROR: Failed to add key with identifier '$key')." >&2 fi @@ -271,15 +272,15 @@ elif [[ $command = "rmkey" ]]; then # Process all the keys specified. for key in "$@"; do - if ! gpg2 --batch --homedir "$gnupgHome" --list-key "$key" 2>/dev/null; then + if ! gpg2 "${gnupgArgs[@]}" --list-key "$key" 2>/dev/null; then echo "WARN: Key with identifier '$key' not found in git repository directory's GnuPG keyring. Skipping" >&2 - elif ! gpg2 --batch --homedir "$gnupgHome" --yes --delete-key "$key"; then + elif ! gpg2 "${gnupgArgs[@]}" --yes --delete-key "$key"; then echo "ERROR: Failed to remove the key with identifier '$key'." >&2 fi done elif [[ $command = "listkeys" ]]; then gitprotectConfigured || exit "$ERR_NOCONFIG" - gpg2 --batch --homedir "$gnupgHome" --list-public-keys --keyid-format long + gpg2 "${gnupgArgs[@]}" --list-public-keys --keyid-format long elif [[ $command = "encrypt" ]]; then gitprotectConfigured || exit "$ERR_NOCONFIG" @@ -296,7 +297,7 @@ elif [[ $command = "encrypt" ]]; then if [[ $key_validity != e && $key_capabilities =~ .*e.* ]]; then recipients+=("-r" "$key_id") fi - done < <(gpg2 --homedir "$gnupgHome" --list-public-keys --with-colons | grep '^sub' | awk 'BEGIN { FS = ":" } ; { print $2, $5, $12 }') + done < <(gpg2 "${gnupgArgs[@]}" --list-public-keys --with-colons | grep '^sub' | awk 'BEGIN { FS = ":" } ; { print $2, $5, $12 }') # Make sure that we have at least a single recipient. if [[ "${#recipients[@]}" == 0 ]]; then @@ -316,7 +317,7 @@ elif [[ $command = "encrypt" ]]; then echo "INFO: File decrypted/$filename doesn't seem to have been changed. Skipping." # The file was changed, so we need to encrypt new version of it. else - cat "$filePath" | gpg2 --trust-model always --batch --homedir "$gnupgHome" \ + cat "$filePath" | gpg2 --trust-model always "${gnupgArgs[@]}" \ --armor "${recipients[@]}" --encrypt > "${filename}.gpg" sha256sum "decrypted/$filename" > "decrypted/.${filename}.sha256" fi