|
@@ -188,6 +188,7 @@ inGit || exit "$ERR_NOTINGIT"
|
|
|
|
|
|
# Set-up some default values.
|
|
|
gnupgHome="$(pwd)/.gnupg"
|
|
|
gnupgArgs=("--homedir" "$gnupgHome" "--batch")
|
|
|
|
|
|
if [[ $command == "init" ]]; then
|
|
|
if [[ -d $gnupgHome ]]; then
|
|
@@ -200,7 +201,7 @@ if [[ $command == "init" ]]; then
|
|
|
chmod 700 "$gnupgHome"
|
|
|
|
|
|
# Initialise the GnuPG files in local directory.
|
|
|
gpg2 --batch --homedir "$gnupgHome" --list-keys 2>/dev/null
|
|
|
gpg2 "${gnupgArgs[@]}" --list-keys 2>/dev/null
|
|
|
|
|
|
# Set-up a .gitignore file that will exclude some temporary files from being
|
|
|
# tracked, as well as decrypted files.
|
|
@@ -246,14 +247,14 @@ elif [[ $command == "addkey" ]]; then
|
|
|
# First try accessing a file by the given key name. Otherwise treat it
|
|
|
# as key identifier.
|
|
|
if [[ -f $key ]]; then
|
|
|
if ! gpg2 --batch --homedir "$gnupgHome" --import "$key"; then
|
|
|
if ! gpg2 "${gnupgArgs[@]}" --import "$key"; then
|
|
|
echo "ERROR: Failed to add key from file '$key'." >&2
|
|
|
fi
|
|
|
else
|
|
|
if ! gpg2 --batch --list-keys "$key" >/dev/null 2>&1; then
|
|
|
echo "WARN: Key with identifier '$key' not found in user's GnuPG keyring. Skipping." >&2
|
|
|
else
|
|
|
! gpg2 --batch --armor --export "$key" | gpg2 --batch --homedir "$gnupgHome" --import
|
|
|
! gpg2 --batch --armor --export "$key" | gpg2 "${gnupgArgs[@]}" --import
|
|
|
if [[ ${PIPESTATUS[0]} != 0 ]]; then
|
|
|
echo "ERROR: Failed to add key with identifier '$key')." >&2
|
|
|
fi
|
|
@@ -271,15 +272,15 @@ elif [[ $command = "rmkey" ]]; then
|
|
|
|
|
|
# Process all the keys specified.
|
|
|
for key in "$@"; do
|
|
|
if ! gpg2 --batch --homedir "$gnupgHome" --list-key "$key" 2>/dev/null; then
|
|
|
if ! gpg2 "${gnupgArgs[@]}" --list-key "$key" 2>/dev/null; then
|
|
|
echo "WARN: Key with identifier '$key' not found in git repository directory's GnuPG keyring. Skipping" >&2
|
|
|
elif ! gpg2 --batch --homedir "$gnupgHome" --yes --delete-key "$key"; then
|
|
|
elif ! gpg2 "${gnupgArgs[@]}" --yes --delete-key "$key"; then
|
|
|
echo "ERROR: Failed to remove the key with identifier '$key'." >&2
|
|
|
fi
|
|
|
done
|
|
|
elif [[ $command = "listkeys" ]]; then
|
|
|
gitprotectConfigured || exit "$ERR_NOCONFIG"
|
|
|
gpg2 --batch --homedir "$gnupgHome" --list-public-keys --keyid-format long
|
|
|
gpg2 "${gnupgArgs[@]}" --list-public-keys --keyid-format long
|
|
|
elif [[ $command = "encrypt" ]]; then
|
|
|
gitprotectConfigured || exit "$ERR_NOCONFIG"
|
|
|
|
|
@@ -296,7 +297,7 @@ elif [[ $command = "encrypt" ]]; then
|
|
|
if [[ $key_validity != e && $key_capabilities =~ .*e.* ]]; then
|
|
|
recipients+=("-r" "$key_id")
|
|
|
fi
|
|
|
done < <(gpg2 --homedir "$gnupgHome" --list-public-keys --with-colons | grep '^sub' | awk 'BEGIN { FS = ":" } ; { print $2, $5, $12 }')
|
|
|
done < <(gpg2 "${gnupgArgs[@]}" --list-public-keys --with-colons | grep '^sub' | awk 'BEGIN { FS = ":" } ; { print $2, $5, $12 }')
|
|
|
|
|
|
# Make sure that we have at least a single recipient.
|
|
|
if [[ "${#recipients[@]}" == 0 ]]; then
|
|
@@ -316,7 +317,7 @@ elif [[ $command = "encrypt" ]]; then
|
|
|
echo "INFO: File decrypted/$filename doesn't seem to have been changed. Skipping."
|
|
|
# The file was changed, so we need to encrypt new version of it.
|
|
|
else
|
|
|
cat "$filePath" | gpg2 --trust-model always --batch --homedir "$gnupgHome" \
|
|
|
cat "$filePath" | gpg2 --trust-model always "${gnupgArgs[@]}" \
|
|
|
--armor "${recipients[@]}" --encrypt > "${filename}.gpg"
|
|
|
sha256sum "decrypted/$filename" > "decrypted/.${filename}.sha256"
|
|
|
fi
|