#!/bin/sh -eu
+# SYNTAX:
+# DESCRIPTION: envoie sur $local_fqdn la clef OpenPGP utilisée par duplicity(1).
tool=$(readlink -e "${0%/*}/..")
. "$tool"/remote/lib.sh
-PATH=/usr/lib/gnupg2:"$PATH"
+uid=backup+"$local_hostname"@"$local_domainname"
+trap_exit () {
+ "$tool"/remote/gpg-preset-passphrase --forget "$uid"
+ }
+trap trap_exit EXIT
+"$tool"/remote/gpg-preset-passphrase --preset "$uid"
-IFS= read -r pass <<-EOF
- $(gpg --decrypt "$tool"/var/sec/openpgp/backup+"$local_hostname"@"$local_domainname".pass.gpg)
- EOF
-for fpr in $(remote/gpg --list-secret-keys --with-colons --with-fingerprint --with-fingerprint \
- -- "backup+$local_hostname@$local_domainname" | grep '^fpr:' | cut -d : -f 10)
- do gpg-preset-passphrase --preset -v $fpr <<-EOF
- $pass
- EOF
- done
-
-"$tool"/remote/gpg --export-options export-reset-subkey-passwd \
- --export-secret-subkeys "backup+$local_hostname@$local_domainname" |
-"$tool"/remote/ssh backup@$local_fqdn gpg --import -
+"$tool"/remote/gpg \
+ --export-options export-reset-subkey-passwd \
+ --export-secret-subkeys "$uid" |
+"$tool"/remote/ssh backup@"$local_fqdn" gpg --import -