remote/gpg-preset-passphrase

   1 #!/bin/sh -eu
   2 # SYNTAX: [--forget|--preset] $uid_email [...]
   3 # DESCRIPTION: encapsuleur de gpg-preset-passphrase(1) facilitant son usage.
   4 # XXX: il faut que gpg-agent(1) soit configuré avec allow-preset-passphrase.
   5 tool=$(readlink -e "${0%/*}/..")
   6 . "$tool"/remote/lib.sh
   7
   8 if ! grep -Fqx allow-preset-passphrase $HOME/.gnupg/gpg-agent.conf &&
   9  ! pgrep -fx >/dev/null '.*gpg-agent .*--allow-preset-passphrase.*'
  10  then
  11         cat >&2 <<-EOF
  12                 ${tput_rev-}WARNING${tput_sgr0-}: you MUST configure gpg-agent(1) with allow-preset-passphrase.
  13                 EOF
  14         #exit 1
  15  fi
  16
  17 command=$1; shift
  18 PATH="$PATH$(find /usr/lib/ -mindepth 2 -maxdepth 3 -type f -executable -name gpg-preset-passphrase -printf ':%h')"
  19 for uid in "$@"
  20  do
  21         pass_file="$tool"/var/sec/openpgp/"$uid".pass.gpg
  22         test -e "$pass_file"
  23
  24         IFS= read -r pass <<-EOF
  25                 $(gpg --decrypt "$pass_file")
  26                 EOF
  27         for fpr in $("$tool"/remote/gpg --list-secret-keys \
  28          --with-colons --with-fingerprint --with-fingerprint \
  29          -- "$@" | grep '^fpr:' | cut -d : -f 10)
  30          do gpg-preset-passphrase $command ${TRACE:+--verbose} $fpr <<-EOF
  31                 $pass
  32                 EOF
  33          done
  34  done