gpg/install.sh

   1 #!/bin/bash
   2
   3 set -e
   4 set -u
   5
   6 function _install_gpg() {
   7     if ! (uname -a | grep -i "darwin" > /dev/null); then
   8         echo "No gpg installer for Linux yet. Try this instead:"
   9         echo "    sudo apt install -y gpg gnupg"
  10         exit 1
  11     fi
  12
  13     # Download the latest LTS
  14     #curl -fsSL -o ~/Downloads/GnuPG-2.2.32.dmg 'https://sourceforge.net/projects/gpgosx/files/GnuPG-2.2.32.dmg/download'
  15     webi_download
  16     chmod a-w "${WEBI_PKG_DOWNLOAD}"
  17
  18     # Mount the DMG in /Volumes
  19     hdiutil detach -quiet /Volumes/GnuPG* 2> /dev/null || true
  20     hdiutil attach -quiet -readonly "${WEBI_PKG_DOWNLOAD}"
  21
  22     # Extract (completely) to ~/Downloads/GnuGP-VERSION.d
  23     # (and detach the DMG)
  24     rm -rf ~/Downloads/GnuPG-"${WEBI_VERSION}".d
  25     pkgutil --expand-full /Volumes/GnuPG*/*.pkg ~/Downloads/GnuPG-"${WEBI_VERSION}".d
  26     hdiutil detach -quiet /Volumes/GnuPG*
  27
  28     # Move to ~/.local/opt/gnugp (where it belongs!)
  29     if [[ ! -e ~/.local/opt/gnupg-"${WEBI_VERSION}" ]]; then
  30         mv ~/Downloads/GnuPG-"${WEBI_VERSION}".d/GnuPG.pkg/Payload/ ~/.local/opt/gnupg-"${WEBI_VERSION}"
  31     fi
  32
  33     # Update symlink to latest
  34     rm -rf ~/.local/opt/gnupg
  35     ln -s gnupg-"${WEBI_VERSION}" ~/.local/opt/gnupg
  36
  37     pathman add ~/.local/opt/gnupg/bin
  38     export PATH="$HOME/.local/opt/gnupg/bin/:$PATH"
  39
  40     # Prep for first use
  41     mkdir -p ~/.gnupg/
  42     chmod 0700 ~/.gnupg/
  43     if [[ ! -e ~/.gnupg/gpg-agent.conf ]] || ! grep 'pinentry-program' ~/.gnupg/gpg-agent.conf; then
  44         echo "pinentry-program $HOME/.local/opt/gnupg/bin/pinentry-mac.app/Contents/MacOS/pinentry-mac" >> ~/.gnupg/gpg-agent.conf
  45     fi
  46
  47     # Start with launchd
  48     mkdir -p ~/Library/LaunchAgents/
  49     launchctl unload -w ~/Library/LaunchAgents/gpg-agent.plist 2> /dev/null || true
  50     # TODO download and use sed to replace
  51     echo '<?xml version="1.0" encoding="UTF-8"?>
  52 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
  53 <plist version="1.0">
  54 <dict>
  55         <key>Label</key>
  56         <string>gpg-agent</string>
  57         <key>ProgramArguments</key>
  58         <array>
  59                 <string>'"${HOME}"'/.local/opt/gpg/bin/gpg-connect-agent</string>
  60                 <string>--agent-program</string>
  61                 <string>'"${HOME}"'/.local/opt/gnupg/bin/gpg-agent</string>
  62                 <string>--homedir</string>
  63                 <string>'"${HOME}"'/.gnupg/</string>
  64                 <string>/bye</string>
  65         </array>
  66
  67         <key>RunAtLoad</key>
  68         <true/>
  69
  70         <key>WorkingDirectory</key>
  71         <string>'"${HOME}"'</string>
  72
  73         <key>StandardErrorPath</key>
  74         <string>'"${HOME}"'/.local/share/gpg-agent/var/log/gpg-agent.log</string>
  75         <key>StandardOutPath</key>
  76         <string>'"${HOME}"'/.local/share/gpg-agent/var/log/gpg-agent.log</string>
  77 </dict>
  78 </plist>' > ~/Library/LaunchAgents/gpg-agent.plist
  79     launchctl load -w ~/Library/LaunchAgents/gpg-agent.plist
  80     sleep 3
  81
  82     # (maybe) Create first key
  83     if ! gpg --list-secret-keys | grep -q sec; then
  84         _create_gpg_key
  85     fi
  86 }
  87
  88 function _create_gpg_key() {
  89     if [[ ! -e ~/.gitconfig ]]; then
  90         return 0
  91     fi
  92
  93     MY_NAME="$(
  94         grep 'name\s*=' ~/.gitconfig |
  95             head -n 1 |
  96             cut -d'=' -f2 |
  97             sed -e 's/^[\t ]*//'
  98     )"
  99     if [[ -z ${MY_NAME} ]]; then
 100         return 0
 101     fi
 102
 103     MY_EMAIL="$(
 104         grep 'email\s*=.*@' ~/.gitconfig |
 105             tr -d '\t ' | head -n 1 |
 106             cut -d'=' -f2
 107     )"
 108     if [[ -z ${MY_EMAIL} ]]; then
 109         return 0
 110     fi
 111
 112     MY_HOST="$(hostname)"
 113
 114     # Without passphrase:
 115     #gpg --batch --generate-key --pinentry=loopback --passphrase=''
 116
 117     # With passphrase via macOS Keychain
 118     gpg --batch --yes --generate-key << EOF
 119      %echo Generating RSA 3072 key
 120      Key-Type: RSA
 121      Key-Length: 3072
 122      Subkey-Type: RSA
 123      Subkey-Length: 3072
 124      Name-Real: ${MY_NAME}
 125      Name-Comment: ${MY_HOST}
 126      Name-Email: ${MY_EMAIL}
 127      Expire-Date: 0
 128      %commit
 129 EOF
 130
 131 }
 132
 133 _install_gpg