gpg/install.sh

   1 #!/bin/bash
   2
   3 set -e
   4 set -u
   5
   6 function _install_gpg() {
   7     if ! (uname -a | grep -i "darwin" > /dev/null); then
   8         echo "No gpg installer for Linux yet. Try this instead:"
   9         echo "    sudo apt install -y gpg gnupg"
  10         exit 1
  11     fi
  12
  13     # Download the latest LTS
  14     #curl -fsSL -o ~/Downloads/webi/GnuPG-2.2.32.dmg 'https://sourceforge.net/projects/gpgosx/files/GnuPG-2.2.32.dmg/download'
  15     webi_download
  16     chmod a-w "${WEBI_PKG_DOWNLOAD}"
  17
  18     # Mount the DMG in /Volumes
  19     hdiutil detach -quiet /Volumes/GnuPG* 2> /dev/null || true
  20     hdiutil attach -quiet -readonly "${WEBI_PKG_DOWNLOAD}"
  21
  22     # Extract (completely) to ~/Downloads/webi/GnuGP-VERSION.d
  23     # (and detach the DMG)
  24     rm -rf ~/Downloads/webi/GnuPG-"${WEBI_VERSION}".d
  25     pkgutil --expand-full /Volumes/GnuPG*/*.pkg ~/Downloads/webi/GnuPG-"${WEBI_VERSION}".d
  26     hdiutil detach -quiet /Volumes/GnuPG*
  27
  28     # Move to ~/.local/opt/gnugp (where it belongs!)
  29     if [[ ! -e ~/.local/opt/gnupg-"${WEBI_VERSION}" ]]; then
  30         mv ~/Downloads/webi/GnuPG-"${WEBI_VERSION}".d/GnuPG.pkg/Payload/ ~/.local/opt/gnupg-"${WEBI_VERSION}"
  31     fi
  32
  33     # Update symlink to latest
  34     rm -rf ~/.local/opt/gnupg
  35     ln -s gnupg-"${WEBI_VERSION}" ~/.local/opt/gnupg
  36
  37     pathman add ~/.local/opt/gnupg/bin
  38     export PATH="$HOME/.local/opt/gnupg/bin:$PATH"
  39     export PATH="$HOME/.local/opt/gnupg/bin/pinentry-mac.app/Contents/MacOS:$PATH"
  40
  41     # Prep for first use
  42     mkdir -p ~/.gnupg/
  43     chmod 0700 ~/.gnupg/
  44     if [[ ! -e ~/.gnupg/gpg-agent.conf ]] || ! grep 'pinentry-program' ~/.gnupg/gpg-agent.conf; then
  45         echo "pinentry-program $HOME/.local/opt/gnupg/bin/pinentry-mac.app/Contents/MacOS/pinentry-mac" >> ~/.gnupg/gpg-agent.conf
  46     fi
  47
  48     # Start with launchd
  49     mkdir -p ~/Library/LaunchAgents/
  50     launchctl unload -w ~/Library/LaunchAgents/gpg-agent.plist 2> /dev/null || true
  51     # TODO download and use sed to replace
  52     echo '<?xml version="1.0" encoding="UTF-8"?>
  53 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
  54 <plist version="1.0">
  55 <dict>
  56         <key>Label</key>
  57         <string>gpg-agent</string>
  58         <key>ProgramArguments</key>
  59         <array>
  60                 <string>'"${HOME}"'/.local/opt/gnupg/bin/gpg-connect-agent</string>
  61                 <string>--agent-program</string>
  62                 <string>'"${HOME}"'/.local/opt/gnupg/bin/gpg-agent</string>
  63                 <string>--homedir</string>
  64                 <string>'"${HOME}"'/.gnupg/</string>
  65                 <string>/bye</string>
  66         </array>
  67
  68         <key>RunAtLoad</key>
  69         <true/>
  70
  71         <key>WorkingDirectory</key>
  72         <string>'"${HOME}"'</string>
  73
  74         <key>StandardErrorPath</key>
  75         <string>'"${HOME}"'/.local/share/gpg-agent/var/log/gpg-agent.log</string>
  76         <key>StandardOutPath</key>
  77         <string>'"${HOME}"'/.local/share/gpg-agent/var/log/gpg-agent.log</string>
  78 </dict>
  79 </plist>' > ~/Library/LaunchAgents/gpg-agent.plist
  80     launchctl load -w ~/Library/LaunchAgents/gpg-agent.plist
  81     sleep 3
  82     ~/.local/opt/gnupg/bin/gpg-connect-agent \
  83         --agent-program ~/.local/opt/gnupg/bin/gpg-agent \
  84         --homedir ~/.gnupg/ \
  85         /bye
  86
  87     # (maybe) Create first key
  88     if ! gpg --list-secret-keys | grep -q sec; then
  89         _create_gpg_key
  90     fi
  91 }
  92
  93 function _create_gpg_key() {
  94     if [[ ! -e ~/.gitconfig ]]; then
  95         return 0
  96     fi
  97
  98     #grep 'name\s*=' ~/.gitconfig | head -n 1 | cut -d'=' -f2 | sed -e 's/^[\t ]*//'
  99     MY_NAME="$(git config --global user.name)"
 100     if [[ -z ${MY_NAME} ]]; then
 101         return 0
 102     fi
 103
 104     # grep 'email\s*=.*@' ~/.gitconfig | tr -d '\t ' | head -n 1 | cut -d'=' -f2
 105     MY_EMAIL="$(git config --global user.email)"
 106     if [[ -z ${MY_EMAIL} ]]; then
 107         return 0
 108     fi
 109
 110     MY_HOST="$(hostname)"
 111
 112     # Without passphrase:
 113     #gpg --batch --generate-key --pinentry=loopback --passphrase=''
 114
 115     # With passphrase via macOS Keychain
 116     gpg --batch --yes --generate-key << EOF
 117      %echo Generating RSA 3072 key
 118      Key-Type: RSA
 119      Key-Length: 3072
 120      Subkey-Type: RSA
 121      Subkey-Length: 3072
 122      Name-Real: ${MY_NAME}
 123      Name-Comment: ${MY_HOST}
 124      Name-Email: ${MY_EMAIL}
 125      Expire-Date: 0
 126      %commit
 127 EOF
 128
 129 }
 130
 131 _install_gpg