Skip to content

Instantly share code, notes, and snippets.

@laggardkernel

laggardkernel/gpg-wrapper.md

Last active July 12, 2019 13:54
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save laggardkernel/2a90d8cb4e961595fae15c98bbb78069 to your computer and use it in GitHub Desktop.
Save laggardkernel/2a90d8cb4e961595fae15c98bbb78069 to your computer and use it in GitHub Desktop.
Download ZIP
gpg wrapper/helper used for dotfiles #bash
Raw
gpg-wrapper.md 
  d_weechat:
    cmpignore:
    - '*/weechat_fifo'
    - '*/script/plugins.xml.gz'
    - '*/logs'
    dst: ~/.config/weechat
    src: .config/weechat
    trans: gpg-single "sec.conf"
    trans_write: gpg-single "sec.conf"
    # trans: gpg-weechat
    # trans_write: gpg-weechat
    upignore:
    - '*/weechat_fifo'
    - '*/script/plugins.xml.gz'
    - '*/logs'

  d_ssh:
    cmpignore:
    - '*/id_*'
    - '*_rsa'
    - '*_rsa.pub'
    - '*/known_hosts*'
    - '*/conn-github.com'
    dst: ~/.ssh
    src: .ssh
    trans: gpg-single "config"
    trans_write: gpg-single "config"
    # trans: gpg-ssh
    # trans_write: gpg-ssh
    upignore:
    - '*/id_*'
    - '*_rsa'
    - '*_rsa.pub'
    - '*/known_hosts*'
    - '*/conn-github.com'

trans_read:
  gpg: '"$HOME/.dotfiles/bin/gpg-decrypt" "{0}" "{1}"'
  gpg-single: '"{{@@ _dotrepo @@}}/bin/gpg-decrypt" "{0}" "{1}" "{2}"'
  # gpg-ssh: '"$HOME/.dotfiles/bin/gpg-decrypt" "{0}" "{1}" config'
  # gpg-weechat: '"$HOME/.dotfiles/bin/gpg-decrypt" "{0}" "{1}" sec.conf'

trans_write:
  gpg: '"$HOME/.dotfiles/bin/gpg-encrypt" "{0}" "{1}"'
  gpg-single: '"{{@@ _dotrepo @@}}/bin/gpg-encrypt" "{0}" "{1}" "{2}"'
  # gpg-ssh: '"$HOME/.dotfiles/bin/gpg-encrypt" "{0}" "{1}" config'
  # gpg-weechat: '"$HOME/.dotfiles/bin/gpg-encrypt" "{0}" "{1}" sec.conf'

# bin/gpg-encrypt
#!/usr/bin/env bash
# vim:fdm=marker:foldlevel=0:sw=2:ts=2:sts=2

set -euo pipefail
IFS=$'\n\t'

declare -a gpg_cmd
if command -v gpg2 &>/dev/null; then
  gpg_cmd=( gpg2 )
else
  gpg_cmd=( gpg )
fi

gpg_cmd=(
  ${gpg_cmd[@]}
  --no-armor
  -q
  --for-your-eyes-only
  --no-tty
  --batch
  --yes
)

set +u
if [[ -n $GPGKEY ]]; then
  gpg_cmd=(
    ${gpg_cmd[@]}
    --recipient
    "$GPGKEY"
  )
elif ! grep '^default-recipient' "${GNUPGHOME:-$HOME/.gnupg}/gpg.conf" &>/dev/null; then
  echo 'Export $GPGKEY firstly!'
  exit 1
fi
if [[ -n "$SSH_TTY" ]]; then
  if [[ -S "$(gpgconf --list-dir agent-socket)" ]]; then
    gpg_cmd=(
      ${gpg_cmd[@]}
      --use-agent
    )
  fi
fi
set -u

if [[ $# -lt 2 ]]; then
  echo "Not enough arguments"
  exit 1
elif [[ $# -eq 2 ]]; then
  shopt -s nullglob
  if [[ -d "$1" ]]; then
    mkdir -p "$2" 2>/dev/null
    for i in "$1"/*; do
      ${gpg_cmd[@]} -r $GPGKEY -o "$2/${i##*/}" -e "$i"
    done
  elif [[ -f "$1" ]]; then
    ${gpg_cmd[@]} -r $GPGKEY -o "$2" -e "$1"
  fi
else
  command rm -rf "$2" 2>/dev/null
  command cp -Rf -- "$1" "$2"
  for i in "${@:3}"; do
    ${gpg_cmd[@]} -r $GPGKEY -o "$2/$i" -e "$1/$i"
  done
fi
# bin/gpg-decrypt
#!/usr/bin/env bash
# vim:fdm=marker:foldlevel=0:sw=2:ts=2:sts=2

set -euo pipefail
IFS=$'\n\t'

declare -a gpg_cmd
if command -v gpg2 &>/dev/null; then
  gpg_cmd=( gpg2 )
else
  gpg_cmd=( gpg )
fi

gpg_cmd=(
  ${gpg_cmd[@]}
  -q
  --for-your-eyes-only
  --no-tty
  --batch
  --yes
)

set +u
# recipient is added into the encryption already
if [[ -n "$SSH_TTY" ]]; then
  if [[ -S "$(gpgconf --list-dir agent-socket)" ]]; then
    gpg_cmd=(
      ${gpg_cmd[@]}
      --use-agent
    )
  fi
fi
set -u

if [[ $# -lt 2 ]]; then
  echo "Not enough arguments"
  exit 1
elif [[ $# -eq 2 ]]; then
  shopt -s nullglob
  if [[ -d "$1" ]]; then
    mkdir -p "$2" 2>/dev/null
    for i in "$1"/*; do
      ${gpg_cmd[@]} -o "${2}/${i##*/}" -d "$i"
    done
  elif [[ -f "$1" ]]; then
    ${gpg_cmd[@]} -o "$2" -d "$1"
  fi
else
  command rm -rf "$2" 2>/dev/null
  command cp -Rf -- "$1" "$2"
  for i in "${@:3}"; do
    ${gpg_cmd[@]} -o "$2/$i" -d "$1/$i"
  done
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment