refactor(wpcarro/gnupg): Improve UX for gnupg/{import,export}.sh
TL;DR:
- Ensure that export.sh -> import.sh -> export.sh can round-trip without
  intermediate tools.
- Remove default values for variables like ${1}, which only seem to complicate
  things.
- Add `trap cleanup EXIT` to scripts.
- Remove noisy full-paths from `zip` (note: a more intuitive, less configurable
  `zip`, `unzip` should exist).
Change-Id: Ibbd98d1f0156639138175fcb89e9dfbd17fdae5f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4993
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
			
			
This commit is contained in:
		
							parent
							
								
									942046872d
								
							
						
					
					
						commit
						d9142b952a
					
				
					 2 changed files with 35 additions and 15 deletions
				
			
		|  | @ -1,24 +1,29 @@ | |||
| #!/usr/bin/env bash | ||||
| 
 | ||||
| set -e | ||||
| set -euo pipefail | ||||
| 
 | ||||
| # Run this script to export all the information required to transport your GPG | ||||
| # information. | ||||
| # Usage: ./export.sh [directory] | ||||
| # Usage: ./export.sh | ||||
| # TODO: run this periodically as a job. | ||||
| 
 | ||||
| destination="${1:-$(mktemp -d)}" | ||||
| output="$(pwd)/export.zip" | ||||
| destination="$(mktemp -d)" | ||||
| 
 | ||||
| if [ ! -d "${destination}" ]; then | ||||
|   echo "${destination} does not exist. Creating it..." | ||||
|   mkdir -p "${destination}" | ||||
| fi | ||||
| function cleanup() { | ||||
|   rm -rf "${destination}" | ||||
| } | ||||
| trap cleanup EXIT | ||||
| 
 | ||||
| gpg --armor --export >"${destination}/public.asc" | ||||
| gpg --armor --export-secret-keys >"${destination}/secret.asc" | ||||
| gpg --armor --export-ownertrust >"${destination}/ownertrust.txt" | ||||
| 
 | ||||
| zip -r "${destination}.zip" "${destination}" | ||||
| rm -rf "${destination}" | ||||
| # Strangely enough this appears to be the only way to create a zip of a | ||||
| # directory that doesn't contain the (noisy) full paths of each item from the | ||||
| # source filesystem. (i.e. -j doesn't cooperate with -r) | ||||
| pushd "${destination}" | ||||
| zip -r "${output}" ./* | ||||
| popd | ||||
| 
 | ||||
| echo $(realpath "${destination}.zip") | ||||
| echo "$(realpath ${output})" | ||||
|  |  | |||
|  | @ -1,13 +1,28 @@ | |||
| #!/usr/bin/env bash | ||||
| 
 | ||||
| set -e | ||||
| set -euo pipefail | ||||
| 
 | ||||
| # Run this script to import all of the information exported by `export.sh`. | ||||
| # Usage: ./import.sh path/to/directory | ||||
| # Usage: ./import.sh path/to/export.zip | ||||
| 
 | ||||
| gpg --import "$1/public.asc" | ||||
| gpg --import "$1/secret.asc" | ||||
| gpg --import-ownertrust "$1/ownertrust.txt" | ||||
| if [ -z "${1+x}" ]; then | ||||
|   echo "You must specify the path to export.zip. Exiting..." | ||||
|   exit 1 | ||||
| fi | ||||
| 
 | ||||
| destination="$(mktemp -d)" | ||||
| 
 | ||||
| function cleanup() { | ||||
|   rm -rf "${destination}" | ||||
| } | ||||
| trap cleanup EXIT | ||||
| 
 | ||||
| unzip "${1}" -d "${destination}" >/dev/null | ||||
| 
 | ||||
| gpg --import "${destination}/public.asc" | ||||
| gpg --import "${destination}/secret.asc" | ||||
| gpg --import-ownertrust "${destination}/ownertrust.txt" | ||||
| 
 | ||||
| # Run this at the end to output some verification | ||||
| gpg --list-keys | ||||
| gpg --list-secret-keys | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue