From d9142b952ad42a2c42a6e34b8f4a763acfcb5295 Mon Sep 17 00:00:00 2001 From: William Carroll Date: Tue, 11 Jan 2022 11:13:32 -0800 Subject: refactor(wpcarro/gnupg): Improve UX for gnupg/{import,export}.sh TL;DR: - Ensure that export.sh -> import.sh -> export.sh can round-trip without intermediate tools. - Remove default values for variables like ${1}, which only seem to complicate things. - Add `trap cleanup EXIT` to scripts. - Remove noisy full-paths from `zip` (note: a more intuitive, less configurable `zip`, `unzip` should exist). Change-Id: Ibbd98d1f0156639138175fcb89e9dfbd17fdae5f Reviewed-on: https://cl.tvl.fyi/c/depot/+/4993 Tested-by: BuildkiteCI Reviewed-by: wpcarro --- users/wpcarro/configs/.gnupg/export.sh | 25 +++++++++++++++---------- users/wpcarro/configs/.gnupg/import.sh | 25 ++++++++++++++++++++----- 2 files changed, 35 insertions(+), 15 deletions(-) (limited to 'users/wpcarro/configs/.gnupg') diff --git a/users/wpcarro/configs/.gnupg/export.sh b/users/wpcarro/configs/.gnupg/export.sh index bb047e9e3b91..31def2beb179 100755 --- a/users/wpcarro/configs/.gnupg/export.sh +++ b/users/wpcarro/configs/.gnupg/export.sh @@ -1,24 +1,29 @@ #!/usr/bin/env bash -set -e +set -euo pipefail # Run this script to export all the information required to transport your GPG # information. -# Usage: ./export.sh [directory] +# Usage: ./export.sh # TODO: run this periodically as a job. -destination="${1:-$(mktemp -d)}" +output="$(pwd)/export.zip" +destination="$(mktemp -d)" -if [ ! -d "${destination}" ]; then - echo "${destination} does not exist. Creating it..." - mkdir -p "${destination}" -fi +function cleanup() { + rm -rf "${destination}" +} +trap cleanup EXIT gpg --armor --export >"${destination}/public.asc" gpg --armor --export-secret-keys >"${destination}/secret.asc" gpg --armor --export-ownertrust >"${destination}/ownertrust.txt" -zip -r "${destination}.zip" "${destination}" -rm -rf "${destination}" +# Strangely enough this appears to be the only way to create a zip of a +# directory that doesn't contain the (noisy) full paths of each item from the +# source filesystem. (i.e. -j doesn't cooperate with -r) +pushd "${destination}" +zip -r "${output}" ./* +popd -echo $(realpath "${destination}.zip") +echo "$(realpath ${output})" diff --git a/users/wpcarro/configs/.gnupg/import.sh b/users/wpcarro/configs/.gnupg/import.sh index e698aa3d2bd2..bb449267ce5e 100755 --- a/users/wpcarro/configs/.gnupg/import.sh +++ b/users/wpcarro/configs/.gnupg/import.sh @@ -1,13 +1,28 @@ #!/usr/bin/env bash -set -e +set -euo pipefail # Run this script to import all of the information exported by `export.sh`. -# Usage: ./import.sh path/to/directory +# Usage: ./import.sh path/to/export.zip -gpg --import "$1/public.asc" -gpg --import "$1/secret.asc" -gpg --import-ownertrust "$1/ownertrust.txt" +if [ -z "${1+x}" ]; then + echo "You must specify the path to export.zip. Exiting..." + exit 1 +fi + +destination="$(mktemp -d)" + +function cleanup() { + rm -rf "${destination}" +} +trap cleanup EXIT + +unzip "${1}" -d "${destination}" >/dev/null + +gpg --import "${destination}/public.asc" +gpg --import "${destination}/secret.asc" +gpg --import-ownertrust "${destination}/ownertrust.txt" # Run this at the end to output some verification gpg --list-keys +gpg --list-secret-keys -- cgit 1.4.1