gpg: allow PIN entry before starting GPG shell

8 years ago · 75405b4944
parent e74b9c77af
commit 75405b4944
3 changed files with 16 additions and 1 deletions
--- a/scripts/gpg-shell
+++ b/scripts/gpg-shell
@ -4,4 +4,7 @@ set -eu
 export GNUPGHOME=~/.gnupg/trezor
 gpg2 --list-public-keys

+# Make sure that the device is unlocked before starting the shell
+trezor-gpg-unlock
+
 ${SHELL}
--- a/setup.py
+++ b/setup.py
@ -33,5 +33,6 @@ setup(
        'trezor-git = trezor_agent.__main__:run_git',
        'trezor-gpg-create = trezor_agent.gpg.__main__:main_create',
        'trezor-gpg-agent = trezor_agent.gpg.__main__:main_agent',
+        'trezor-gpg-unlock = trezor_agent.gpg.__main__:auto_unlock',
    ]},
 )
--- a/trezor_agent/gpg/main.py
+++ b/trezor_agent/gpg/main.py
@ -11,7 +11,7 @@ import time
 import semver

 from . import agent, decode, client, encode, keyring, protocol
-from .. import formats, server, util
+from .. import device, formats, server, util

 log = logging.getLogger(__name__)

@ -114,3 +114,14 @@ def main_agent():
                    agent.handle_connection(conn)
                except Exception as e:  # pylint: disable=broad-except
                    log.exception('gpg-agent failed: %s', e)
+
+
+def auto_unlock():
+    """Automatically unlock first found device (used for `gpg-shell`)."""
+    p = argparse.ArgumentParser()
+    p.add_argument('-v', '--verbose', default=0, action='count')
+
+    args = p.parse_args()
+    util.setup_logging(verbosity=args.verbose)
+    d = device.detect(identity_str='', curve_name='')
+    log.info('unlocked %s device', d)