gpg: improve shell helper scripts

- explicit trust configuration - less debug prints
8 years ago · 75fe7b4e05
parent 742136b22d
commit 75fe7b4e05
2 changed files with 9 additions and 4 deletions
--- a/scripts/gpg-init
+++ b/scripts/gpg-init
@ -1,5 +1,5 @@
 #!/bin/bash
-set -eux
+set -eu

 USER_ID="${1}"
 HOMEDIR=~/.gnupg/trezor
@ -11,6 +11,11 @@ chmod 700 "${HOMEDIR}"

 trezor-gpg -v create "${USER_ID}" -e "${CURVE}" > "${HOMEDIR}/pubkey.asc"
 gpg2 --homedir "${HOMEDIR}" --import < "${HOMEDIR}/pubkey.asc"
-gpg2 --homedir "${HOMEDIR}" --edit-key "${USER_ID}" trust

-$(dirname $0)/gpg-shell
+# Mark new key as trusted in gpg.conf
+FINGERPRINT=$(gpg2 --homedir "${HOMEDIR}" --list-public-keys --with-colons | sed --quiet --regexp-extended 's/^fpr:::::::::([0-9A-F]+):$/\1/p' | head -n1)
+KEY_ID="0x${FINGERPRINT:(-16)}"  # take last 8 bytes of the fingerprint
+echo "Marking ${KEY_ID} as trusted..."
+echo "trusted-key ${KEY_ID}" > "${HOMEDIR}/gpg.conf"
+
+$(dirname $0)/gpg-shell
--- a/scripts/gpg-shell
+++ b/scripts/gpg-shell
@ -2,7 +2,7 @@
 set -eu

 export GNUPGHOME=~/.gnupg/trezor
-gpg2 -k --with-keygrip
+gpg2 --list-public-keys --with-keygrip

 killall -q trezor-gpg || true
 trezor-gpg agent &