From 0a954752d9c544aa726b039f8e69ce71a7cbc360 Mon Sep 17 00:00:00 2001 From: Tom Mast Date: Thu, 25 Sep 2014 15:19:49 -0500 Subject: [PATCH 1/3] blackbox: Update README, add --homedir to encryption step in _blackbox_common --- README.md | 2 +- bin/_blackbox_common.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index b6606ff..524acc0 100644 --- a/README.md +++ b/README.md @@ -475,7 +475,7 @@ Back on SECUREHOST, add the new email address to keyrings/live/blackbox-admins.t ``` cd /path/to/the/repo -blackbox_addadmin $KEYNAME +blackbox_addadmin $KEYNAME /tmp/NEWMASTER ``` Verify that secring.gpg is a zero-length file. If it isn't, you have diff --git a/bin/_blackbox_common.sh b/bin/_blackbox_common.sh index af77c88..824065a 100755 --- a/bin/_blackbox_common.sh +++ b/bin/_blackbox_common.sh @@ -144,7 +144,7 @@ function encrypt_file() { encrypted="$2" echo "========== Encrypting: $unencrypted" - gpg --yes --trust-model=always --encrypt -o "$encrypted" $(awk '{ print "-r" $1 }' < "$BB_ADMINS") "$unencrypted" + gpg --yes --trust-model=always --homedir keyrings/live/ --encrypt -o "$encrypted" $(awk '{ print "-r" $1 }' < "$BB_ADMINS") "$unencrypted" echo '========== Encrypting: DONE' } From be821148a957a4ae6ebe65f81663f7d0197d5893 Mon Sep 17 00:00:00 2001 From: Tom Mast Date: Thu, 25 Sep 2014 15:31:05 -0500 Subject: [PATCH 2/3] blackbox: Removed homedir and updated README to add step to import pubring --- README.md | 1 + bin/_blackbox_common.sh | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 524acc0..c526ab5 100644 --- a/README.md +++ b/README.md @@ -496,6 +496,7 @@ git commit -m"Adding key for KEYNAME" pubring.gpg trustdb.gpg blackbox-admins.tx Regenerate all encrypted files with the new key: ``` +gpg --import keyrings/live/pubring.gpg blackbox_update_all_files git status git commit -m"updated encryption" -a diff --git a/bin/_blackbox_common.sh b/bin/_blackbox_common.sh index 824065a..af77c88 100755 --- a/bin/_blackbox_common.sh +++ b/bin/_blackbox_common.sh @@ -144,7 +144,7 @@ function encrypt_file() { encrypted="$2" echo "========== Encrypting: $unencrypted" - gpg --yes --trust-model=always --homedir keyrings/live/ --encrypt -o "$encrypted" $(awk '{ print "-r" $1 }' < "$BB_ADMINS") "$unencrypted" + gpg --yes --trust-model=always --encrypt -o "$encrypted" $(awk '{ print "-r" $1 }' < "$BB_ADMINS") "$unencrypted" echo '========== Encrypting: DONE' } From 0361dc39c5a4de01fda05dd026c2573ed55cf016 Mon Sep 17 00:00:00 2001 From: Tom Mast Date: Thu, 25 Sep 2014 15:35:45 -0500 Subject: [PATCH 3/3] blackbox: Removed the manual gpg --import step from README, added prepare_keychain to blackbox_update_all_files --- README.md | 1 - bin/blackbox_update_all_files | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c526ab5..524acc0 100644 --- a/README.md +++ b/README.md @@ -496,7 +496,6 @@ git commit -m"Adding key for KEYNAME" pubring.gpg trustdb.gpg blackbox-admins.tx Regenerate all encrypted files with the new key: ``` -gpg --import keyrings/live/pubring.gpg blackbox_update_all_files git status git commit -m"updated encryption" -a diff --git a/bin/blackbox_update_all_files b/bin/blackbox_update_all_files index eb9ac86..4e7644d 100755 --- a/bin/blackbox_update_all_files +++ b/bin/blackbox_update_all_files @@ -15,6 +15,7 @@ if [[ -z $GPG_AGENT_INFO ]]; then fi disclose_admins +prepare_keychain echo '========== ENCRYPTED FILES TO BE RE-ENCRYPTED:' awk <"$BB_FILES" '{ print " " $1 ".gpg" }'