diff --git a/.local/bin/homeinit b/.local/bin/homeinit index ac6b098f..8ee4fc9f 100755 --- a/.local/bin/homeinit +++ b/.local/bin/homeinit @@ -1,7 +1,5 @@ #!/bin/sh -# TODO: Test if TTY and set pinentry appropriately without clobbering -# ~/.gnupg/gpg-agent.conf # TODO: Run guix pull if OPT_UPDATE and if guix chekout is more than some days old, as specified by an environment variable. # TODO: Guix pull on commit specified in package-lists/guix-version? @@ -92,7 +90,7 @@ section "Initial packages" if inpath guix; then ## REVIEW: Should openssh be an input of Git? Mail sent to guix-devel. mkdir "$(dirname "$PROFILE")" - guix package --profile="$PROFILE" --install openssh gnupg git stow password-store + guix package --profile="$PROFILE" --install openssh gnupg git stow password-store pinentry-tty source "$PROFILE"/etc/profile elif inpath pacman; then sudo pacman --noconfirm -S --needed openssh gnupg git stow password-store @@ -102,9 +100,26 @@ section "GPG" if [ -d ~/.gnupg ]; then ROOT=$SSH_ROOT ## Set up gpg-agent to authenticate to SSH_ROOT. - chmod go-rwx ~/.gnupg ~/.gnupg/* + chmod -R go-rwx ~/.gnupg export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) - guix package -i pinentry-tty + if [ "$GPG_TTY" != "not a tty" ]; then + ## If a TTY, since our ~/.gnupg/gpg-agent.conf exists and specifies a + ## pinentry, we must force the TTY version or else it won't work from a TTY. + gpgconf --kill gpg-agent + cat<"$(dirname "$PROFILE")/gpg-agent.conf" +## 1-day timeout +default-cache-ttl 86400 +max-cache-ttl 86400 +## SSH +enable-ssh-support +default-cache-ttl-ssh 86400 +max-cache-ttl-ssh 86400 +## Force pinentry (should be pinentry-tty) +pinentry-program $(readlink -f $(which pinentry)) +EOF + gpg-agent --home-dir ~/.gnupg --use-standard-socket -daemon --options "$(dirname "$PROFILE")/gpg-agent.conf" + fi + ## Start gpg-agent manually since SSH requests do not do it automatically. gpg-connect-agent updatestartuptty /bye if [ -e "$SOURCEDIR" ]; then @@ -136,7 +151,7 @@ else git clone ${ROOT}Ambrevar/dotfiles fi pushd ~/dotfiles -## .bash_profile may prevent .profile from being parsed, so we remove it. +## .bash_profile may prevent .profile from being parsed, so we move it. [ -e ~/.bash_profile ] && mv -v ~/.bash_profile ~/.bash_profile.old stow -v . || exit 1 popd