1inguini/pijul-encrypt: .pijul/encrypt/init.sh

encrypt files in Pijul repositry before recording using Pijul hooks.

#!/bin/sh

[ -d .pijul ] || {
  echo 'this directory does not seem to be Pijul repositry.' >&2
  false
}
. .pijul/encrypt/scripts.sh

if [ -f .encrypt.d/master_key.gpg ]; then
  echo 'pijul-encrypt already configured!'
  false
fi

recipients="$*"
[ "$recipients" ] || {
  echo 'Specify recipients fingerprints.'
  read -r recipients
}
(
  IFS=' '
  .pijul/encrypt/add-recipients.sh $recipients
)

echo 'generating master key...'
master_key=$($gpg --armor --gen-random 16 512)
echo "master key generated: $master_key"

printf %s "$master_key" | $gpg --batch --sign --encrypt \
  $(printf -- '--recipient-file\n%s\n' .encrypt.d/recipient/*.asc) \
  --output .encrypt.d/master_key.gpg

echo "Now add .pijul/encrypt/hook-record.sh to record hook.
edit .pijul/config as below:

\`\`\`
[hooks]
record = ['.pijul/encrypt/hook-record.sh']
\`\`\`
"