1inguini/pijul-encrypt: .pijul/encrypt/add-recipients.sh

encrypt files in Pijul repositry before recording using Pijul hooks.

#!/bin/sh

[ -d .pijul ] || {
  echo 'this directory does not seem to be Pijul repositry.' >&2
  false
}
. .pijul/encrypt/scripts.sh

[ "$*" ] || {
  echo 'Please supply the recipients fingerprints as arguments.' >&2
  false
}

mkdir -p .encrypt.d/recipient/
for recipient in "$@"; do
  gpg --armor --export "$recipient" >".encrypt.d/recipient/$recipient.asc"
done

if [ -f .encrypt.d/master_key.gpg ]; then
  echo 're-encrypting master key...'
  $gpg --decrypt .encrypt.d/master_key.gpg |
    $gpg --batch --sign --encrypt \
      $(printf -- "--recipient-file$IFS%s$IFS" .encrypt.d/recipient/*.asc) \
      --output .encrypt.d/master_key.gpg.tmp
  mv .encrypt.d/master_key.gpg.tmp .encrypt.d/master_key.gpg
  echo 'done'
fi