2 # -*- mode: python; coding: utf-8-unix; -*-
5 import argparse, errno, os, re, readline, subprocess, sys, tempfile, textwrap
8 if sys.version_info[0] == 2:
10 from tkMessageBox import *
13 def input_string (prompt=""):
14 return raw_input (prompt)
15 elif sys.version_info[0] > 2:
17 from tkinter.messagebox import *
18 from tkinter.tix import *
20 def input_string (prompt=""):
23 raise Exception ("Unsupported Python version {}".format (sys.version_info))
27 return textwrap.dedent (text).strip ()
31 return textwrap.dedent (text).lstrip ()
35 return textwrap.fill (dedented (text), width = 72)
39 return textwrap.fill (ldedented (text), width = 72)
42 def read_input_string (prompt="", default=""):
44 readline.set_startup_hook (lambda: readline.insert_text (default))
47 return input_string(prompt)
49 readline.set_startup_hook()
52 def parse_arguments ():
53 parser = argparse.ArgumentParser ()
58 version = "crypto-install.py version GIT-TAG (GIT-COMMIT/GIT-BRANCH)",
59 help = "Display version.")
63 action = "store_false",
64 help = "Disable GUI, use text mode.")
65 gnupg_group = parser.add_argument_group (
67 "Options related to the GnuPG setup.")
68 gnupg_group.add_argument (
71 action = "store_false",
72 help = "Disable GnuPG setup.")
73 gnupg_group.add_argument (
78 help = "Default directory for GnuPG files.")
79 openssh_group = parser.add_argument_group (
81 "Options related to the OpenSSH setup.")
82 openssh_group.add_argument (
85 action = "store_false",
86 help = "Disable OpenSSH setup.")
87 openssh_group.add_argument (
89 dest = "openssh_home",
92 help = "Default directory for OpenSSH files.")
93 return parser.parse_args ()
96 def ensure_directories (path, mode = 0o777):
98 os.makedirs (path, mode)
99 except OSError as exception:
100 if exception.errno != errno.EEXIST:
105 return os.getenv ("FULLNAME")
108 def default_email ():
109 return os.getenv ("EMAIL")
112 def default_comment ():
116 def default_hostname ():
117 return subprocess.check_output ("hostname").strip ()
120 def default_username ():
121 return os.getenv ("USER")
124 def valid_email (value):
125 return re.match (".+@.+", value)
128 def valid_name (value):
129 return value.strip () != ""
132 def valid_comment (value):
136 def gnupg_exists (arguments):
137 gnupg_home = os.path.expanduser (arguments.gnupg_home)
138 gnupg_secring = os.path.join (gnupg_home, "secring.gpg")
140 return os.path.exists (gnupg_secring)
143 def openssh_exists (arguments):
144 openssh_home = os.path.expanduser (arguments.openssh_home)
145 openssh_config = os.path.join (openssh_home, "config")
146 openssh_key = os.path.join (openssh_home, "id_rsa")
148 return os.path.exists (openssh_config) and os.path.exists (openssh_key)
151 # TODO: verify phrase at least once
152 # TODO: use better labels
153 def input_passphrase (arguments):
154 batch_passphrase = ldedented ("""
158 """).format (subprocess.check_output ("tty").strip (),
161 batch_env = dict (os.environ)
163 batch_passphrase += ldedented ("""
166 """).format (os.getenv ("XAUTHORITY"),
167 os.getenv ("DISPLAY"))
169 del batch_env["DISPLAY"]
171 batch_passphrase += \
172 "GET_PASSPHRASE --data --check --qualitybar X X Passphrase X\n"
174 passphrase_process = subprocess.Popen (["gpg-agent", "--server"],
175 stdin = subprocess.PIPE,
176 stdout = subprocess.PIPE,
177 stderr = subprocess.PIPE,
179 (stdout, stderr) = passphrase_process.communicate (batch_passphrase)
181 if passphrase_process.returncode != 0:
182 raise Exception ("Couldn't read passphrase.")
184 for line in stdout.splitlines ():
185 if line.startswith ("D "):
191 def gnupg_setup (arguments, name = None, email = None, comment = None):
192 gnupg_home = os.path.expanduser (arguments.gnupg_home)
193 gnupg_secring = os.path.join (gnupg_home, "secring.gpg")
195 if gnupg_exists (arguments):
196 print ("GnuPG secret keyring already exists at '{}'."
197 .format (gnupg_secring))
200 if not arguments.gui:
202 No default GnuPG key available. Please enter your information to
203 create a new key."""))
205 name = read_input_string ("What is your name (e.g. 'John Doe')? ",
208 email = read_input_string (dedented ("""
209 What is your email address (e.g. 'test@example.com')? """),
212 comment = read_input_string (dedented ("""
213 What is your comment phrase, if any (e.g. 'key for 2014')? """),
216 if not os.path.exists (gnupg_home):
217 print ("Creating GnuPG directory at '{}'.".format (gnupg_home))
218 ensure_directories (gnupg_home, 0o700)
220 with tempfile.NamedTemporaryFile () as tmp:
221 batch_key = ldedented ("""
230 """).format (name, email)
233 batch_key += "Name-Comment: {}\n".format (comment)
235 tmp.write (batch_key)
238 batch_env = dict (os.environ)
239 if not arguments.gui:
240 del batch_env["DISPLAY"]
242 gnupg_process = subprocess.Popen (["gpg2",
243 "--homedir", gnupg_home,
244 "--batch", "--gen-key", tmp.name],
246 gnupg_process.wait ()
248 if gnupg_process.returncode != 0:
249 raise Exception ("Couldn't create GnuPG key.")
252 def openssh_setup (arguments, comment = None):
253 openssh_home = os.path.expanduser (arguments.openssh_home)
254 openssh_config = os.path.join (openssh_home, "config")
256 if not os.path.exists (openssh_config):
257 print ("Creating OpenSSH directory at '{}'.".format (openssh_home))
258 ensure_directories (openssh_home, 0o700)
260 print ("Creating OpenSSH configuration at '{}'."
261 .format (openssh_config))
262 with open (openssh_config, "w") as config:
263 config.write (ldedented ("""
268 openssh_key = os.path.join (openssh_home, "id_rsa")
270 if os.path.exists (openssh_key):
271 print ("OpenSSH key already exists at '{}'.".format (openssh_key))
274 print (filled ("No OpenSSH key available. Generating new key."))
276 if not arguments.gui:
277 comment = "{}@{}".format (default_username (), default_hostname ())
278 comment = read_input_string (ldedented ("""
279 What is your comment phrase (e.g. 'user@mycomputer')? """), comment)
281 passphrase = input_passphrase (arguments)
283 # TODO: is it somehow possible to pass the password on stdin?
284 openssh_process = subprocess.Popen (["ssh-keygen",
288 openssh_process.wait ()
290 if openssh_process.returncode != 0:
291 raise Exception ("Couldn't create OpenSSH key.")
294 class CryptoInstall (Tk):
295 def __init__ (self, arguments):
298 self.arguments = arguments
300 self.resizable (width = False, height = False)
301 self.title ("Crypto Install Wizard")
303 self.create_widgets ()
305 def create_widgets (self):
306 self.balloon = Balloon (self, initwait = 250)
308 self.info_frame = Frame (self)
309 self.info_frame.pack (fill = X)
311 self.user_label = Label (self.info_frame)
312 self.user_label["text"] = "Username"
313 self.user_label.grid ()
315 self.user_var = StringVar ()
316 self.user_var.set (default_username ())
317 self.user_var.trace ("w", self.update_widgets)
319 self.user = Entry (self.info_frame, textvariable = self.user_var,
321 self.balloon.bind_widget (self.user, msg = dedented ("""
322 Username on the local machine (e.g. 'user')
324 self.user.grid (row = 0, column = 1)
326 self.host_label = Label (self.info_frame)
327 self.host_label["text"] = "Host Name"
328 self.host_label.grid ()
330 self.host_var = StringVar ()
331 self.host_var.set (default_hostname ())
332 self.host_var.trace ("w", self.update_widgets)
334 self.host = Entry (self.info_frame, textvariable = self.host_var,
336 self.balloon.bind_widget (self.host, msg = dedented ("""
337 Host name of the local machine (e.g. 'mycomputer')
339 self.host.grid (row = 1, column = 1)
341 self.name_label = Label (self.info_frame)
342 self.name_label["text"] = "Full Name"
343 self.name_label.grid ()
345 self.name_var = StringVar ()
346 self.name_var.set (default_name ())
347 self.name_var.trace ("w", self.update_widgets)
349 self.name = Entry (self.info_frame, textvariable = self.name_var)
350 self.balloon.bind_widget (self.name, msg = dedented ("""
351 Full name as it should appear in the key description (e.g. 'John Doe')
353 self.name.grid (row = 2, column = 1)
355 self.email_label = Label (self.info_frame)
356 self.email_label["text"] = "Email address"
357 self.email_label.grid ()
359 self.email_var = StringVar ()
360 self.email_var.set (default_email ())
361 self.email_var.trace ("w", self.update_widgets)
363 self.email = Entry (self.info_frame, textvariable = self.email_var)
364 self.balloon.bind_widget (self.email, msg = dedented ("""
365 Email address associated with the name (e.g. '<test@example.com>')
367 self.email.grid (row = 3, column = 1)
369 self.comment_label = Label (self.info_frame)
370 self.comment_label["text"] = "Comment phrase"
371 self.comment_label.grid ()
373 self.comment_var = StringVar ()
374 self.comment_var.set (default_comment ())
375 self.comment_var.trace ("w", self.update_widgets)
377 self.comment = Entry (self.info_frame, textvariable = self.comment_var)
378 self.balloon.bind_widget (self.comment, msg = dedented ("""
379 Comment phrase for the GnuPG key, if any (e.g. 'key for 2014')
381 self.comment.grid (row = 4, column = 1)
383 self.options_frame = Frame (self)
384 self.options_frame.pack (fill = X)
386 self.gnupg_label = Label (self.options_frame)
387 self.gnupg_label["text"] = "Generate GnuPG key"
388 self.gnupg_label.grid ()
390 self.gnupg_var = IntVar ()
391 self.gnupg_var.set (1 if self.arguments.gnupg else 0)
392 self.gnupg_var.trace ("w", self.update_widgets)
394 self.gnupg = Checkbutton (self.options_frame,
395 variable = self.gnupg_var)
396 self.gnupg.grid (row = 0, column = 1)
398 self.openssh_label = Label (self.options_frame)
399 self.openssh_label["text"] = "Generate OpenSSH key"
400 self.openssh_label.grid ()
402 self.openssh_var = IntVar ()
403 self.openssh_var.set (1 if self.arguments.openssh else 0)
404 self.openssh_var.trace ("w", self.update_widgets)
406 self.openssh = Checkbutton (self.options_frame,
407 variable = self.openssh_var)
408 self.openssh.grid (row = 1, column = 1)
410 self.button_frame = Frame (self)
411 self.button_frame.pack (fill = X)
413 self._generate = Button (self.button_frame)
414 self._generate["text"] = "Generate Keys"
415 self._generate["command"] = self.generate
416 self.balloon.bind_widget (
418 msg = "Generate the keys as configured above")
419 self._generate.pack (side = LEFT, fill = Y)
421 self._quit = Button (self.button_frame)
422 self._quit["text"] = "Quit"
423 self._quit["command"] = self.quit
424 self.balloon.bind_widget (self._quit,
425 msg = "Quit the program immediately")
426 self._quit.pack (side = LEFT)
428 self.update_widgets ()
430 def valid_state (self):
431 if not self.openssh_var.get () and not self.gnupg_var.get ():
434 if gnupg_exists (self.arguments) and openssh_exists (self.arguments):
437 if not valid_email (self.email_var.get ()):
440 if not valid_name (self.name_var.get ()):
443 if not valid_comment (self.comment_var.get ()):
448 def update_widgets (self, *args):
449 valid = self.valid_state ()
451 self._generate["state"] = NORMAL if valid else DISABLED
453 name = self.name_var.get ()
455 valid = valid_name (name)
456 self.name["fg"] = "black" if valid else "red"
457 self.name_label["fg"] = "black" if valid else "red"
459 email = self.email_var.get ()
461 valid = valid_email (email)
462 self.email["fg"] = "black" if valid else "red"
463 self.email_label["fg"] = "black" if valid else "red"
465 comment = self.comment_var.get ()
467 valid = valid_comment (comment)
468 self.comment["fg"] = "black" if valid else "red"
469 self.comment_label["fg"] = "black" if valid else "red"
471 exists = gnupg_exists (self.arguments)
472 self.gnupg["state"] = NORMAL if not exists else DISABLED
474 exists = openssh_exists (self.arguments)
475 self.openssh["state"] = NORMAL if not exists else DISABLED
478 if comment.strip () != "":
479 gnupg_key + " ({}) ".format (comment)
480 gnupg_key += "<{}>".format (email)
482 user = self.user_var.get ()
483 host = self.host_var.get ()
485 openssh_key = "{}@{}".format (user, host)
488 Generate a GnuPG key for '{}' and configure a default setup for it
489 """).format (gnupg_key)
491 self.balloon.bind_widget (self.gnupg, msg = msg)
492 self.balloon.bind_widget (self.gnupg_label, msg = msg)
495 Generate an OpenSSH key for '{}' and configure a default setup for it
496 """).format (openssh_key)
498 self.balloon.bind_widget (self.openssh, msg = msg)
499 self.balloon.bind_widget (self.openssh_label, msg = msg)
502 # TODO: capture and show stdout and stderr
503 if self.gnupg_var.get ():
504 gnupg_setup (self.arguments,
505 self.name_var.get (),
506 self.email_var.get (),
507 self.comment_var.get ())
509 if self.openssh_var.get ():
510 comment = "{}@{}".format (self.user_var.get (),
511 self.host_var.get ())
512 openssh_setup (self.arguments, comment)
514 # TODO: show summary before exiting
518 # TODO: use gtk instead? would be more consistent with the pinentry style
519 # (assuming it's using gtk)
521 app = CryptoInstall (arguments)
526 arguments = parse_arguments ()
532 gnupg_setup (arguments)
534 if arguments.openssh:
535 openssh_setup (arguments)
538 if __name__ == "__main__":
projects / crypto-install.git / blob