Use passphrase at import-keys

diff --git a/share/hydra/import-keys b/share/hydra/import-keys
index fe026b62a9912e0e69c35bb2bdc85fa734f464e6..b5953cb68edba785b04707fb3e930966a82b2874 100755 (executable)
--- a/share/hydra/import-keys
+++ b/share/hydra/import-keys
@@ -24,6 +24,7 @@ hydra_config_load
 function hydra_import_keys_openpgp {
   key="$(keyringer $HYDRA decrypt nodes/$hostname/gpg/key 2> /dev/null | sed -ne '1,$p')"
   pubkey="$(keyringer $HYDRA decrypt nodes/$hostname/gpg/key.pub 2> /dev/null | sed -ne '1,$p')"
+  passphrase="$(keyringer $HYDRA decrypt nodes/$hostname/gpg/key.passwd 2> /dev/null)"
   key_id="$(echo "$pubkey" | gpg --with-colons | grep pub | cut -d : -f 5)"
 
   if [ -z "$key" ]; then
@@ -39,7 +40,7 @@ function hydra_import_keys_openpgp {
     echo "Importing gpg key to $node..."
     echo "-----------------------------"
     echo ""
-    echo "$key" | sudo gpg --homedir /root/.gnupg --import
+    echo -e "${passphrase}\n${key}" | sudo gpg --passphrase-fd 0 --no-tty --homedir /root/.gnupg --import
 
     echo ""
     echo "Trusting key $key_id at $node..."
@@ -58,7 +59,7 @@ EOF
     echo "Importing gpg key to $node..."
     echo "-----------------------------"
     echo ""
-    echo "$key" | sudo gpg --homedir /root/.gnupg --import
+    echo -e "${passphrase}\n${key}" | sudo gpg --passphrase-fd 0 --no-tty --homedir /root/.gnupg --import
 
     echo ""
     echo "Trusting key $key_id at $node..."