add init command

bin/main.ml

@@ -701,6 +701,52 @@ Checking for validity of own secrets. Use -v flag to break down per secret
     Cmd.v info term
 end
 
+module Init = struct
+  let init () =
+    try%lwt
+      (* create private and pub key, ask for user's name *)
+      let%lwt () =
+        Lwt_io.printl
+          {|
+Welcome to passage initial setup.
+
+Passage will now create the default dirs for secrets and recipients keys.
+A recipient identity will also be added, as well as an empty group file for root users.
+
+The layout will be:
+~/.config/passage
+├── identity.key
+├── keys
+│   └── root.group
+│   └── <user_name>.pub
+└── secrets
+
+The location of these can be overriden using environment variables. Please check `passage --help` for details.
+
+What should be the name used for your recipient identity?|}
+      in
+      let%lwt user_name = Prompt.read_input_from_stdin () in
+      let user_name =
+        String.trim user_name
+        |> ExtString.String.replace_chars (fun c ->
+               match c with
+               | ' ' -> "_"
+               | '\n' -> ""
+               | c -> Char.escaped c)
+      in
+      let%lwt () = Shell.age_generate_identity_key_root_group_exn user_name in
+      Lwt_io.printlf "\nPassage setup completed. "
+    with exn ->
+      (* Error out and delete everything, so we can start fresh next time *)
+      FileUtil.rm ~recurse:true [ Config.base_dir ];
+      Lwt_io.printlf "E: Passage init failed. Please try again. Error:\n\n%s" (Printexc.to_string exn)
+
+  let init =
+    let doc = "initial setup of passage" in
+    let info = Cmd.info "init" ~doc in
+    let term = main_run Term.(const init $ const ()) in
+    Cmd.v info term
+end
 module List_ = struct
   let list_secrets path =
     let raw_path = show_path path in
@@ -1248,6 +1294,7 @@ let () =
       Edit_who.edit_who;
       Get.get;
       Healthcheck.healthcheck;
+      Init.init;
       List_.list;
       List_.ls;
       New.new_;

lib/shell.ml

@@ -60,6 +60,21 @@ let die ?exn fmt =
       exit 1)
     stderr fmt
 
+let age_generate_identity_key_root_group_exn id_name =
+  (* create dirs *)
+  let keys_dir = Filename.concat Config.base_dir "keys" in
+  let secrets_dir = Filename.concat Config.base_dir "secrets" in
+  FileUtil.mkdir ~parent:true Config.base_dir;
+  FileUtil.mkdir ~parent:true keys_dir;
+  FileUtil.mkdir ~parent:true secrets_dir;
+  (* create empty root group file *)
+  let root_group_file = Filename.concat keys_dir "root.group" in
+  FileUtil.touch root_group_file;
+  (* create identity file and pub key *)
+  let identity_file = Filename.concat Config.base_dir "identity.key" in
+  let%lwt () = exec "age-keygen -o %s" identity_file in
+  exec "age-keygen -y %s >> %s/%s.%s" identity_file keys_dir id_name "pub"
+
 let age_get_recipient_key_from_identity_file identity_file = pread_line_sh_cmd "age-keygen -y %s" (quote identity_file)
 
 let age_encrypt ~stdin ~stdout recipient_keys =

lib/shell.mli

@@ -10,6 +10,8 @@ val kill_processes : string -> unit Lwt.t
 
 val die : ?exn:exn -> ('a, out_channel, unit, 'b) format4 -> 'a
 
+val age_generate_identity_key_root_group_exn : string -> unit Lwt.t
+
 val age_get_recipient_key_from_identity_file : string -> string Lwt.t
 
 val age_encrypt : stdin:Lwt_process.redirection -> stdout:Lwt_process.redirection -> string list -> unit Lwt.t