From d1f2f9dc23e67031a0f33179de49fabe4749eb20 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sat, 2 Mar 2019 11:48:24 +0100 Subject: Readding key command. Signed-off-by: Daniel Baumann --- lib/container/key | 152 ++++++++++++++++++++++++++++++++++++++++ share/bash-completion/container | 6 ++ share/man/container-key.1.txt | 86 +++++++++++++++++++++++ share/man/container.1.txt | 3 + 4 files changed, 247 insertions(+) create mode 100755 lib/container/key create mode 100644 share/man/container-key.1.txt diff --git a/lib/container/key b/lib/container/key new file mode 100755 index 0000000..1b59555 --- /dev/null +++ b/lib/container/key @@ -0,0 +1,152 @@ +#!/bin/sh + +# Copyright (C) 2014-2019 Daniel Baumann +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +set -e + +PROJECT="open-infrastructure" +PROGRAM="container" +COMMAND="$(basename ${0})" + +KEYS="/etc/${PROJECT}/${PROGRAM}/keys" + +Parameters () +{ + GETOPT_LONGOPTIONS="add:,list,remove:," + GETOPT_OPTIONS="a:,l,r:," + + PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${COMMAND} --options ${GETOPT_OPTIONS} --shell sh -- ${@})" + + if [ "${?}" != "0" ] + then + echo "'${COMMAND}': getopt exit" >&2 + exit 1 + fi + + eval set -- "${PARAMETERS}" + + while true + do + case "${1}" in + -a|--add) + ADD="${2}" + ACTION="add" + shift 2 + ;; + + -l|--list) + ACTION="list" + shift 1 + ;; + + -r|--remove) + REMOVE="${2}" + ACTION="remove" + shift 2 + ;; + + --) + shift 1 + break + ;; + + *) + echo "'${COMMAND}': getopt error" >&2 + exit 1 + ;; + esac + done +} + +Usage () +{ + echo "Usage: ${PROGRAM} ${COMMAND} [-a|--add KEY] [-l|--list] [-r|--remove KEY]" >&2 + exit 1 +} + +Parameters "${@}" + +if [ -z "${ACTION}" ] +then + Usage +fi + +# Pre hooks +for FILE in "${HOOKS}/pre-${COMMAND}".* "${HOOKS}/${NAME}.pre-${COMMAND}" +do + if [ -x "${FILE}" ] + then + "${FILE}" + fi +done + +# Run +if [ ! -e "${KEYS}" ] +then + mkdir -p "${KEYS}" + + chown root:root "${KEYS}" + chmod 0700 "${KEYS}" + +cat > "${KEYS}/gnupg.conf" << EOF +keyserver hkps://hkps.pool.sks-keyservers.net +keyserver-options include-revoked +keyserver-options no-honor-keyserver-url + +cert-digest-algo SHA512 +default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES ZLIB ZIP Uncompressed +personal-cipher-preferences AES256 AES192 AES +personal-compress-preferences ZLIB ZIP Uncompressed +personal-digest-preferences SHA512 SHA384 SHA256 SHA224 + +no-comments +no-emit-version +no-greeting +keyid-format 0xlong +list-options show-keyring +list-options show-uid-validity +verify-options show-uid-validity +with-fingerprint + +charset utf-8 +EOF + +fi + +case "${ACTION}" in + add) + gpg --homedir "${KEYS}" --import "${ADD}" + ;; + + list) + gpg --homedir "${KEYS}" --list-keys + ;; + + remove) + gpg --homedir "${KEYS}" --delete-keys "${REMOVE}" + ;; +esac + +# Post hooks +for FILE in "${HOOKS}/post-${COMMAND}".* "${HOOKS}/${NAME}.post-${COMMAND}" +do + if [ -x "${FILE}" ] + then + "${FILE}" + fi +done diff --git a/share/bash-completion/container b/share/bash-completion/container index 0013394..710e660 100644 --- a/share/bash-completion/container +++ b/share/bash-completion/container @@ -98,6 +98,12 @@ _container() esac ;; + key) + opts="-a --add -l --list -r --remove" + COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) + return 0 + ;; + list|ls) case "${prev}" in -h|--host) diff --git a/share/man/container-key.1.txt b/share/man/container-key.1.txt new file mode 100644 index 0000000..7e7f376 --- /dev/null +++ b/share/man/container-key.1.txt @@ -0,0 +1,86 @@ +// Copyright (C) 2014-2019 Daniel Baumann +// +// SPDX-License-Identifier: GPL-3.0+ +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +CONTAINER-KEY(1) +================ +:doctype: manpage +:man manual: Open Infrastructure +:man source: compute-tools +:man version: {revnumber} + + +NAME +---- +container-key - Manage GnuPG keyring for container operations + + +SYNOPSIS +-------- +*container key* ['OPTIONS'] + + +DESCRIPTION +----------- +The container key manages the GnuPG keyring for container operations. + + +OPTIONS +------- +The following container options are available: + +*-a, --add='KEY'*:: + Add a key to the keyring. + +*-l, --list'*:: + List keys in the keyring. + +*-r, --remove='KEY'*:: + Remove a key from the keyring. + + +EXAMPLES +-------- +*Add a key to the keyring:*:: + gpg --keyserver hkps://hkps.pool.sks-keyservers.net --recv 0x1E9B3AED2D9FA8F6 + gpg --armor --export 0x1E9B3AED2D9FA8F6 | sudo container key --add - + +*Remove a key from the keyring:*:: + sudo container key --remove 0x1E9B3AED2D9FA8F6 + + +SEE ALSO +-------- +compute-tools(7), +container(1). + + +HOMEPAGE +-------- +More information about compute-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net. + + +CONTACT +------- +Bug reports, feature requests, help, patches, support and everything else +are welcome on the Open Infrastructure Software Mailing List . + +Debian specific bugs can also be reported in the Debian Bug Tracking System at https://bugs.debian.org. + + +AUTHORS +------- +compute-tools were written by Daniel Baumann and others. diff --git a/share/man/container.1.txt b/share/man/container.1.txt index 224d6cc..b719b17 100644 --- a/share/man/container.1.txt +++ b/share/man/container.1.txt @@ -75,6 +75,9 @@ The following container commands are available: *enter*:: Enter a container namespace, see container-enter(1). +*key*:: + Manage GnuPG keyring for container operations, see container-key(1). + *list*:: List container on the system, see container-list(1). -- cgit v1.2.3