From db2a19b9a75555d7747c6e991df96956bdda6038 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sat, 22 Jul 2017 20:14:36 +0200 Subject: Adding container key command. Signed-off-by: Daniel Baumann --- lib/container/key | 149 ++++++++++++++++++++++++++++++++++++++++ share/bash-completion/container | 6 ++ share/man/container-key.1.txt | 85 +++++++++++++++++++++++ share/man/container.1.txt | 3 + 4 files changed, 243 insertions(+) create mode 100755 lib/container/key create mode 100644 share/man/container-key.1.txt diff --git a/lib/container/key b/lib/container/key new file mode 100755 index 0000000..e97d8e1 --- /dev/null +++ b/lib/container/key @@ -0,0 +1,149 @@ +#!/bin/sh + +# container-tools - Manage systemd-nspawn containers +# Copyright (C) 2014-2017 Daniel Baumann +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +set -e + +COMMAND="$(basename ${0})" + +KEYS="/etc/container-tools/keys" + +Parameters () +{ + GETOPT_LONGOPTIONS="add:,list,remove:," + GETOPT_OPTIONS="a:,l,r:," + + PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${COMMAND} --options ${GETOPT_OPTIONS} --shell sh -- ${@})" + + if [ "${?}" != "0" ] + then + echo "'${COMMAND}': getopt exit" >&2 + exit 1 + fi + + eval set -- "${PARAMETERS}" + + while true + do + case "${1}" in + -a|--add) + ADD="${2}" + ACTION="add" + shift 2 + ;; + + -l|--list) + ACTION="list" + shift 1 + ;; + + -r|--remove) + REMOVE="${2}" + ACTION="remove" + shift 2 + ;; + + --) + shift 1 + break + ;; + + *) + echo "'${COMMAND}': getopt error" >&2 + exit 1 + ;; + esac + done +} + +Usage () +{ + echo "Usage: container ${COMMAND} [-a|--add KEY] [-l|--list] [-r|--remove KEY]" >&2 + exit 1 +} + +Parameters "${@}" + +if [ -z "${ACTION}" ] +then + Usage +fi + +# Pre hooks +for FILE in "${HOOKS}/pre-${COMMAND}".* "${HOOKS}/${NAME}.pre-${COMMAND}" +do + if [ -x "${FILE}" ] + then + "${FILE}" + fi +done + +# Run +if [ ! -e "${KEYS}" ] +then + mkdir -p "${KEYS}" + + chown root:root "${KEYS}" + chmod 0700 "${KEYS}" + +cat > "${KEYS}/gnupg.conf" << EOF +keyserver hkps://hkps.pool.sks-keyservers.net +keyserver-options include-revoked +keyserver-options no-honor-keyserver-url + +cert-digest-algo SHA512 +default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES ZLIB ZIP Uncompressed +personal-cipher-preferences AES256 AES192 AES +personal-compress-preferences ZLIB ZIP Uncompressed +personal-digest-preferences SHA512 SHA384 SHA256 SHA224 + +no-comments +no-emit-version +no-greeting +keyid-format 0xlong +list-options show-keyring +list-options show-uid-validity +verify-options show-uid-validity +with-fingerprint + +charset utf-8 +EOF + +fi + +case "${ACTION}" in + add) + gpg --homedir "${KEYS}" --import "${ADD}" + ;; + + list) + gpg --homedir "${KEYS}" --list-keys + ;; + + remove) + gpg --homedir "${KEYS}" --delete-keys "${REMOVE}" + ;; +esac + +# Post hooks +for FILE in "${HOOKS}/post-${COMMAND}".* "${HOOKS}/${NAME}.post-${COMMAND}" +do + if [ -x "${FILE}" ] + then + "${FILE}" + fi +done diff --git a/share/bash-completion/container b/share/bash-completion/container index 535599a..ffa042d 100644 --- a/share/bash-completion/container +++ b/share/bash-completion/container @@ -97,6 +97,12 @@ _container() esac ;; + key) + opts="-a --add -l --list -r --remove" + COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) + return 0 + ;; + limit) case "${prev}" in -n|--name) diff --git a/share/man/container-key.1.txt b/share/man/container-key.1.txt new file mode 100644 index 0000000..070047b --- /dev/null +++ b/share/man/container-key.1.txt @@ -0,0 +1,85 @@ +// container-tools - Manage systemd-nspawn containers +// Copyright (C) 2014-2017 Daniel Baumann +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +CONTAINER-KEY(1) +================ +:doctype: manpage +:man manual: Open Infrastructure +:man source: container-tools +:man version: {revnumber} + + +NAME +---- +container-key - Manage GnuPG keyring for container operations + + +SYNOPSIS +-------- +*container key* ['OPTIONS'] + + +DESCRIPTION +----------- +The container key manages the GnuPG keyring for container operations. + + +OPTIONS +------- +The following container options are available: + +*-a, --add='KEY'*:: + Add a key to the keyring. + +*-l, --list'*:: + List keys in the keyring. + +*-r, --remove='KEY'*:: + Remove a key from the keyring. + + +EXAMPLES +-------- +*Add a key to the keyring:*:: + gpg --keyserver hkps://hkps.pool.sks-keyservers.net --recv 0x1E9B3AED2D9FA8F6 + gpg --armor --export 0x1E9B3AED2D9FA8F6 | sudo container key --add - + +*Remove a key from the keyring:*:: + sudo container key --remove 0x1E9B3AED2D9FA8F6 + + +SEE ALSO +-------- +container-tools(7), +container(1). + + +HOMEPAGE +-------- +More information about container-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net. + + +CONTACT +------- +Bug reports, feature requests, help, patches, support and everything else +are welcome on the Open Infrastructure Software Mailing List . + +Debian specific bugs can also be reported in the Debian Bug Tracking System at https://bugs.debian.org. + + +AUTHORS +------- +container-tools was written by Daniel Baumann . diff --git a/share/man/container.1.txt b/share/man/container.1.txt index 6bd2a12..864e53f 100644 --- a/share/man/container.1.txt +++ b/share/man/container.1.txt @@ -74,6 +74,9 @@ The following container commands are available: *enter*:: Enter a container namespace, see container-enter(1). +*key*:: + Manage GnuPG keyring for container operations, see container-key(1). + *limit*:: Limit ressources of a container, see container-limit(1). -- cgit v1.2.3