From db2a19b9a75555d7747c6e991df96956bdda6038 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@open-infrastructure.net>
Date: Sat, 22 Jul 2017 20:14:36 +0200
Subject: Adding container key command.

Signed-off-by: Daniel Baumann <daniel.baumann@open-infrastructure.net>
---
 lib/container/key               | 149 ++++++++++++++++++++++++++++++++++++++++
 share/bash-completion/container |   6 ++
 share/man/container-key.1.txt   |  85 +++++++++++++++++++++++
 share/man/container.1.txt       |   3 +
 4 files changed, 243 insertions(+)
 create mode 100755 lib/container/key
 create mode 100644 share/man/container-key.1.txt

diff --git a/lib/container/key b/lib/container/key
new file mode 100755
index 0000000..e97d8e1
--- /dev/null
+++ b/lib/container/key
@@ -0,0 +1,149 @@
+#!/bin/sh
+
+# container-tools - Manage systemd-nspawn containers
+# Copyright (C) 2014-2017 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+set -e
+
+COMMAND="$(basename ${0})"
+
+KEYS="/etc/container-tools/keys"
+
+Parameters ()
+{
+	GETOPT_LONGOPTIONS="add:,list,remove:,"
+	GETOPT_OPTIONS="a:,l,r:,"
+
+	PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${COMMAND} --options ${GETOPT_OPTIONS} --shell sh -- ${@})"
+
+	if [ "${?}" != "0" ]
+	then
+		echo "'${COMMAND}': getopt exit" >&2
+		exit 1
+	fi
+
+	eval set -- "${PARAMETERS}"
+
+	while true
+	do
+		case "${1}" in
+			-a|--add)
+				ADD="${2}"
+				ACTION="add"
+				shift 2
+				;;
+
+			-l|--list)
+				ACTION="list"
+				shift 1
+				;;
+
+			-r|--remove)
+				REMOVE="${2}"
+				ACTION="remove"
+				shift 2
+				;;
+
+			--)
+				shift 1
+				break
+				;;
+
+			*)
+				echo "'${COMMAND}': getopt error" >&2
+				exit 1
+				;;
+		esac
+	done
+}
+
+Usage ()
+{
+	echo "Usage: container ${COMMAND} [-a|--add KEY] [-l|--list] [-r|--remove KEY]" >&2
+	exit 1
+}
+
+Parameters "${@}"
+
+if [ -z "${ACTION}" ]
+then
+	Usage
+fi
+
+# Pre hooks
+for FILE in "${HOOKS}/pre-${COMMAND}".* "${HOOKS}/${NAME}.pre-${COMMAND}"
+do
+	if [ -x "${FILE}" ]
+	then
+		"${FILE}"
+	fi
+done
+
+# Run
+if [ ! -e "${KEYS}" ]
+then
+	mkdir -p "${KEYS}"
+
+	chown root:root "${KEYS}"
+	chmod 0700 "${KEYS}"
+
+cat > "${KEYS}/gnupg.conf" << EOF
+keyserver hkps://hkps.pool.sks-keyservers.net
+keyserver-options include-revoked
+keyserver-options no-honor-keyserver-url
+
+cert-digest-algo SHA512
+default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES ZLIB ZIP Uncompressed
+personal-cipher-preferences AES256 AES192 AES
+personal-compress-preferences ZLIB ZIP Uncompressed
+personal-digest-preferences SHA512 SHA384 SHA256 SHA224
+
+no-comments
+no-emit-version
+no-greeting
+keyid-format 0xlong
+list-options show-keyring
+list-options show-uid-validity
+verify-options show-uid-validity
+with-fingerprint
+
+charset utf-8
+EOF
+
+fi
+
+case "${ACTION}" in
+	add)
+		gpg --homedir "${KEYS}" --import "${ADD}"
+		;;
+
+	list)
+		gpg --homedir "${KEYS}" --list-keys
+		;;
+
+	remove)
+		gpg --homedir "${KEYS}" --delete-keys "${REMOVE}"
+		;;
+esac
+
+# Post hooks
+for FILE in "${HOOKS}/post-${COMMAND}".* "${HOOKS}/${NAME}.post-${COMMAND}"
+do
+	if [ -x "${FILE}" ]
+	then
+		"${FILE}"
+	fi
+done
diff --git a/share/bash-completion/container b/share/bash-completion/container
index 535599a..ffa042d 100644
--- a/share/bash-completion/container
+++ b/share/bash-completion/container
@@ -97,6 +97,12 @@ _container()
 			esac
 			;;
 
+		key)
+			opts="-a --add -l --list -r --remove"
+			COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )
+			return 0
+			;;
+
 		limit)
 			case "${prev}" in
 				-n|--name)
diff --git a/share/man/container-key.1.txt b/share/man/container-key.1.txt
new file mode 100644
index 0000000..070047b
--- /dev/null
+++ b/share/man/container-key.1.txt
@@ -0,0 +1,85 @@
+// container-tools - Manage systemd-nspawn containers
+// Copyright (C) 2014-2017 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+CONTAINER-KEY(1)
+================
+:doctype: manpage
+:man manual: Open Infrastructure
+:man source: container-tools
+:man version: {revnumber}
+
+
+NAME
+----
+container-key - Manage GnuPG keyring for container operations
+
+
+SYNOPSIS
+--------
+*container key* ['OPTIONS']
+
+
+DESCRIPTION
+-----------
+The container key manages the GnuPG keyring for container operations.
+
+
+OPTIONS
+-------
+The following container options are available:
+
+*-a, --add='KEY'*::
+	Add a key to the keyring.
+
+*-l, --list'*::
+	List keys in the keyring.
+
+*-r, --remove='KEY'*::
+	Remove a key from the keyring.
+
+
+EXAMPLES
+--------
+*Add a key to the keyring:*::
+	gpg --keyserver hkps://hkps.pool.sks-keyservers.net --recv 0x1E9B3AED2D9FA8F6
+	gpg --armor --export 0x1E9B3AED2D9FA8F6 | sudo container key --add -
+
+*Remove a key from the keyring:*::
+	sudo container key --remove 0x1E9B3AED2D9FA8F6
+
+
+SEE ALSO
+--------
+container-tools(7),
+container(1).
+
+
+HOMEPAGE
+--------
+More information about container-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net.
+
+
+CONTACT
+-------
+Bug reports, feature requests, help, patches, support and everything else
+are welcome on the Open Infrastructure Software Mailing List <software@lists.open-infrastructure.net>.
+
+Debian specific bugs can also be reported in the Debian Bug Tracking System at https://bugs.debian.org.
+
+
+AUTHORS
+-------
+container-tools was written by Daniel Baumann <daniel.baumann@open-infrastructure.net>.
diff --git a/share/man/container.1.txt b/share/man/container.1.txt
index 6bd2a12..864e53f 100644
--- a/share/man/container.1.txt
+++ b/share/man/container.1.txt
@@ -74,6 +74,9 @@ The following container commands are available:
 *enter*::
 	Enter a container namespace, see container-enter(1).
 
+*key*::
+	Manage GnuPG keyring for container operations, see container-key(1).
+
 *limit*::
 	Limit ressources of a container, see container-limit(1).
 
-- 
cgit v1.2.3