#!/bin/sh # Copyright (C) 2014-2021 Daniel Baumann # # SPDX-License-Identifier: GPL-3.0+ # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . set -e PROJECT="open-infrastructure" SOFTWARE="compute-tools" PROGRAM="container" COMMAND="$(basename ${0})" KEYS="/etc/${SOFTWARE}/keys" Parameters () { GETOPT_LONGOPTIONS="add:,list,remove:," GETOPT_OPTIONS="a:,l,r:," PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${COMMAND} --options ${GETOPT_OPTIONS} --shell sh -- ${@})" if [ "${?}" != "0" ] then echo "'${COMMAND}': getopt exit" >&2 exit 1 fi eval set -- "${PARAMETERS}" while true do case "${1}" in -a|--add) ADD="${2}" ACTION="add" shift 2 ;; -l|--list) ACTION="list" shift 1 ;; -r|--remove) REMOVE="${2}" ACTION="remove" shift 2 ;; --) shift 1 break ;; *) echo "'${COMMAND}': getopt error" >&2 exit 1 ;; esac done } Usage () { echo "Usage: ${PROGRAM} ${COMMAND} [-a|--add KEY_FILE|KEY_ID] [-l|--list] [-r|--remove KEY|KEY_ID]" >&2 exit 1 } Parameters "${@}" if [ -z "${ACTION}" ] then Usage fi if [ ! -w "${KEYS}" ] then if [ "$(id -u)" -ne 0 ] then echo "'${COMMAND}': need root privileges (or write permissions to '${KEYS}')" >&2 exit 1 fi fi # Pre hooks for FILE in "${HOOKS}/pre-${COMMAND}".* "${HOOKS}/${NAME}.pre-${COMMAND}" do if [ -x "${FILE}" ] then "${FILE}" fi done # Run if [ ! -e "${KEYS}" ] then mkdir -p "${KEYS}" chown root:root "${KEYS}" chmod 0700 "${KEYS}" cat > "${KEYS}/gnupg.conf" << EOF keyserver hkps://keys.openpgp.org keyserver-options include-revoked keyserver-options no-honor-keyserver-url cert-digest-algo SHA512 default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES ZLIB ZIP Uncompressed personal-cipher-preferences AES256 AES192 AES personal-compress-preferences ZLIB ZIP Uncompressed personal-digest-preferences SHA512 SHA384 SHA256 SHA224 no-comments no-emit-version no-greeting keyid-format 0xlong list-options show-keyring list-options show-uid-validity verify-options show-uid-validity with-fingerprint charset utf-8 EOF fi case "${ACTION}" in add) if [ -e "${ADD}" ] then gpg --homedir "${KEYS}" --import "${ADD}" elif [ -e "/usr/share/compute-tools/keys/${ADD}" ] then gpg --homedir "${KEYS}" --import "/usr/share/compute-tools/keys/${ADD}" elif [ -e "/usr/share/compute-tools/keys/${ADD}.pub" ] then gpg --homedir "${KEYS}" --import "/usr/share/compute-tools/keys/${ADD}.pub" else gpg --homedir "${KEYS}" --recv "${ADD}" fi ;; list) gpg --homedir "${KEYS}" --list-keys ;; remove) gpg --homedir "${KEYS}" --delete-keys "${REMOVE}" ;; esac # Post hooks for FILE in "${HOOKS}/post-${COMMAND}".* "${HOOKS}/${NAME}.post-${COMMAND}" do if [ -x "${FILE}" ] then "${FILE}" fi done