7 # Mark Huang <mlhuang@cs.princeton.edu>
8 # Copyright (C) 2006 The Trustees of Princeton University
13 # Source function library and configuration
14 . /etc/plc.d/functions
15 . /etc/planetlab/plc_config
22 # Make temporary GPG home directory
23 homedir=$(mktemp -d /tmp/gpg.XXXXXX)
25 if [ ! -f $PLC_ROOT_GPG_KEY_PUB -o ! -f $PLC_ROOT_GPG_KEY ] ; then
26 # Generate new GPG keyring
27 MESSAGE=$"Generating GPG keys"
30 mkdir -p $(dirname $PLC_ROOT_GPG_KEY_PUB)
31 mkdir -p $(dirname $PLC_ROOT_GPG_KEY)
33 # Temporarily replace /dev/random with /dev/urandom to
34 # avoid running out of entropy.
36 mknod /dev/random c 1 9
37 gpg --homedir=$homedir --no-permission-warning --batch --no-tty --yes \
43 Name-Real: $PLC_NAME Central
44 Name-Comment: http://$PLC_WWW_HOST/
45 Name-Email: $PLC_MAIL_SUPPORT_ADDRESS
47 %pubring $PLC_ROOT_GPG_KEY_PUB
48 %secring $PLC_ROOT_GPG_KEY
53 mknod /dev/random c 1 8
56 MESSAGE=$"Updating GPG keys"
59 # Get the current GPG fingerprint and comment
62 while read -a fields ; do
63 if [ "${fields[0]}" = "pub" ] ; then
64 fingerprint=${fields[4]}
68 gpg --homedir=$homedir --no-permission-warning --batch --no-tty --yes \
69 --no-default-keyring \
70 --secret-keyring=$PLC_ROOT_GPG_KEY \
71 --keyring=$PLC_ROOT_GPG_KEY_PUB \
72 --list-public-keys --with-colons
77 # Add a new UID if appropriate. GPG will detect and merge duplicates.
78 gpg --homedir=$homedir --no-permission-warning --batch --no-tty --yes \
79 --no-default-keyring \
80 --secret-keyring=$PLC_ROOT_GPG_KEY \
81 --keyring=$PLC_ROOT_GPG_KEY_PUB \
82 --command-fd 0 --status-fd 1 --edit-key $fingerprint <<EOF
85 $PLC_MAIL_SUPPORT_ADDRESS
92 # Install the key in the RPM database
93 mkdir -p /etc/pki/rpm-gpg
94 gpg --homedir=$homedir --no-permission-warning --batch --no-tty --yes \
95 --no-default-keyring \
96 --secret-keyring=$PLC_ROOT_GPG_KEY \
97 --keyring=$PLC_ROOT_GPG_KEY_PUB \
98 --export --armor >"/etc/pki/rpm-gpg/RPM-GPG-KEY-$PLC_NAME"
100 if rpm -q gpg-pubkey ; then
101 rpm --allmatches -e gpg-pubkey
104 rpm --import /etc/pki/rpm-gpg/*
107 # Make GPG key readable by apache so that the API can sign peer requests
108 chown apache $PLC_ROOT_GPG_KEY
109 chmod 644 $PLC_ROOT_GPG_KEY_PUB
110 chmod 600 $PLC_ROOT_GPG_KEY