plc.d/gpg

   1 #!/bin/bash
   2 #
   3 # priority: 500
   4 #
   5 # Generate GPG keys
   6 #
   7 # Mark Huang <mlhuang@cs.princeton.edu>
   8 # Copyright (C) 2006 The Trustees of Princeton University
   9 #
  10 # $Id: gpg,v 1.4 2006/05/17 20:47:59 mlhuang Exp $
  11 #
  12
  13 # Source function library and configuration
  14 . /etc/plc.d/functions
  15 . /etc/planetlab/plc_config
  16
  17 case "$1" in
  18     start)
  19         if [ ! -f $PLC_ROOT_GPG_KEY_PUB -o ! -f $PLC_ROOT_GPG_KEY ] ; then
  20             # Generate new GPG keyring
  21             MESSAGE=$"Generating GPG keys"
  22             dialog "$MESSAGE"
  23
  24             mkdir -p $(dirname $PLC_ROOT_GPG_KEY_PUB)
  25             mkdir -p $(dirname $PLC_ROOT_GPG_KEY)
  26
  27             # Temporarily replace /dev/random with /dev/urandom to
  28             # avoid running out of entropy.
  29             rm -f /dev/random
  30             mknod /dev/random c 1 9
  31             gpg --homedir=/root --no-tty --yes \
  32                 --batch --gen-key <<EOF
  33 Key-Type: DSA
  34 Key-Length: 1024
  35 Subkey-Type: ELG-E
  36 Subkey-Length: 1024
  37 Name-Real: $PLC_NAME Central
  38 Name-Comment: http://$PLC_WWW_HOST/
  39 Name-Email: $PLC_MAIL_SUPPORT_ADDRESS
  40 Expire-Date: 0
  41 %pubring $PLC_ROOT_GPG_KEY_PUB
  42 %secring $PLC_ROOT_GPG_KEY
  43 %commit
  44 EOF
  45             check
  46             rm -f /dev/random
  47             mknod /dev/random c 1 8
  48             chmod 644 $PLC_ROOT_GPG_KEY_PUB
  49             chmod 600 $PLC_ROOT_GPG_KEY
  50         else
  51             # Update GPG UID
  52             MESSAGE=$"Updating GPG keys"
  53             dialog "$MESSAGE"
  54
  55             # Get the current GPG fingerprint and comment
  56             OLDIFS=$IFS
  57             IFS=:
  58             while read -a fields ; do
  59                 if [ "${fields[0]}" = "pub" ] ; then
  60                     fingerprint=${fields[4]}
  61                     IFS=$OLDIFS
  62                     comment=${fields[9]/\x3a/:}
  63                     break
  64                 fi
  65             done < <(
  66                 gpg --homedir=/etc/planetlab --no-permission-warning --no-tty --yes \
  67                     --list-public-keys --with-colons
  68                 check
  69             )
  70             IFS=$OLDIFS
  71
  72             # Add a new UID if appropriate
  73             if [ "$comment" != "$PLC_NAME Central (http://$PLC_WWW_HOST/) <$PLC_MAIL_SUPPORT_ADDRESS>" ] ; then
  74                 gpg --homedir=/etc/planetlab --no-permission-warning --no-tty --yes \
  75                     --command-fd 0 --status-fd 1 --edit-key $fingerprint <<EOF
  76 adduid
  77 $PLC_NAME Central
  78 $PLC_MAIL_SUPPORT_ADDRESS
  79 http://$PLC_WWW_HOST/
  80 save
  81 EOF
  82                 check
  83             fi
  84         fi
  85
  86         # Install the key in the RPM database
  87         mkdir -p /etc/pki/rpm-gpg
  88         gpg --homedir=/etc/planetlab --no-permission-warning --no-tty --yes \
  89             --export --armor >"/etc/pki/rpm-gpg/RPM-GPG-KEY-$PLC_NAME"
  90         check
  91         if rpm -q gpg-pubkey ; then
  92             rpm --allmatches -e gpg-pubkey
  93             check
  94         fi
  95         rpm --import /etc/pki/rpm-gpg/*
  96         check
  97
  98         result "$MESSAGE"
  99         ;;
 100 esac
 101
 102 exit $ERRORS