7 # Mark Huang <mlhuang@cs.princeton.edu>
8 # Copyright (C) 2006 The Trustees of Princeton University
10 # $Id: gpg,v 1.7 2006/06/23 20:29:22 mlhuang Exp $
13 # Source function library and configuration
14 . /etc/plc.d/functions
15 . /etc/planetlab/plc_config
22 if [ ! -f $PLC_ROOT_GPG_KEY_PUB -o ! -f $PLC_ROOT_GPG_KEY ] ; then
23 # Generate new GPG keyring
24 MESSAGE=$"Generating GPG keys"
27 mkdir -p $(dirname $PLC_ROOT_GPG_KEY_PUB)
28 mkdir -p $(dirname $PLC_ROOT_GPG_KEY)
30 # Temporarily replace /dev/random with /dev/urandom to
31 # avoid running out of entropy.
33 mknod /dev/random c 1 9
34 gpg --homedir=/root --no-tty --yes \
35 --batch --gen-key <<EOF
40 Name-Real: $PLC_NAME Central
41 Name-Comment: http://$PLC_WWW_HOST/
42 Name-Email: $PLC_MAIL_SUPPORT_ADDRESS
44 %pubring $PLC_ROOT_GPG_KEY_PUB
45 %secring $PLC_ROOT_GPG_KEY
50 mknod /dev/random c 1 8
51 # Make GPG key readable by apache so that the API can sign peer requests
52 chown apache $PLC_ROOT_GPG_KEY
53 chmod 644 $PLC_ROOT_GPG_KEY_PUB
54 chmod 600 $PLC_ROOT_GPG_KEY
57 MESSAGE=$"Updating GPG keys"
60 # Get the current GPG fingerprint and comment
63 while read -a fields ; do
64 if [ "${fields[0]}" = "pub" ] ; then
65 fingerprint=${fields[4]}
69 gpg --homedir=/etc/planetlab --no-permission-warning --no-tty --yes \
70 --list-public-keys --with-colons
75 # Add a new UID if appropriate. GPG will detect and merge duplicates.
76 gpg --homedir=/etc/planetlab --no-permission-warning --no-tty --yes \
77 --command-fd 0 --status-fd 1 --edit-key $fingerprint <<EOF
80 $PLC_MAIL_SUPPORT_ADDRESS
87 # Install the key in the RPM database
88 mkdir -p /etc/pki/rpm-gpg
89 gpg --homedir=/etc/planetlab --no-permission-warning --no-tty --yes \
90 --export --armor >"/etc/pki/rpm-gpg/RPM-GPG-KEY-$PLC_NAME"
92 if rpm -q gpg-pubkey ; then
93 rpm --allmatches -e gpg-pubkey
96 rpm --import /etc/pki/rpm-gpg/*