#!/bin/bash
#
-# priority: 500
+# priority: 400
#
# Generate GPG keys
#
# Mark Huang <mlhuang@cs.princeton.edu>
# Copyright (C) 2006 The Trustees of Princeton University
#
-# $Id: gpg,v 1.8 2006/12/15 20:16:16 mlhuang Exp $
-#
# Source function library and configuration
. /etc/plc.d/functions
# Make temporary GPG home directory
homedir=$(mktemp -d /tmp/gpg.XXXXXX)
+ # in case a previous gpg invocation failed in some weird way
+ # and left behind a zero length gpg key (pub or priv).
+ if [ -f $PLC_ROOT_GPG_KEY_PUB -a ! -s $PLC_ROOT_GPG_KEY_PUB ] ; then
+ rm -f $PLC_ROOT_GPG_KEY_PUB
+ fi
+ if [ -f $PLC_ROOT_GPG_KEY -a ! -s $PLC_ROOT_GPG_KEY ] ; then
+ rm -f $PLC_ROOT_GPG_KEY
+ fi
+
if [ ! -f $PLC_ROOT_GPG_KEY_PUB -o ! -f $PLC_ROOT_GPG_KEY ] ; then
# Generate new GPG keyring
MESSAGE=$"Generating GPG keys"
# Temporarily replace /dev/random with /dev/urandom to
# avoid running out of entropy.
rm -f /dev/random
+ # 1 9 is /dev/urandom
mknod /dev/random c 1 9
+ # sometimes mknod fails within an improperly setup vserver
+ check
gpg --homedir=$homedir --no-permission-warning --batch --no-tty --yes \
--gen-key <<EOF
Key-Type: DSA
rpm --allmatches -e gpg-pubkey
check
fi
- rpm --import /etc/pki/rpm-gpg/*
+ # starting with rpm-4.6, this fails when run a second time
+ # it would be complex to do this properly based on the filename,
+ # as /etc/pki/rpm-gpg/ typically has many symlinks to the same file
+ # see also http://fedoranews.org/tchung/gpg/
+ # so just ignore the result
+ rpm --import /etc/pki/rpm-gpg/* || :
check
# Make GPG key readable by apache so that the API can sign peer requests