X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=plc.d%2Fgpg;fp=plc.d%2Fgpg;h=6a2eef481ad3c1a390e519b6e28f7d7a25c27ab7;hb=430c5f27b0be2cd7f24368e1b1ab506535a7f788;hp=9576c4093d222113f25e97cfc8ebc979cf0219d1;hpb=ace8192c69484e305a5332080088146b5b92d9bc;p=myplc.git

diff --git a/plc.d/gpg b/plc.d/gpg
index 9576c40..6a2eef4 100755
--- a/plc.d/gpg
+++ b/plc.d/gpg
@@ -12,6 +12,67 @@
 . /etc/plc.d/functions
 . /etc/planetlab/plc_config
 
+### IMPORTANT NOTE 2020 - feb
+# when moving to fedora31 I run into this
+# https://fedoraproject.org/wiki/Changes/GnuPG2_as_default_GPG_implementation
+# which breaks the whole system for us because
+# * gnupg2 key generation function won't work as expected
+# * but with much wider impact, it turns out that private keys
+#   are now stored in a completely different way, and this will affect
+#   the way that particular location (typically /etc/planetlab/secring.gpg)
+#   is both
+#   * configured (as $PLC_ROOT_GPG_KEY) 
+#   * and passed around (see the PLC.GPG module and its gpg_sign() function)
+# 
+# so for now it looks MUCH EASIER to just get fedora to install gnupg1 
+# instead of (or on top of) gnupg, and use gpg1 when available
+# below is a leftover of the beginning of a code adaptation
+# to gnupg2, that should work fine (took some time to get right actually)
+# but this is currently unused 
+
+# the default gpg command is version 1 up to f29, version 2 starts with f31 
+# that could be more for when we support both
+GPG_MAJOR_VERSION=$(gpg --version | grep '^gpg' | cut -d' ' -f 3 | cut -d. -f1)
+
+function generate_key_v1() {
+	local homedir=$1
+	gpg --homedir=$homedir --no-permission-warning --batch --no-tty --yes --gen-key << EOF
+Key-Type: DSA
+Key-Length: 1024
+Subkey-Type: ELG-E
+Subkey-Length: 1024
+Name-Real: $PLC_NAME Central
+Name-Comment: http://$PLC_WWW_HOST/
+Name-Email: $PLC_MAIL_SUPPORT_ADDRESS
+Expire-Date: 0
+%pubring $PLC_ROOT_GPG_KEY_PUB
+%secring $PLC_ROOT_GPG_KEY
+%commit
+EOF
+}
+
+# this code should work allright as far as key generation, but as explained above
+# moving to gnupg2 requires a lot more work all over the place...
+function generate_key_v2() {
+	>&2 echo "it appears you have GPGv2 installed, myPLC is not ready for that !"
+	return 1
+
+	local homedir=$1
+	gpg --homedir=$homedir --generate-key --batch << EOF
+Key-Type: DSA
+Key-Length: 1024
+Subkey-Type: ELG-E
+Subkey-Length: 1024
+Name-Real: $PLC_NAME Central
+Name-Comment: http://$PLC_WWW_HOST/
+Name-Email: $PLC_MAIL_SUPPORT_ADDRESS
+Expire-Date: 0
+%pubring $PLC_ROOT_GPG_KEY_PUB
+%no-protection
+%commit
+EOF
+}
+
 # Be verbose
 set -x
 
@@ -53,20 +114,11 @@ case "$1" in
 	    ln -s /dev/urandom /dev/random
 	    # again 
 	    check
-	    gpg --homedir=$homedir --no-permission-warning --batch --no-tty --yes \
-		--gen-key <<EOF
-Key-Type: DSA
-Key-Length: 1024
-Subkey-Type: ELG-E
-Subkey-Length: 1024
-Name-Real: $PLC_NAME Central
-Name-Comment: http://$PLC_WWW_HOST/
-Name-Email: $PLC_MAIL_SUPPORT_ADDRESS
-Expire-Date: 0
-%pubring $PLC_ROOT_GPG_KEY_PUB
-%secring $PLC_ROOT_GPG_KEY
-%commit
-EOF
+		if [ "$GPG_MAJOR_VERSION" == 1 ]; then
+			generate_key_v1 $homedir
+		else
+			generate_key_v2 $homedir
+		fi
 	    check
 	    mv -f /dev/random.preserve /dev/random
 	    check