X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=plc.d%2Fgpg;h=7f146a994e4af97cfadd14e98d1bfa58a216bb43;hb=391310e122de0536c08f62bd46acd3b3b7b13964;hp=52f6aed4fcfcb028717815cd85711ea84183ce35;hpb=309572ab8b4843bb6507b0b3f6dc5e5240af257b;p=myplc.git

diff --git a/plc.d/gpg b/plc.d/gpg
index 52f6aed..7f146a9 100755
--- a/plc.d/gpg
+++ b/plc.d/gpg
@@ -7,17 +7,23 @@
 # Mark Huang <mlhuang@cs.princeton.edu>
 # Copyright (C) 2006 The Trustees of Princeton University
 #
-# $Id: gpg,v 1.1 2006/04/06 21:51:59 mlhuang Exp $
+# $Id: gpg 129 2007-03-20 12:04:03Z thierry $
 #
 
 # Source function library and configuration
 . /etc/plc.d/functions
 . /etc/planetlab/plc_config
 
+# Be verbose
+set -x
+
 case "$1" in
     start)
-	# Generate GPG keyrings
+	# Make temporary GPG home directory
+	homedir=$(mktemp -d /tmp/gpg.XXXXXX)
+
 	if [ ! -f $PLC_ROOT_GPG_KEY_PUB -o ! -f $PLC_ROOT_GPG_KEY ] ; then
+	    # Generate new GPG keyring
 	    MESSAGE=$"Generating GPG keys"
 	    dialog "$MESSAGE"
 
@@ -28,7 +34,8 @@ case "$1" in
 	    # avoid running out of entropy.
 	    rm -f /dev/random
 	    mknod /dev/random c 1 9
-	    gpg --homedir=/root --batch --gen-key <<EOF
+	    gpg --homedir=$homedir --no-permission-warning --batch --no-tty --yes \
+		--gen-key <<EOF
 Key-Type: DSA
 Key-Length: 1024
 Subkey-Type: ELG-E
@@ -44,10 +51,69 @@ EOF
 	    check
 	    rm -f /dev/random
 	    mknod /dev/random c 1 8
-	    chmod 600 $PLC_ROOT_GPG_KEY_PUB $PLC_ROOT_GPG_KEY
+	else
+	    # Update GPG UID
+	    MESSAGE=$"Updating GPG keys"
+	    dialog "$MESSAGE"
+
+	    # Get the current GPG fingerprint and comment
+	    OLDIFS=$IFS
+	    IFS=:
+	    while read -a fields ; do
+		if [ "${fields[0]}" = "pub" ] ; then
+		    fingerprint=${fields[4]}
+		    break
+		fi
+	    done < <(
+		gpg --homedir=$homedir --no-permission-warning --batch --no-tty --yes \
+		    --no-default-keyring \
+		    --secret-keyring=$PLC_ROOT_GPG_KEY \
+		    --keyring=$PLC_ROOT_GPG_KEY_PUB \
+		    --list-public-keys --with-colons
+		check
+	    )
+	    IFS=$OLDIFS
+
+	    # Add a new UID if appropriate. GPG will detect and merge duplicates.
+	    gpg --homedir=$homedir --no-permission-warning --batch --no-tty --yes \
+		--no-default-keyring \
+		--secret-keyring=$PLC_ROOT_GPG_KEY \
+		--keyring=$PLC_ROOT_GPG_KEY_PUB \
+		--command-fd 0 --status-fd 1 --edit-key $fingerprint <<EOF
+adduid
+$PLC_NAME Central
+$PLC_MAIL_SUPPORT_ADDRESS
+http://$PLC_WWW_HOST/
+save
+EOF
+	    check
+	fi
 
-	    result "$MESSAGE"
+	# Install the key in the RPM database
+	mkdir -p /etc/pki/rpm-gpg
+	gpg --homedir=$homedir --no-permission-warning --batch --no-tty --yes \
+	    --no-default-keyring \
+	    --secret-keyring=$PLC_ROOT_GPG_KEY \
+	    --keyring=$PLC_ROOT_GPG_KEY_PUB \
+	    --export --armor >"/etc/pki/rpm-gpg/RPM-GPG-KEY-$PLC_NAME"
+	check
+	if rpm -q gpg-pubkey ; then
+	    rpm --allmatches -e gpg-pubkey
+	    check
 	fi
+	rpm --import /etc/pki/rpm-gpg/*
+	check
+
+	# Make GPG key readable by apache so that the API can sign peer requests
+	chown apache $PLC_ROOT_GPG_KEY
+	chmod 644 $PLC_ROOT_GPG_KEY_PUB
+	chmod 600 $PLC_ROOT_GPG_KEY
+	check
+
+	# Cleanup
+	rm -rf $homedir
+
+	result "$MESSAGE"
 	;;
 esac