From b6ba2c3e39485ef55b6c0723287e247c69f37370 Mon Sep 17 00:00:00 2001
From: Mark Huang <mlhuang@cs.princeton.edu>
Date: Wed, 17 May 2006 22:52:09 +0000
Subject: [PATCH] - deleting UIDs is not the right thing to do; instead, add a
 new UID if   appropriate if any of the components of the UID change - install
 GPG key in the RPM database as a valid signing key (for   yum-arch)

---
 plc.d/gpg | 64 ++++++++++++++++++++++++++++++-------------------------
 1 file changed, 35 insertions(+), 29 deletions(-)

diff --git a/plc.d/gpg b/plc.d/gpg
index 23a1860..00b37bb 100755
--- a/plc.d/gpg
+++ b/plc.d/gpg
@@ -7,7 +7,7 @@
 # Mark Huang <mlhuang@cs.princeton.edu>
 # Copyright (C) 2006 The Trustees of Princeton University
 #
-# $Id: gpg,v 1.3 2006/05/08 18:16:33 mlhuang Exp $
+# $Id: gpg,v 1.4 2006/05/17 20:47:59 mlhuang Exp $
 #
 
 # Source function library and configuration
@@ -47,49 +47,55 @@ EOF
 	    mknod /dev/random c 1 8
 	    chmod 644 $PLC_ROOT_GPG_KEY_PUB
 	    chmod 600 $PLC_ROOT_GPG_KEY
-
-	    result "$MESSAGE"
 	else
 	    # Update GPG UID
 	    MESSAGE=$"Updating GPG keys"
 	    dialog "$MESSAGE"
 
-	    # Get the current GPG fingerprint
-	    fingerprint=$PLC_MAIL_SUPPORT_ADDRESS
-	    (
-		IFS=:
-		while read -a fields ; do
-		    if [ "${fields[0]}" = "pub" ] ; then
-			fingerprint=${fields[4]}
-			break
-		    fi
-		done < <(
-		    gpg --homedir=/root --no-tty --yes \
-			--no-default-keyring --keyring $PLC_ROOT_GPG_KEY_PUB --secret-keyring $PLC_ROOT_GPG_KEY \
-			--list-public-keys --with-colons
-		    check
-		)
+	    # Get the current GPG fingerprint and comment
+	    OLDIFS=$IFS
+	    IFS=:
+	    while read -a fields ; do
+		if [ "${fields[0]}" = "pub" ] ; then
+		    fingerprint=${fields[4]}
+		    IFS=$OLDIFS
+		    comment=${fields[9]/\x3a/:}
+		    break
+		fi
+	    done < <(
+		gpg --homedir=/etc/planetlab --no-permission-warning --no-tty --yes \
+		    --list-public-keys --with-colons
+		check
 	    )
+	    IFS=$OLDIFS
 
-	    # GPG UIDs cannot and should not normally be changed, but
-	    # since we do not certify signatures, we can effectively
-	    # change it by adding a new one and deleting the old one.
-	    gpg --homedir=/root --no-tty --yes \
-		--no-default-keyring --keyring $PLC_ROOT_GPG_KEY_PUB --secret-keyring $PLC_ROOT_GPG_KEY \
-		--command-fd 0 --status-fd 1 --edit-key $fingerprint <<EOF
+	    # Add a new UID if appropriate
+	    if [ "$comment" != "$PLC_NAME Central (http://$PLC_WWW_HOST/) <$PLC_MAIL_SUPPORT_ADDRESS>" ] ; then
+		gpg --homedir=/etc/planetlab --no-permission-warning --no-tty --yes \
+		    --command-fd 0 --status-fd 1 --edit-key $fingerprint <<EOF
 adduid
 $PLC_NAME Central
 $PLC_MAIL_SUPPORT_ADDRESS
 http://$PLC_WWW_HOST/
-uid 1
-deluid
-y
 save
 EOF
-	    check
+		check
+	    fi
+	fi
 
-	    result "$MESSAGE"
+	# Install the key in the RPM database
+	mkdir -p /etc/pki/rpm-gpg
+	gpg --homedir=/etc/planetlab --no-permission-warning --no-tty --yes \
+	    --export --armor >"/etc/pki/rpm-gpg/RPM-GPG-KEY-$PLC_NAME"
+	check
+	if rpm -q gpg-pubkey ; then
+	    rpm --allmatches -e gpg-pubkey
+	    check
 	fi
+	rpm --import /etc/pki/rpm-gpg/*
+	check
+
+	result "$MESSAGE"
 	;;
 esac
 
-- 
2.43.0