plc.d/gpg

   1 #!/bin/bash
   2 #
   3 # priority: 500
   4 #
   5 # Generate GPG keys
   6 #
   7 # Mark Huang <mlhuang@cs.princeton.edu>
   8 # Copyright (C) 2006 The Trustees of Princeton University
   9 #
  10 # $Id: gpg,v 1.7 2006/06/23 20:29:22 mlhuang Exp $
  11 #
  12
  13 # Source function library and configuration
  14 . /etc/plc.d/functions
  15 . /etc/planetlab/plc_config
  16
  17 # Be verbose
  18 set -x
  19
  20 case "$1" in
  21     start)
  22         if [ ! -f $PLC_ROOT_GPG_KEY_PUB -o ! -f $PLC_ROOT_GPG_KEY ] ; then
  23             # Generate new GPG keyring
  24             MESSAGE=$"Generating GPG keys"
  25             dialog "$MESSAGE"
  26
  27             mkdir -p $(dirname $PLC_ROOT_GPG_KEY_PUB)
  28             mkdir -p $(dirname $PLC_ROOT_GPG_KEY)
  29
  30             # Temporarily replace /dev/random with /dev/urandom to
  31             # avoid running out of entropy.
  32             rm -f /dev/random
  33             mknod /dev/random c 1 9
  34             gpg --homedir=/root --no-tty --yes \
  35                 --batch --gen-key <<EOF
  36 Key-Type: DSA
  37 Key-Length: 1024
  38 Subkey-Type: ELG-E
  39 Subkey-Length: 1024
  40 Name-Real: $PLC_NAME Central
  41 Name-Comment: http://$PLC_WWW_HOST/
  42 Name-Email: $PLC_MAIL_SUPPORT_ADDRESS
  43 Expire-Date: 0
  44 %pubring $PLC_ROOT_GPG_KEY_PUB
  45 %secring $PLC_ROOT_GPG_KEY
  46 %commit
  47 EOF
  48             check
  49             rm -f /dev/random
  50             mknod /dev/random c 1 8
  51             # Make GPG key readable by apache so that the API can sign peer requests
  52             chown apache $PLC_ROOT_GPG_KEY
  53             chmod 644 $PLC_ROOT_GPG_KEY_PUB
  54             chmod 600 $PLC_ROOT_GPG_KEY
  55         else
  56             # Update GPG UID
  57             MESSAGE=$"Updating GPG keys"
  58             dialog "$MESSAGE"
  59
  60             # Get the current GPG fingerprint and comment
  61             OLDIFS=$IFS
  62             IFS=:
  63             while read -a fields ; do
  64                 if [ "${fields[0]}" = "pub" ] ; then
  65                     fingerprint=${fields[4]}
  66                     break
  67                 fi
  68             done < <(
  69                 gpg --homedir=/etc/planetlab --no-permission-warning --no-tty --yes \
  70                     --list-public-keys --with-colons
  71                 check
  72             )
  73             IFS=$OLDIFS
  74
  75             # Add a new UID if appropriate. GPG will detect and merge duplicates.
  76             gpg --homedir=/etc/planetlab --no-permission-warning --no-tty --yes \
  77                 --command-fd 0 --status-fd 1 --edit-key $fingerprint <<EOF
  78 adduid
  79 $PLC_NAME Central
  80 $PLC_MAIL_SUPPORT_ADDRESS
  81 http://$PLC_WWW_HOST/
  82 save
  83 EOF
  84             check
  85         fi
  86
  87         # Install the key in the RPM database
  88         mkdir -p /etc/pki/rpm-gpg
  89         gpg --homedir=/etc/planetlab --no-permission-warning --no-tty --yes \
  90             --export --armor >"/etc/pki/rpm-gpg/RPM-GPG-KEY-$PLC_NAME"
  91         check
  92         if rpm -q gpg-pubkey ; then
  93             rpm --allmatches -e gpg-pubkey
  94             check
  95         fi
  96         rpm --import /etc/pki/rpm-gpg/*
  97         check
  98
  99         result "$MESSAGE"
 100         ;;
 101 esac
 102
 103 exit $ERRORS