abuild-keygen.in 2.9 KB
Newer Older
1 2
#!/bin/sh

3
# abuild-keygen - generate signing keys
4 5 6 7 8 9 10 11 12 13 14 15
# Copyright (c) 2009 Natanael Copa <ncopa@alpinelinux.org>
#
# Distributed under GPL-2
#

abuild_ver=@VERSION@
sysconfdir=@sysconfdir@

abuild_conf=${ABUILD_CONF:-"$sysconfdir/abuild.conf"}
abuild_home=${ABUILD_USERDIR:-"$HOME/.abuild"}
abuild_userconf=${ABUILD_USERCONF:-"$abuild_home/abuild.conf"}

16 17 18 19 20 21
# echo message unless quite mode
msg() {
	[ -n "$quiet" ] && return 0
	echo "$@"
}

22 23 24
# ask for privkey unless non-interactive mode
# returns value in global $privkey
get_privkey_file() {
Dubiousjim's avatar
Dubiousjim committed
25 26 27 28 29 30 31 32 33 34 35 36 37 38
	emailaddr=${PACKAGER##*<}
	emailaddr=${emailaddr%%>*}

	# if PACKAGER does not contain a valid email address, then ask git
	if [ -z "$emailaddr" ] || [ "${emailaddr##*@}" = "$emailaddr" ]; then
		emailaddr=$(git config --get user.email 2>/dev/null)
	fi

	if [ -n "$emailaddr" ]; then
		default_name="$emailaddr-$(printf "%x" $(date +%s))"
	else
		default_name="$USER-$(printf "%x" $(date +%s))"
	fi

39 40 41 42 43 44 45 46 47 48
	privkey="$abuild_home/$default_name.rsa"
	[ "$non_interactive" = "yes" ] && return 0
	echo "Generating public/private rsa key pair for abuild"
	echo -n "Enter file in which to save the key ($abuild_home/$default_name.rsa): "

	read line
	if [ -n "$line" ]; then
		privkey="$line"
	fi
}
49

Dubiousjim's avatar
Dubiousjim committed
50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95
do_keygen() {
	mkdir -p "$abuild_home"

	get_privkey_file
	pubkey="$privkey.pub"

	# generate the private key in a subshell with stricter umask
	(
	umask 0007
	openssl genrsa -out "$privkey" 2048
	)
	openssl rsa -in "$privkey" -pubout -out "$pubkey"


	if [ -n "$install_pubkey" ]; then
		msg "Installing $pubkey to /etc/apk/keys..."
		sudo mkdir -p /etc/apk/keys
		sudo cp -i "$pubkey" /etc/apk/keys/
	else

		msg ""
		msg "You'll need to install $pubkey into "
		msg "/etc/apk/keys to be able to install packages and repositories signed with"
		msg "$privkey"
	fi

	if [ -n "$append_config" ]; then
		if [ -f "$abuild_userconf" ]; then
			# comment out the existing values
			sed -i -e 's/^\(PACKAGER_PRIVKEY=.*\)/\#\1/' "$abuild_userconf"
		fi
		echo "PACKAGER_PRIVKEY=\"$privkey\"" >> "$abuild_userconf"
	else
		msg ""
		msg "You might want add following line to $abuild_userconf:"
		msg ""
		msg "PACKAGER_PRIVKEY=\"$privkey\""
		msg ""
	fi

	msg ""
	msg "Please remember to make a safe backup of your private key:"
	msg "$privkey"
	msg ""
}

96
# print usage and exit
97 98 99 100
usage() {
	echo "abuild-keygen $abuild_ver"
	echo "usage: abuild-keygen [-ih]"
	echo "options:"
101
	echo " -a  Set PACKAGER_PRIVKEY=<generated key> in $abuild_userconf"
102 103
	echo " -i  Install public key into /etc/apk/keys using sudo"
	echo " -h  Show this help"
104
	echo " -n  Non-interactive. Use defaults"
105
	echo " -q  Quiet mode"
106 107 108 109
	echo ""
	exit 1
}

110 111 112 113 114 115
# read config
[ -f "$abuild_conf" ] && . "$abuild_conf"

# read user config if exists
[ -f "$abuild_userconf" ] && . "$abuild_userconf"

116
while getopts "ahinq" opt; do
117
	case $opt in
118
	a) append_config=yes;;
119
	h) usage;;
120 121
	i) install_pubkey=yes;;
	n) non_interactive=yes;;
122
	q) quiet=-quiet;;
123 124 125 126
	esac
done
shift $(( $OPTIND - 1))

Dubiousjim's avatar
Dubiousjim committed
127
do_keygen