abuild-keygen.in 2.65 KB
Newer Older
1 2
#!/bin/sh

3
# abuild-keygen - generate signing keys
4 5 6 7 8 9
# Copyright (c) 2009 Natanael Copa <ncopa@alpinelinux.org>
#
# Distributed under GPL-2
#

abuild_ver=@VERSION@
10
datadir=@datadir@
11

12 13 14 15 16
if ! [ -f "$datadir/functions.sh" ]; then
	echo "$datadir/functions.sh: not found" >&2
	exit 1
fi
. "$datadir/functions.sh"
17

18

19 20 21
# ask for privkey unless non-interactive mode
# returns value in global $privkey
get_privkey_file() {
Dubiousjim's avatar
Dubiousjim committed
22 23 24 25 26 27 28 29 30 31 32 33 34 35
	emailaddr=${PACKAGER##*<}
	emailaddr=${emailaddr%%>*}

	# if PACKAGER does not contain a valid email address, then ask git
	if [ -z "$emailaddr" ] || [ "${emailaddr##*@}" = "$emailaddr" ]; then
		emailaddr=$(git config --get user.email 2>/dev/null)
	fi

	if [ -n "$emailaddr" ]; then
		default_name="$emailaddr-$(printf "%x" $(date +%s))"
	else
		default_name="$USER-$(printf "%x" $(date +%s))"
	fi

36 37 38 39 40 41 42 43 44 45
	privkey="$abuild_home/$default_name.rsa"
	[ "$non_interactive" = "yes" ] && return 0
	echo "Generating public/private rsa key pair for abuild"
	echo -n "Enter file in which to save the key ($abuild_home/$default_name.rsa): "

	read line
	if [ -n "$line" ]; then
		privkey="$line"
	fi
}
46

Dubiousjim's avatar
Dubiousjim committed
47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92
do_keygen() {
	mkdir -p "$abuild_home"

	get_privkey_file
	pubkey="$privkey.pub"

	# generate the private key in a subshell with stricter umask
	(
	umask 0007
	openssl genrsa -out "$privkey" 2048
	)
	openssl rsa -in "$privkey" -pubout -out "$pubkey"


	if [ -n "$install_pubkey" ]; then
		msg "Installing $pubkey to /etc/apk/keys..."
		sudo mkdir -p /etc/apk/keys
		sudo cp -i "$pubkey" /etc/apk/keys/
	else

		msg ""
		msg "You'll need to install $pubkey into "
		msg "/etc/apk/keys to be able to install packages and repositories signed with"
		msg "$privkey"
	fi

	if [ -n "$append_config" ]; then
		if [ -f "$abuild_userconf" ]; then
			# comment out the existing values
			sed -i -e 's/^\(PACKAGER_PRIVKEY=.*\)/\#\1/' "$abuild_userconf"
		fi
		echo "PACKAGER_PRIVKEY=\"$privkey\"" >> "$abuild_userconf"
	else
		msg ""
		msg "You might want add following line to $abuild_userconf:"
		msg ""
		msg "PACKAGER_PRIVKEY=\"$privkey\""
		msg ""
	fi

	msg ""
	msg "Please remember to make a safe backup of your private key:"
	msg "$privkey"
	msg ""
}

93
# print usage and exit
94 95 96 97
usage() {
	echo "abuild-keygen $abuild_ver"
	echo "usage: abuild-keygen [-ih]"
	echo "options:"
98
	echo " -a  Set PACKAGER_PRIVKEY=<generated key> in $abuild_userconf"
99 100
	echo " -i  Install public key into /etc/apk/keys using sudo"
	echo " -h  Show this help"
101
	echo " -n  Non-interactive. Use defaults"
102
	echo " -q  Quiet mode"
103 104 105 106
	echo ""
	exit 1
}

107

108
while getopts "ahinq" opt; do
109
	case $opt in
110
	a) append_config=yes;;
111
	h) usage;;
112 113
	i) install_pubkey=yes;;
	n) non_interactive=yes;;
114
	q) quiet=-quiet;;
115 116 117 118
	esac
done
shift $(( $OPTIND - 1))

Dubiousjim's avatar
Dubiousjim committed
119
do_keygen