abuild-keygen.in 2.86 KB
Newer Older
1 2
#!/bin/sh

3
# abuild-keygen - generate signing keys
4 5 6 7 8 9
# Copyright (c) 2009 Natanael Copa <ncopa@alpinelinux.org>
#
# Distributed under GPL-2
#

abuild_ver=@VERSION@
10
datadir=@datadir@
11

12 13 14 15 16
if ! [ -f "$datadir/functions.sh" ]; then
	echo "$datadir/functions.sh: not found" >&2
	exit 1
fi
. "$datadir/functions.sh"
17

18

19 20 21
# ask for privkey unless non-interactive mode
# returns value in global $privkey
get_privkey_file() {
Dubiousjim's avatar
Dubiousjim committed
22
	local emailaddr default_name
Dubiousjim's avatar
Dubiousjim committed
23 24 25 26 27 28 29 30
	emailaddr=${PACKAGER##*<}
	emailaddr=${emailaddr%%>*}

	# if PACKAGER does not contain a valid email address, then ask git
	if [ -z "$emailaddr" ] || [ "${emailaddr##*@}" = "$emailaddr" ]; then
		emailaddr=$(git config --get user.email 2>/dev/null)
	fi

Dubiousjim's avatar
Dubiousjim committed
31
	default_name="${emailaddr:-$USER}-$(printf "%x" $(date +%s))"
Dubiousjim's avatar
Dubiousjim committed
32

33
	privkey="$abuild_home/$default_name.rsa"
Dubiousjim's avatar
Dubiousjim committed
34
	[ -n "$non_interactive" ] && return 0
35
	msg "Generating public/private rsa key pair for abuild"
Dubiousjim's avatar
Dubiousjim committed
36
	echo -n "Enter file in which to save the key [$privkey]: "
37 38 39 40 41 42

	read line
	if [ -n "$line" ]; then
		privkey="$line"
	fi
}
43

Dubiousjim's avatar
Dubiousjim committed
44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72
do_keygen() {
	mkdir -p "$abuild_home"

	get_privkey_file
	pubkey="$privkey.pub"

	# generate the private key in a subshell with stricter umask
	(
	umask 0007
	openssl genrsa -out "$privkey" 2048
	)
	openssl rsa -in "$privkey" -pubout -out "$pubkey"


	if [ -n "$install_pubkey" ]; then
		msg "Installing $pubkey to /etc/apk/keys..."
		sudo mkdir -p /etc/apk/keys
		sudo cp -i "$pubkey" /etc/apk/keys/
	else

		msg ""
		msg "You'll need to install $pubkey into "
		msg "/etc/apk/keys to be able to install packages and repositories signed with"
		msg "$privkey"
	fi

	if [ -n "$append_config" ]; then
		if [ -f "$abuild_userconf" ]; then
			# comment out the existing values
Dubiousjim's avatar
Dubiousjim committed
73
			sed -i -e 's/^PACKAGER_PRIVKEY=/\#&/' "$abuild_userconf"
Dubiousjim's avatar
Dubiousjim committed
74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89
		fi
		echo "PACKAGER_PRIVKEY=\"$privkey\"" >> "$abuild_userconf"
	else
		msg ""
		msg "You might want add following line to $abuild_userconf:"
		msg ""
		msg "PACKAGER_PRIVKEY=\"$privkey\""
		msg ""
	fi

	msg ""
	msg "Please remember to make a safe backup of your private key:"
	msg "$privkey"
	msg ""
}

90
usage() {
91 92 93 94 95 96 97 98 99 100 101
	cat >&2 <<__EOF__
$prog $abuild_ver - generate signing keys
Usage: $prog [-a|--append] [-i|--install] [-n]
Options:
  -a, --append   Set PACKAGER_PRIVKEY=<generated key> in $abuild_userconf
  -i, --install  Install public key into /etc/apk/keys using sudo
  -n             Non-interactive. Use defaults
  -q, --quiet
  -h, --help     Show this help

__EOF__
102 103
}

104 105 106 107
append_config=
install_pubkey=
non_interactive=
quiet=
108

109 110 111 112 113 114 115 116 117 118
args=`getopt -o ainqh --long append,install,quiet,help -n "$prog" -- "$@"`
if [ $? -ne 0 ]; then
	usage
	exit 2
fi
eval set -- "$args"
while true; do
	case $1 in
		-a|--append) append_config=1;;
		-i|--install) install_pubkey=1;;
Dubiousjim's avatar
Dubiousjim committed
119
		-n) non_interactive=1;;
120 121 122 123
		-q|--quiet) quiet=1;; # suppresses msg
		-h|--help) usage; exit;;
		--) shift; break;;
		*) exit 1;; # getopt error
124
	esac
125
	shift
126
done
127 128 129 130
if [ $# -ne 0 ]; then
	usage
	exit 2
fi
131

Dubiousjim's avatar
Dubiousjim committed
132
do_keygen