abuild-keygen.in 2.86 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
#!/bin/sh

# generate signing keys 
# Copyright (c) 2009 Natanael Copa <ncopa@alpinelinux.org>
#
# Distributed under GPL-2
#
# Depends on: busybox utilities, fakeroot, 
#

abuild_ver=@VERSION@
sysconfdir=@sysconfdir@

abuild_conf=${ABUILD_CONF:-"$sysconfdir/abuild.conf"}
abuild_home=${ABUILD_USERDIR:-"$HOME/.abuild"}
abuild_userconf=${ABUILD_USERCONF:-"$abuild_home/abuild.conf"}

18 19 20 21 22 23
# echo message unless quite mode
msg() {
	[ -n "$quiet" ] && return 0
	echo "$@"
}

24 25 26 27 28 29 30 31 32 33 34 35 36
# ask for privkey unless non-interactive mode
# returns value in global $privkey
get_privkey_file() {
	privkey="$abuild_home/$default_name.rsa"
	[ "$non_interactive" = "yes" ] && return 0
	echo "Generating public/private rsa key pair for abuild"
	echo -n "Enter file in which to save the key ($abuild_home/$default_name.rsa): "

	read line
	if [ -n "$line" ]; then
		privkey="$line"
	fi
}
37

38
# print usage and exit
39 40 41 42
usage() {
	echo "abuild-keygen $abuild_ver"
	echo "usage: abuild-keygen [-ih]"
	echo "options:"
43
	echo " -a  Set PACKAGER_PRIVKEY=<generated key> in $abuild_userconf"
44 45
	echo " -i  Install public key into /etc/apk/keys using sudo"
	echo " -h  Show this help"
46
	echo " -n  Non-interactive. Use defaults"
47
	echo " -q  Quiet mode"
48 49 50 51
	echo ""
	exit 1
}

52 53 54 55 56 57 58 59 60 61 62 63 64 65 66
# read config
[ -f "$abuild_conf" ] && . "$abuild_conf"

# read user config if exists
[ -f "$abuild_userconf" ] && . "$abuild_userconf"

emailaddr=${PACKAGER##*<}
emailaddr=${emailaddr%%>*}

# if PACKAGER does not contain a valid email address, then ask git
if [ -z "$emailaddr" ] || [ "${emailaddr##*@}" = "$emailaddr" ]; then
	emailaddr=$(git config --get user.email 2>/dev/null)
fi

if [ -n "$emailaddr" ]; then
67
	default_name="$emailaddr-$(printf "%x" $(date +%s))"
68
else
69
	default_name="$USER-$(printf "%x" $(date +%s))"
70 71
fi

72
while getopts "ahinq" opt; do
73
	case $opt in
74
	a) append_config=yes;;
75
	h) usage;;
76 77
	i) install_pubkey=yes;;
	n) non_interactive=yes;;
78
	q) quiet=-quiet;;
79 80 81 82
	esac
done
shift $(( $OPTIND - 1))

83 84
mkdir -p "$abuild_home"

85
get_privkey_file
86 87 88 89
pubkey="$privkey.pub"

# generate the private key in a subshell with stricter umask
(
90
umask 0007
91 92 93 94
openssl genrsa -out "$privkey" 2048
)
openssl rsa -in "$privkey" -pubout -out "$pubkey"

95 96

if [ -n "$install_pubkey" ]; then
97
	msg "Installing $pubkey to /etc/apk/keys..."
98 99 100 101
	sudo mkdir -p /etc/apk/keys
	sudo cp -i "$pubkey" /etc/apk/keys/
else

102 103 104 105
	msg ""
	msg "You'll need to install $pubkey into "
	msg "/etc/apk/keys to be able to install packages and repositories signed with"
	msg "$privkey"
106 107
fi

108 109 110 111 112 113 114
if [ -n "$append_config" ]; then
	if [ -f "$abuild_userconf" ]; then
		# comment out the existing values
		sed -i -e 's/^\(PACKAGER_PRIVKEY=.*\)/\#\1/' "$abuild_userconf"
	fi
	echo "PACKAGER_PRIVKEY=\"$privkey\"" >> "$abuild_userconf"
else
115 116 117 118 119
	msg ""
	msg "You might want add following line to $abuild_userconf:"
	msg ""
	msg "PACKAGER_PRIVKEY=\"$privkey\""
	msg ""
120 121
fi

122 123 124 125
msg ""
msg "Please remember to make a safe backup of your private key:"
msg "$privkey"
msg ""
126