abuild-keygen.in 2.95 KB
Newer Older
1 2
#!/bin/sh

3
# abuild-keygen - generate signing keys
4 5 6 7 8 9
# Copyright (c) 2009 Natanael Copa <ncopa@alpinelinux.org>
#
# Distributed under GPL-2
#

abuild_ver=@VERSION@
10
datadir=@datadir@
11

12 13 14 15 16
if ! [ -f "$datadir/functions.sh" ]; then
	echo "$datadir/functions.sh: not found" >&2
	exit 1
fi
. "$datadir/functions.sh"
17

18

19 20 21
# ask for privkey unless non-interactive mode
# returns value in global $privkey
get_privkey_file() {
Dubiousjim's avatar
Dubiousjim committed
22 23 24 25 26 27 28 29 30 31 32 33 34 35
	emailaddr=${PACKAGER##*<}
	emailaddr=${emailaddr%%>*}

	# if PACKAGER does not contain a valid email address, then ask git
	if [ -z "$emailaddr" ] || [ "${emailaddr##*@}" = "$emailaddr" ]; then
		emailaddr=$(git config --get user.email 2>/dev/null)
	fi

	if [ -n "$emailaddr" ]; then
		default_name="$emailaddr-$(printf "%x" $(date +%s))"
	else
		default_name="$USER-$(printf "%x" $(date +%s))"
	fi

36 37 38 39 40 41 42 43 44 45
	privkey="$abuild_home/$default_name.rsa"
	[ "$non_interactive" = "yes" ] && return 0
	echo "Generating public/private rsa key pair for abuild"
	echo -n "Enter file in which to save the key ($abuild_home/$default_name.rsa): "

	read line
	if [ -n "$line" ]; then
		privkey="$line"
	fi
}
46

Dubiousjim's avatar
Dubiousjim committed
47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92
do_keygen() {
	mkdir -p "$abuild_home"

	get_privkey_file
	pubkey="$privkey.pub"

	# generate the private key in a subshell with stricter umask
	(
	umask 0007
	openssl genrsa -out "$privkey" 2048
	)
	openssl rsa -in "$privkey" -pubout -out "$pubkey"


	if [ -n "$install_pubkey" ]; then
		msg "Installing $pubkey to /etc/apk/keys..."
		sudo mkdir -p /etc/apk/keys
		sudo cp -i "$pubkey" /etc/apk/keys/
	else

		msg ""
		msg "You'll need to install $pubkey into "
		msg "/etc/apk/keys to be able to install packages and repositories signed with"
		msg "$privkey"
	fi

	if [ -n "$append_config" ]; then
		if [ -f "$abuild_userconf" ]; then
			# comment out the existing values
			sed -i -e 's/^\(PACKAGER_PRIVKEY=.*\)/\#\1/' "$abuild_userconf"
		fi
		echo "PACKAGER_PRIVKEY=\"$privkey\"" >> "$abuild_userconf"
	else
		msg ""
		msg "You might want add following line to $abuild_userconf:"
		msg ""
		msg "PACKAGER_PRIVKEY=\"$privkey\""
		msg ""
	fi

	msg ""
	msg "Please remember to make a safe backup of your private key:"
	msg "$privkey"
	msg ""
}

93
usage() {
94 95 96 97 98 99 100 101 102 103 104
	cat >&2 <<__EOF__
$prog $abuild_ver - generate signing keys
Usage: $prog [-a|--append] [-i|--install] [-n]
Options:
  -a, --append   Set PACKAGER_PRIVKEY=<generated key> in $abuild_userconf
  -i, --install  Install public key into /etc/apk/keys using sudo
  -n             Non-interactive. Use defaults
  -q, --quiet
  -h, --help     Show this help

__EOF__
105 106
}

107 108 109 110
append_config=
install_pubkey=
non_interactive=
quiet=
111

112 113 114 115 116 117 118 119 120 121 122 123 124 125 126
args=`getopt -o ainqh --long append,install,quiet,help -n "$prog" -- "$@"`
if [ $? -ne 0 ]; then
	usage
	exit 2
fi
eval set -- "$args"
while true; do
	case $1 in
		-a|--append) append_config=1;;
		-i|--install) install_pubkey=1;;
		-n) non_interactive=yes;;
		-q|--quiet) quiet=1;; # suppresses msg
		-h|--help) usage; exit;;
		--) shift; break;;
		*) exit 1;; # getopt error
127
	esac
128
	shift
129
done
130 131 132 133
if [ $# -ne 0 ]; then
	usage
	exit 2
fi
134

Dubiousjim's avatar
Dubiousjim committed
135
do_keygen