abuild-keygen.in 2.92 KB
Newer Older
1 2
#!/bin/sh

3
# abuild-keygen - generate signing keys
4 5 6 7 8
# Copyright (c) 2009 Natanael Copa <ncopa@alpinelinux.org>
#
# Distributed under GPL-2
#

9
program_version=@VERSION@
10
datadir=@datadir@
11

12 13 14 15 16
if ! [ -f "$datadir/functions.sh" ]; then
	echo "$datadir/functions.sh: not found" >&2
	exit 1
fi
. "$datadir/functions.sh"
17

18

19 20 21
# ask for privkey unless non-interactive mode
# returns value in global $privkey
get_privkey_file() {
22
	local emailaddr default_name
Dubiousjim's avatar
Dubiousjim committed
23 24 25 26 27 28 29 30
	emailaddr=${PACKAGER##*<}
	emailaddr=${emailaddr%%>*}

	# if PACKAGER does not contain a valid email address, then ask git
	if [ -z "$emailaddr" ] || [ "${emailaddr##*@}" = "$emailaddr" ]; then
		emailaddr=$(git config --get user.email 2>/dev/null)
	fi

31
	default_name="${emailaddr:-$USER}-$(printf "%x" $(date +%s))"
Dubiousjim's avatar
Dubiousjim committed
32

33
	privkey="$ABUILD_USERDIR/$default_name.rsa"
34
	[ -n "$non_interactive" ] && return 0
35
	msg "Generating public/private rsa key pair for abuild"
36
	echo -n "Enter file in which to save the key [$privkey]: "
37 38 39 40 41 42

	read line
	if [ -n "$line" ]; then
		privkey="$line"
	fi
}
43

Dubiousjim's avatar
Dubiousjim committed
44
do_keygen() {
45
	mkdir -p "$ABUILD_USERDIR"
Dubiousjim's avatar
Dubiousjim committed
46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70

	get_privkey_file
	pubkey="$privkey.pub"

	# generate the private key in a subshell with stricter umask
	(
	umask 0007
	openssl genrsa -out "$privkey" 2048
	)
	openssl rsa -in "$privkey" -pubout -out "$pubkey"


	if [ -n "$install_pubkey" ]; then
		msg "Installing $pubkey to /etc/apk/keys..."
		sudo mkdir -p /etc/apk/keys
		sudo cp -i "$pubkey" /etc/apk/keys/
	else

		msg ""
		msg "You'll need to install $pubkey into "
		msg "/etc/apk/keys to be able to install packages and repositories signed with"
		msg "$privkey"
	fi

	if [ -n "$append_config" ]; then
71
		if [ -f "$ABUILD_USERCONF" ]; then
Dubiousjim's avatar
Dubiousjim committed
72
			# comment out the existing values
73
			sed -i -e 's/^PACKAGER_PRIVKEY=/\#&/' "$ABUILD_USERCONF"
Dubiousjim's avatar
Dubiousjim committed
74
		fi
75
		echo "PACKAGER_PRIVKEY=\"$privkey\"" >> "$ABUILD_USERCONF"
Dubiousjim's avatar
Dubiousjim committed
76 77
	else
		msg ""
78
		msg "You might want add following line to $ABUILD_USERCONF:"
Dubiousjim's avatar
Dubiousjim committed
79 80 81 82 83 84 85 86 87 88 89
		msg ""
		msg "PACKAGER_PRIVKEY=\"$privkey\""
		msg ""
	fi

	msg ""
	msg "Please remember to make a safe backup of your private key:"
	msg "$privkey"
	msg ""
}

90
usage() {
91 92 93 94 95 96 97 98 99 100 101 102
	cat >&2 <<-__EOF__
		$program $program_version - generate signing keys
		Usage: $program [-a|--append] [-i|--install] [-n]
		Options:
		  -a, --append   Set PACKAGER_PRIVKEY=<generated key> in
		                 $ABUILD_USERCONF
		  -i, --install  Install public key into /etc/apk/keys using sudo
		  -n             Non-interactive. Use defaults
		  -q, --quiet
		  -h, --help     Show this help

	__EOF__
103 104
}

105 106 107 108
append_config=
install_pubkey=
non_interactive=
quiet=
109

110
args=$(getopt -o ainqh --long append,install,quiet,help -n "$program" -- "$@")
111 112 113 114 115 116 117 118 119
if [ $? -ne 0 ]; then
	usage
	exit 2
fi
eval set -- "$args"
while true; do
	case $1 in
		-a|--append) append_config=1;;
		-i|--install) install_pubkey=1;;
120
		-n) non_interactive=1;;
121 122 123 124
		-q|--quiet) quiet=1;; # suppresses msg
		-h|--help) usage; exit;;
		--) shift; break;;
		*) exit 1;; # getopt error
125
	esac
126
	shift
127
done
128 129 130 131
if [ $# -ne 0 ]; then
	usage
	exit 2
fi
132

Dubiousjim's avatar
Dubiousjim committed
133
do_keygen