111 lines
2.5 KiB
Bash
111 lines
2.5 KiB
Bash
#!/bin/sh
|
|
|
|
# generate signing keys
|
|
# Copyright (c) 2009 Natanael Copa <ncopa@alpinelinux.org>
|
|
#
|
|
# Distributed under GPL-2
|
|
#
|
|
# Depends on: busybox utilities, fakeroot,
|
|
#
|
|
|
|
abuild_ver=@VERSION@
|
|
sysconfdir=@sysconfdir@
|
|
|
|
abuild_conf=${ABUILD_CONF:-"$sysconfdir/abuild.conf"}
|
|
abuild_home=${ABUILD_USERDIR:-"$HOME/.abuild"}
|
|
abuild_userconf=${ABUILD_USERCONF:-"$abuild_home/abuild.conf"}
|
|
|
|
|
|
usage() {
|
|
echo "abuild-keygen $abuild_ver"
|
|
echo "usage: abuild-keygen [-ih]"
|
|
echo "options:"
|
|
echo " -a Set PACKAGER_PRIVKEY=<generated key> in $abuild_userconf"
|
|
echo " -i Install public key into /etc/apk/keys using sudo"
|
|
echo " -h Show this help"
|
|
echo ""
|
|
exit 1
|
|
}
|
|
|
|
# read config
|
|
[ -f "$abuild_conf" ] && . "$abuild_conf"
|
|
|
|
# read user config if exists
|
|
[ -f "$abuild_userconf" ] && . "$abuild_userconf"
|
|
|
|
emailaddr=${PACKAGER##*<}
|
|
emailaddr=${emailaddr%%>*}
|
|
|
|
# if PACKAGER does not contain a valid email address, then ask git
|
|
if [ -z "$emailaddr" ] || [ "${emailaddr##*@}" = "$emailaddr" ]; then
|
|
emailaddr=$(git config --get user.email 2>/dev/null)
|
|
fi
|
|
|
|
if [ -n "$emailaddr" ]; then
|
|
default_name="$emailaddr-$(printf "%x" $(date +%s))"
|
|
else
|
|
default_name="$USER-$(printf "%x" $(date +%s))"
|
|
fi
|
|
|
|
while getopts "ahi" opt; do
|
|
case $opt in
|
|
a) append_config=yes;;
|
|
h) usage;;
|
|
i) install_pubkey=yes;
|
|
esac
|
|
done
|
|
shift $(( $OPTIND - 1))
|
|
|
|
mkdir -p "$abuild_home"
|
|
|
|
echo "Generating public/private rsa key pair for abuild"
|
|
echo -n "Enter file in which to save the key ($abuild_home/$default_name.rsa): "
|
|
|
|
read line
|
|
if [ -z "$line" ]; then
|
|
privkey="$abuild_home/$default_name.rsa"
|
|
else
|
|
privkey="$line"
|
|
fi
|
|
pubkey="$privkey.pub"
|
|
|
|
# generate the private key in a subshell with stricter umask
|
|
(
|
|
umask 0007
|
|
openssl genrsa -out "$privkey" 2048
|
|
)
|
|
openssl rsa -in "$privkey" -pubout -out "$pubkey"
|
|
|
|
|
|
if [ -n "$install_pubkey" ]; then
|
|
echo "Installing $pubkey to /etc/apk/keys..."
|
|
sudo mkdir -p /etc/apk/keys
|
|
sudo cp -i "$pubkey" /etc/apk/keys/
|
|
else
|
|
|
|
echo ""
|
|
echo "You'll need to install $pubkey into "
|
|
echo "/etc/apk/keys to be able to install packages and repositories signed with"
|
|
echo "$privkey"
|
|
fi
|
|
|
|
if [ -n "$append_config" ]; then
|
|
if [ -f "$abuild_userconf" ]; then
|
|
# comment out the existing values
|
|
sed -i -e 's/^\(PACKAGER_PRIVKEY=.*\)/\#\1/' "$abuild_userconf"
|
|
fi
|
|
echo "PACKAGER_PRIVKEY=\"$privkey\"" >> "$abuild_userconf"
|
|
else
|
|
echo ""
|
|
echo "You might want add following line to $abuild_userconf:"
|
|
echo ""
|
|
echo "PACKAGER_PRIVKEY=\"$privkey\""
|
|
echo ""
|
|
fi
|
|
|
|
echo ""
|
|
echo "Please remember to make a safe backup of your private key:"
|
|
echo "$privkey"
|
|
echo ""
|
|
|