#!/bin/sh # abuild-keygen - generate signing keys # Copyright (c) 2009 Natanael Copa # # Distributed under GPL-2.0-only # program_version=@VERSION@ sharedir=${ABUILD_SHAREDIR:-@sharedir@} SUDO="${SUDO:-sudo}" if ! [ -f "$sharedir/functions.sh" ]; then echo "$sharedir/functions.sh: not found" >&2 exit 1 fi . "$sharedir/functions.sh" set -e # ask for privkey unless non-interactive mode # returns value in global $privkey get_privkey_file() { local emailaddr default_name emailaddr=${PACKAGER##*<} emailaddr=${emailaddr%%>*} # if PACKAGER does not contain a valid email address, then ask git if [ -z "$emailaddr" ] || [ "${emailaddr##*@}" = "$emailaddr" ]; then emailaddr=$(git config --get user.email 2>/dev/null) fi default_name="${emailaddr:-$USER}-$(printf "%x" $(date +%s))" privkey="$ABUILD_USERDIR/$default_name.rsa" if [ -n "$non_interactive" ]; then return 0 fi msg "Generating public/private rsa key pair for abuild" echo -n "Enter file in which to save the key [$privkey]: " read line if [ -n "$line" ]; then privkey="$line" fi } do_keygen() { mkdir -p "$ABUILD_USERDIR" get_privkey_file pubkey="$privkey.pub" # generate the private key in a subshell with stricter umask ( umask 0007 openssl genrsa -out "$privkey" "$numbits" ) openssl rsa -in "$privkey" -pubout -out "$pubkey" if [ -n "$install_pubkey" ]; then msg "Installing $pubkey to /etc/apk/keys..." $SUDO mkdir -p /etc/apk/keys $SUDO cp -i "$pubkey" /etc/apk/keys/ else msg "" msg "You'll need to install $pubkey into " msg "/etc/apk/keys to be able to install packages and repositories signed with" msg "$privkey" fi if [ -n "$append_config" ]; then if [ -f "$ABUILD_USERCONF" ]; then # comment out the existing values sed -i -e 's/^PACKAGER_PRIVKEY=/\#&/' "$ABUILD_USERCONF" fi echo "PACKAGER_PRIVKEY=\"$privkey\"" >> "$ABUILD_USERCONF" else msg "" msg "You might want add following line to $ABUILD_USERCONF:" msg "" msg "PACKAGER_PRIVKEY=\"$privkey\"" msg "" fi msg "" msg "Please remember to make a safe backup of your private key:" msg "$privkey" msg "" } usage() { cat >&2 <<-__EOF__ $program $program_version - generate signing keys Usage: $program [-a|--append] [-i|--install] [-n] Options: -a, --append Set PACKAGER_PRIVKEY= in $ABUILD_USERCONF -i, --install Install public key into /etc/apk/keys using sudo -n Non-interactive. Use defaults -b, --numbits [BITS] The size of the private key to generate in bits. -q, --quiet -h, --help Show this help The SUDO variable can be set to pick which tool can be used to elevate privileges, if it is not set it defaults to sudo. __EOF__ } append_config= install_pubkey= non_interactive= numbits=2048 quiet= args=$(getopt -o ab:inqh --long append,numbits:,install,quiet,help -n "$program" -- "$@") if [ $? -ne 0 ]; then usage exit 2 fi eval set -- "$args" while true; do case $1 in -a|--append) append_config=1;; -i|--install) install_pubkey=1;; -n) non_interactive=1;; -b|--numbits) numbits="$2"; shift 1;; -q|--quiet) quiet=1;; # suppresses msg -h|--help) usage; exit;; --) shift; break;; *) exit 1;; # getopt error esac shift done if [ $# -ne 0 ]; then usage exit 2 fi do_keygen