RepoMirrors/abuild
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/abuild.git synced 2024-12-26 00:42:22 +00:00
Code Issues Projects Releases Wiki Activity
af0c88e6ab
abuild/abuild-keygen.in
Sören Tempel d5f4982a9a abuild-keygen: make size of private key configurable 
Previously, a key size of 2048 bits was hardcoded. While this is still
the default, it can now be changed. Additionally, the default key size
might be changed to 4096 in the future.
2019-12-23 15:12:14 +01:00

138 lines
3.1 KiB
Bash
Raw Blame History

#!/bin/sh
# abuild-keygen - generate signing keys
# Copyright (c) 2009 Natanael Copa <ncopa@alpinelinux.org>
#
# Distributed under GPL-2
#
program_version=@VERSION@
sharedir=${ABUILD_SHAREDIR:-@sharedir@}
if ! [ -f "$sharedir/functions.sh" ]; then
echo "$sharedir/functions.sh: not found" >&2
exit 1
fi
. "$sharedir/functions.sh"
# ask for privkey unless non-interactive mode
# returns value in global $privkey
get_privkey_file() {
local emailaddr default_name
emailaddr=${PACKAGER##*<}
emailaddr=${emailaddr%%>*}
# if PACKAGER does not contain a valid email address, then ask git
if [ -z "$emailaddr" ] || [ "${emailaddr##*@}" = "$emailaddr" ]; then
emailaddr=$(git config --get user.email 2>/dev/null)
fi
default_name="${emailaddr:-$USER}-$(printf "%x" $(date +%s))"
privkey="$ABUILD_USERDIR/$default_name.rsa"
[ -n "$non_interactive" ] && return 0
msg "Generating public/private rsa key pair for abuild"
echo -n "Enter file in which to save the key [$privkey]: "
read line
if [ -n "$line" ]; then
privkey="$line"
fi
}
do_keygen() {
mkdir -p "$ABUILD_USERDIR"
get_privkey_file
pubkey="$privkey.pub"
# generate the private key in a subshell with stricter umask
(
umask 0007
openssl genrsa -out "$privkey" "$numbits"
)
openssl rsa -in "$privkey" -pubout -out "$pubkey"
if [ -n "$install_pubkey" ]; then
msg "Installing $pubkey to /etc/apk/keys..."
sudo mkdir -p /etc/apk/keys
sudo cp -i "$pubkey" /etc/apk/keys/
else
msg ""
msg "You'll need to install $pubkey into "
msg "/etc/apk/keys to be able to install packages and repositories signed with"
msg "$privkey"
fi
if [ -n "$append_config" ]; then
if [ -f "$ABUILD_USERCONF" ]; then
# comment out the existing values
sed -i -e 's/^PACKAGER_PRIVKEY=/\#&/' "$ABUILD_USERCONF"
fi
echo "PACKAGER_PRIVKEY=\"$privkey\"" >> "$ABUILD_USERCONF"
else
msg ""
msg "You might want add following line to $ABUILD_USERCONF:"
msg ""
msg "PACKAGER_PRIVKEY=\"$privkey\""
msg ""
fi
msg ""
msg "Please remember to make a safe backup of your private key:"
msg "$privkey"
msg ""
}
usage() {
cat >&2 <<-__EOF__
$program $program_version - generate signing keys
Usage: $program [-a|--append] [-i|--install] [-n]
Options:
-a, --append Set PACKAGER_PRIVKEY=<generated key> in
$ABUILD_USERCONF
-i, --install Install public key into /etc/apk/keys using sudo
-n Non-interactive. Use defaults
-b, --numbits [BITS] The size of the private key to generate in bits.
-q, --quiet
-h, --help Show this help
__EOF__
}
append_config=
install_pubkey=
non_interactive=
numbits=2048
quiet=
args=$(getopt -o ab:inqh --long append,numbits:,install,quiet,help -n "$program" -- "$@")
if [ $? -ne 0 ]; then
usage
exit 2
fi
eval set -- "$args"
while true; do
case $1 in
-a|--append) append_config=1;;
-i|--install) install_pubkey=1;;
-n) non_interactive=1;;
-b|--numbits) numbits="$2"; shift 1;;
-q|--quiet) quiet=1;; # suppresses msg
-h|--help) usage; exit;;
--) shift; break;;
*) exit 1;; # getopt error
esac
shift
done
if [ $# -ne 0 ]; then
usage
exit 2
fi
do_keygen
Reference in New Issue View Git Blame Copy Permalink