summaryrefslogblamecommitdiff
path: root/abuild-keygen.in
blob: bf9d105d572ab39b4703f03f2f8ba19c734de6e2 (plain) (tree)
1
2
3
4
5
6
7
8
9

         
                                       



                                                          

                    
                 
 




                                                   
 
 


                                             
                                    







                                                                             
                                                                     
 
                                                
                                             
                                                                
                                                                  





                               
 




























                                                                                               
                                                                                















                                                                            
         










                                                                         

 



                
 









                                                                          
                                       



                                                      
            
             
    



                     
 
         
#!/bin/sh

# abuild-keygen - generate signing keys
# Copyright (c) 2009 Natanael Copa <ncopa@alpinelinux.org>
#
# Distributed under GPL-2
#

abuild_ver=@VERSION@
datadir=@datadir@

if ! [ -f "$datadir/functions.sh" ]; then
	echo "$datadir/functions.sh: not found" >&2
	exit 1
fi
. "$datadir/functions.sh"


# ask for privkey unless non-interactive mode
# returns value in global $privkey
get_privkey_file() {
	local emailaddr default_name
	emailaddr=${PACKAGER##*<}
	emailaddr=${emailaddr%%>*}

	# if PACKAGER does not contain a valid email address, then ask git
	if [ -z "$emailaddr" ] || [ "${emailaddr##*@}" = "$emailaddr" ]; then
		emailaddr=$(git config --get user.email 2>/dev/null)
	fi

	default_name="${emailaddr:-$USER}-$(printf "%x" $(date +%s))"

	privkey="$abuild_home/$default_name.rsa"
	[ -n "$non_interactive" ] && return 0
	echo "Generating public/private rsa key pair for abuild"
	echo -n "Enter file in which to save the key [$privkey]: "

	read line
	if [ -n "$line" ]; then
		privkey="$line"
	fi
}

do_keygen() {
	mkdir -p "$abuild_home"

	get_privkey_file
	pubkey="$privkey.pub"

	# generate the private key in a subshell with stricter umask
	(
	umask 0007
	openssl genrsa -out "$privkey" 2048
	)
	openssl rsa -in "$privkey" -pubout -out "$pubkey"


	if [ -n "$install_pubkey" ]; then
		msg "Installing $pubkey to /etc/apk/keys..."
		sudo mkdir -p /etc/apk/keys
		sudo cp -i "$pubkey" /etc/apk/keys/
	else

		msg ""
		msg "You'll need to install $pubkey into "
		msg "/etc/apk/keys to be able to install packages and repositories signed with"
		msg "$privkey"
	fi

	if [ -n "$append_config" ]; then
		if [ -f "$abuild_userconf" ]; then
			# comment out the existing values
			sed -i -e 's/^PACKAGER_PRIVKEY=/\#&/' "$abuild_userconf"
		fi
		echo "PACKAGER_PRIVKEY=\"$privkey\"" >> "$abuild_userconf"
	else
		msg ""
		msg "You might want add following line to $abuild_userconf:"
		msg ""
		msg "PACKAGER_PRIVKEY=\"$privkey\""
		msg ""
	fi

	msg ""
	msg "Please remember to make a safe backup of your private key:"
	msg "$privkey"
	msg ""
}

usage() {
	cat >&2 <<__EOF__
$prog $abuild_ver - generate signing keys
Usage: $prog [-a|--append] [-i|--install] [-n]
Options:
  -a, --append   Set PACKAGER_PRIVKEY=<generated key> in $abuild_userconf
  -i, --install  Install public key into /etc/apk/keys using sudo
  -n             Non-interactive. Use defaults
  -q, --quiet
  -h, --help     Show this help

__EOF__
}

append_config=
install_pubkey=
non_interactive=
quiet=

args=`getopt -o ainqh --long append,install,quiet,help -n "$prog" -- "$@"`
if [ $? -ne 0 ]; then
	usage
	exit 2
fi
eval set -- "$args"
while true; do
	case $1 in
		-a|--append) append_config=1;;
		-i|--install) install_pubkey=1;;
		-n) non_interactive=1;;
		-q|--quiet) quiet=1;; # suppresses msg
		-h|--help) usage; exit;;
		--) shift; break;;
		*) exit 1;; # getopt error
	esac
	shift
done
if [ $# -ne 0 ]; then
	usage
	exit 2
fi

do_keygen