summaryrefslogtreecommitdiff
path: root/abuild-keygen.in
blob: af1ad9051ced022ff7b9d83f7bbaba42df434917 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
#!/bin/sh

# generate signing keys 
# Copyright (c) 2009 Natanael Copa <ncopa@alpinelinux.org>
#
# Distributed under GPL-2
#
# Depends on: busybox utilities, fakeroot, 
#

abuild_ver=@VERSION@
sysconfdir=@sysconfdir@

abuild_conf=${ABUILD_CONF:-"$sysconfdir/abuild.conf"}
abuild_home=${ABUILD_USERDIR:-"$HOME/.abuild"}
abuild_userconf=${ABUILD_USERCONF:-"$abuild_home/abuild.conf"}


usage() {
	echo "abuild-keygen $abuild_ver"
	echo "usage: abuild-keygen [-ih]"
	echo "options:"
	echo " -a  Set PACKAGER_PRIVKEY=<generated key> in $abuild_userconf"
	echo " -i  Install public key into /etc/apk/keys using sudo"
	echo " -h  Show this help"
	echo ""
	exit 1
}

# read config
[ -f "$abuild_conf" ] && . "$abuild_conf"

# read user config if exists
[ -f "$abuild_userconf" ] && . "$abuild_userconf"

emailaddr=${PACKAGER##*<}
emailaddr=${emailaddr%%>*}

# if PACKAGER does not contain a valid email address, then ask git
if [ -z "$emailaddr" ] || [ "${emailaddr##*@}" = "$emailaddr" ]; then
	emailaddr=$(git config --get user.email 2>/dev/null)
fi

if [ -n "$emailaddr" ]; then
	default_name="$emailaddr-$(printf "%x" $(date +%s))"
else
	default_name="$USER-$(printf "%x" $(date +%s))"
fi

while getopts "ahi" opt; do
	case $opt in
	a) append_config=yes;;
	h) usage;;
	i) install_pubkey=yes;
	esac
done
shift $(( $OPTIND - 1))

mkdir -p "$abuild_home"

echo "Generating public/private rsa key pair for abuild"
echo -n "Enter file in which to save the key ($abuild_home/$default_name.rsa): "

read line
if [ -z "$line" ]; then
	privkey="$abuild_home/$default_name.rsa"
else
	privkey="$line"
fi
pubkey="$privkey.pub"

# generate the private key in a subshell with stricter umask
(
umask 0007
openssl genrsa -out "$privkey" 2048
)
openssl rsa -in "$privkey" -pubout -out "$pubkey"


if [ -n "$install_pubkey" ]; then
	echo "Installing $pubkey to /etc/apk/keys..."
	sudo mkdir -p /etc/apk/keys
	sudo cp -i "$pubkey" /etc/apk/keys/
else

	echo ""
	echo "You'll need to install $pubkey into "
	echo "/etc/apk/keys to be able to install packages and repositories signed with"
	echo "$privkey"
fi

if [ -n "$append_config" ]; then
	if [ -f "$abuild_userconf" ]; then
		# comment out the existing values
		sed -i -e 's/^\(PACKAGER_PRIVKEY=.*\)/\#\1/' "$abuild_userconf"
	fi
	echo "PACKAGER_PRIVKEY=\"$privkey\"" >> "$abuild_userconf"
else
	echo ""
	echo "You might want add following line to $abuild_userconf:"
	echo ""
	echo "PACKAGER_PRIVKEY=\"$privkey\""
	echo ""
fi

echo ""
echo "Please remember to make a safe backup of your private key:"
echo "$privkey"
echo ""