summaryrefslogtreecommitdiffstats
path: root/libexec/container/key
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2021-04-11 13:52:48 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2021-04-11 13:53:02 +0000
commit9c47a33c9a0896eda85b22a1c0f16e96a27b6450 (patch)
treed91e6ec682020627be5653c4f3996f37b10da543 /libexec/container/key
parentReleasing debian version 20210101-1. (diff)
downloadopen-infrastructure-compute-tools-9c47a33c9a0896eda85b22a1c0f16e96a27b6450.tar.xz
open-infrastructure-compute-tools-9c47a33c9a0896eda85b22a1c0f16e96a27b6450.zip
Merging upstream version 20210411.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'libexec/container/key')
-rwxr-xr-xlibexec/container/key153
1 files changed, 153 insertions, 0 deletions
diff --git a/libexec/container/key b/libexec/container/key
new file mode 100755
index 0000000..5f76fb2
--- /dev/null
+++ b/libexec/container/key
@@ -0,0 +1,153 @@
+#!/bin/sh
+
+# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+#
+# SPDX-License-Identifier: GPL-3.0+
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
+
+set -e
+
+PROJECT="open-infrastructure"
+SOFTWARE="compute-tools"
+PROGRAM="container"
+COMMAND="$(basename ${0})"
+
+KEYS="/etc/${SOFTWARE}/keys"
+
+Parameters ()
+{
+ GETOPT_LONGOPTIONS="add:,list,remove:,"
+ GETOPT_OPTIONS="a:,l,r:,"
+
+ PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${COMMAND} --options ${GETOPT_OPTIONS} --shell sh -- ${@})"
+
+ if [ "${?}" != "0" ]
+ then
+ echo "'${COMMAND}': getopt exit" >&2
+ exit 1
+ fi
+
+ eval set -- "${PARAMETERS}"
+
+ while true
+ do
+ case "${1}" in
+ -a|--add)
+ ADD="${2}"
+ ACTION="add"
+ shift 2
+ ;;
+
+ -l|--list)
+ ACTION="list"
+ shift 1
+ ;;
+
+ -r|--remove)
+ REMOVE="${2}"
+ ACTION="remove"
+ shift 2
+ ;;
+
+ --)
+ shift 1
+ break
+ ;;
+
+ *)
+ echo "'${COMMAND}': getopt error" >&2
+ exit 1
+ ;;
+ esac
+ done
+}
+
+Usage ()
+{
+ echo "Usage: ${PROGRAM} ${COMMAND} [-a|--add KEY] [-l|--list] [-r|--remove KEY]" >&2
+ exit 1
+}
+
+Parameters "${@}"
+
+if [ -z "${ACTION}" ]
+then
+ Usage
+fi
+
+# Pre hooks
+for FILE in "${HOOKS}/pre-${COMMAND}".* "${HOOKS}/${NAME}.pre-${COMMAND}"
+do
+ if [ -x "${FILE}" ]
+ then
+ "${FILE}"
+ fi
+done
+
+# Run
+if [ ! -e "${KEYS}" ]
+then
+ mkdir -p "${KEYS}"
+
+ chown root:root "${KEYS}"
+ chmod 0700 "${KEYS}"
+
+cat > "${KEYS}/gnupg.conf" << EOF
+keyserver hkps://hkps.pool.sks-keyservers.net
+keyserver-options include-revoked
+keyserver-options no-honor-keyserver-url
+
+cert-digest-algo SHA512
+default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES ZLIB ZIP Uncompressed
+personal-cipher-preferences AES256 AES192 AES
+personal-compress-preferences ZLIB ZIP Uncompressed
+personal-digest-preferences SHA512 SHA384 SHA256 SHA224
+
+no-comments
+no-emit-version
+no-greeting
+keyid-format 0xlong
+list-options show-keyring
+list-options show-uid-validity
+verify-options show-uid-validity
+with-fingerprint
+
+charset utf-8
+EOF
+
+fi
+
+case "${ACTION}" in
+ add)
+ gpg --homedir "${KEYS}" --import "${ADD}"
+ ;;
+
+ list)
+ gpg --homedir "${KEYS}" --list-keys
+ ;;
+
+ remove)
+ gpg --homedir "${KEYS}" --delete-keys "${REMOVE}"
+ ;;
+esac
+
+# Post hooks
+for FILE in "${HOOKS}/post-${COMMAND}".* "${HOOKS}/${NAME}.post-${COMMAND}"
+do
+ if [ -x "${FILE}" ]
+ then
+ "${FILE}"
+ fi
+done