diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2021-04-11 13:52:48 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2021-04-11 13:53:02 +0000 |
commit | 9c47a33c9a0896eda85b22a1c0f16e96a27b6450 (patch) | |
tree | d91e6ec682020627be5653c4f3996f37b10da543 /libexec/container/key | |
parent | Releasing debian version 20210101-1. (diff) | |
download | open-infrastructure-compute-tools-9c47a33c9a0896eda85b22a1c0f16e96a27b6450.tar.xz open-infrastructure-compute-tools-9c47a33c9a0896eda85b22a1c0f16e96a27b6450.zip |
Merging upstream version 20210411.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'libexec/container/key')
-rwxr-xr-x | libexec/container/key | 153 |
1 files changed, 153 insertions, 0 deletions
diff --git a/libexec/container/key b/libexec/container/key new file mode 100755 index 0000000..5f76fb2 --- /dev/null +++ b/libexec/container/key @@ -0,0 +1,153 @@ +#!/bin/sh + +# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. + +set -e + +PROJECT="open-infrastructure" +SOFTWARE="compute-tools" +PROGRAM="container" +COMMAND="$(basename ${0})" + +KEYS="/etc/${SOFTWARE}/keys" + +Parameters () +{ + GETOPT_LONGOPTIONS="add:,list,remove:," + GETOPT_OPTIONS="a:,l,r:," + + PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${COMMAND} --options ${GETOPT_OPTIONS} --shell sh -- ${@})" + + if [ "${?}" != "0" ] + then + echo "'${COMMAND}': getopt exit" >&2 + exit 1 + fi + + eval set -- "${PARAMETERS}" + + while true + do + case "${1}" in + -a|--add) + ADD="${2}" + ACTION="add" + shift 2 + ;; + + -l|--list) + ACTION="list" + shift 1 + ;; + + -r|--remove) + REMOVE="${2}" + ACTION="remove" + shift 2 + ;; + + --) + shift 1 + break + ;; + + *) + echo "'${COMMAND}': getopt error" >&2 + exit 1 + ;; + esac + done +} + +Usage () +{ + echo "Usage: ${PROGRAM} ${COMMAND} [-a|--add KEY] [-l|--list] [-r|--remove KEY]" >&2 + exit 1 +} + +Parameters "${@}" + +if [ -z "${ACTION}" ] +then + Usage +fi + +# Pre hooks +for FILE in "${HOOKS}/pre-${COMMAND}".* "${HOOKS}/${NAME}.pre-${COMMAND}" +do + if [ -x "${FILE}" ] + then + "${FILE}" + fi +done + +# Run +if [ ! -e "${KEYS}" ] +then + mkdir -p "${KEYS}" + + chown root:root "${KEYS}" + chmod 0700 "${KEYS}" + +cat > "${KEYS}/gnupg.conf" << EOF +keyserver hkps://hkps.pool.sks-keyservers.net +keyserver-options include-revoked +keyserver-options no-honor-keyserver-url + +cert-digest-algo SHA512 +default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES ZLIB ZIP Uncompressed +personal-cipher-preferences AES256 AES192 AES +personal-compress-preferences ZLIB ZIP Uncompressed +personal-digest-preferences SHA512 SHA384 SHA256 SHA224 + +no-comments +no-emit-version +no-greeting +keyid-format 0xlong +list-options show-keyring +list-options show-uid-validity +verify-options show-uid-validity +with-fingerprint + +charset utf-8 +EOF + +fi + +case "${ACTION}" in + add) + gpg --homedir "${KEYS}" --import "${ADD}" + ;; + + list) + gpg --homedir "${KEYS}" --list-keys + ;; + + remove) + gpg --homedir "${KEYS}" --delete-keys "${REMOVE}" + ;; +esac + +# Post hooks +for FILE in "${HOOKS}/post-${COMMAND}".* "${HOOKS}/${NAME}.post-${COMMAND}" +do + if [ -x "${FILE}" ] + then + "${FILE}" + fi +done |