This commit is contained in:
Bob Mottram 2017-06-24 14:16:59 +01:00
parent e77cb551ea
commit 8c947cd18d
2 changed files with 79 additions and 27 deletions

View File

@ -13,7 +13,7 @@
# License
# =======
#
# Copyright (C) 2014-2016 Bob Mottram <bob@freedombone.net>
# Copyright (C) 2014-2017 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
@ -1576,12 +1576,15 @@ function configure_gpg {
echo $"GPG public key file $MY_GPG_PUBLIC_KEY was not found"
exit 2483
fi
if [ ! -f $MY_GPG_PRIVATE_KEY ]; then
echo $"GPG private key file $MY_GPG_PRIVATE_KEY was not found"
exit 5383
fi
su -c "gpg --import $MY_GPG_PUBLIC_KEY" - $MY_USERNAME
su -c "gpg --allow-secret-key-import --import $MY_GPG_PRIVATE_KEY" - $MY_USERNAME
gpg_import_public_key $MY_USERNAME $MY_GPG_PUBLIC_KEY
gpg_import_private_key $MY_USERNAME $MY_GPG_PRIVATE_KEY
KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
if [[ $KEY_EXISTS == "no" ]]; then
echo $"The GPG key for $MY_EMAIL_ADDRESS could not be imported"
@ -1596,35 +1599,14 @@ function configure_gpg {
fi
else
# Generate a GPG key
echo 'Key-Type: eddsa' > /home/$MY_USERNAME/gpg-genkey.conf
echo 'Key-Curve: Ed25519' >> /home/$MY_USERNAME/gpg-genkey.conf
echo 'Subkey-Type: eddsa' >> /home/$MY_USERNAME/gpg-genkey.conf
echo 'Subkey-Curve: Ed25519' >> /home/$MY_USERNAME/gpg-genkey.conf
echo "Name-Real: $MY_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf
echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf
echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf
cat /home/$MY_USERNAME/gpg-genkey.conf
if [ -f $IMAGE_PASSWORD_FILE ]; then
echo "Passphrase: $(printf `cat $IMAGE_PASSWORD_FILE`)" >> /home/$MY_USERNAME/gpg-genkey.conf
gpg_create_key $MY_USERNAME $(printf `cat $IMAGE_PASSWORD_FILE`)
else
echo "Passphrase: $PROJECT_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf
gpg_create_key $MY_USERNAME $PROJECT_NAME
fi
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf
echo $'Generating a new GPG key'
su -m root -c "gpg --homedir /home/$MY_USERNAME/.gnupg --batch --full-gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg
KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
if [[ $KEY_EXISTS == "no" ]]; then
echo $"A GPG key for $MY_EMAIL_ADDRESS could not be created"
exit 6362
fi
shred -zu /home/$MY_USERNAME/gpg-genkey.conf
MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
echo $'GPG public key ID could not be obtained'
fi
MY_GPG_PUBLIC_KEY=/tmp/public_key.gpg
su -m root -c "gpg --homedir /home/$MY_USERNAME/.gnupg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME
gpg_export_public_key $MY_USERNAME $MY_GPG_PUBLIC_KEY_ID $MY_GPG_PUBLIC_KEY
fi
if [ ! -d /root/.gnupg ]; then

View File

@ -28,6 +28,76 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
function gpg_import_public_key {
key_username=$1
key_filename=$2
gpg --homedir=/home/$key_username/.gnupg --import $key_filename
gpg_set_permissions $key_username
}
function gpg_import_private_key {
key_username=$1
key_filename=$2
gpg --homedir=/home/$key_username/.gnupg --allow-secret-key-import --import $key_filename
gpg_set_permissions $key_username
}
function gpg_export_public_key {
key_username=$1
key_id=$2
key_filename=$3
su -m root -c "gpg --homedir /home/$key_username/.gnupg --output $key_filename --armor --export $key_id" - $key_username
}
function gpg_export_private_key {
key_username=$1
key_id=$2
key_filename=$3
su -m root -c "gpg --homedir=/home/$key_username/.gnupg --armor --output $key_filename --export-secret-key $key_id" - $key_username
}
function gpg_create_key {
key_username=$1
key_passphrase=$2
gpg_dir=/home/$key_username/.gnupg
echo 'Key-Type: eddsa' > /home/$key_username/gpg-genkey.conf
echo 'Key-Curve: Ed25519' >> /home/$key_username/gpg-genkey.conf
echo 'Subkey-Type: eddsa' >> /home/$key_username/gpg-genkey.conf
echo 'Subkey-Curve: Ed25519' >> /home/$key_username/gpg-genkey.conf
echo "Name-Real: $MY_NAME" >> /home/$key_username/gpg-genkey.conf
echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$key_username/gpg-genkey.conf
echo 'Expire-Date: 0' >> /home/$key_username/gpg-genkey.conf
cat /home/$key_username/gpg-genkey.conf
if [ $key_passphrase ]; then
echo "Passphrase: $key_passphrase" >> /home/$key_username/gpg-genkey.conf
else
echo "Passphrase: $PROJECT_NAME" >> /home/$key_username/gpg-genkey.conf
fi
chown $key_username:$key_username /home/$key_username/gpg-genkey.conf
echo $'Generating a new GPG key'
su -m root -c "gpg --homedir /home/$key_username/.gnupg --batch --full-gen-key /home/$key_username/gpg-genkey.conf" - $key_username
chown -R $key_username:$key_username /home/$key_username/.gnupg
KEY_EXISTS=$(gpg_key_exists "$key_username" "${key_username}@${HOSTNAME}")
if [[ $KEY_EXISTS == "no" ]]; then
echo $"A GPG key for ${key_username}@${HOSTNAME} could not be created"
exit 63621
fi
shred -zu /home/$key_username/gpg-genkey.conf
CURR_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$key_username" "${key_username}@${HOSTNAME}")
if [ ${#CURR_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
echo $"GPG public key ID could not be obtained for ${key_username}@${HOSTNAME}"
exit 825292
fi
gpg_set_permissions $key_username
}
function gpg_delete_key {
key_username=$1
key_id=$2