From c355c0e59a68caca486642558b698b2364ed26a7 Mon Sep 17 00:00:00 2001
From: Retro_Guy <retro.guy@rocksolidbbs.com>
Date: Mon, 24 Jul 2023 10:33:13 -0700
Subject: [PATCH] Create gpg key for server and move some gpg settings to
 gpg.conf.

---
 Rocksolid_Light/rocksolid/tail.inc            |  6 +++---
 Rocksolid_Light/rslight/gpg.conf              | 16 ++++++++++++++++
 .../rslight/scripts/create_gpg_keys.sh        |  9 +++++++++
 Rocksolid_Light/rslight/scripts/cron.php      | 19 ++++++++++++++++++-
 4 files changed, 46 insertions(+), 4 deletions(-)
 create mode 100644 Rocksolid_Light/rslight/gpg.conf
 create mode 100755 Rocksolid_Light/rslight/scripts/create_gpg_keys.sh

diff --git a/Rocksolid_Light/rocksolid/tail.inc b/Rocksolid_Light/rocksolid/tail.inc
index 6417e62..45c239f 100644
--- a/Rocksolid_Light/rocksolid/tail.inc
+++ b/Rocksolid_Light/rocksolid/tail.inc
@@ -1,9 +1,9 @@
 <?php
 echo '<center>';
-$pubkeyfile = getcwd().'/../tmp/pubkey.txt';
-if(is_file($pubkeyfile) && (isset($CONFIG['site_shortname']) && $CONFIG['site_shortname'] != '')) {
+$pubkeyfile = '../tmp/server_pubkey.key';
+if(is_file($pubkeyfile)) {
     echo '<font size="1.5em">';
-    echo '<a href="/tmp/pubkey.txt" target=_blank>'.$CONFIG['site_shortname'].'</a>';
+    echo '<a href="../tmp/server_pubkey.key" target=_blank>server_pubkey.key</a>';
     echo '<br />';
     echo '</font>';
 }
diff --git a/Rocksolid_Light/rslight/gpg.conf b/Rocksolid_Light/rslight/gpg.conf
new file mode 100644
index 0000000..85ead0d
--- /dev/null
+++ b/Rocksolid_Light/rslight/gpg.conf
@@ -0,0 +1,16 @@
+<?php 
+
+/* Set 'enable' to '1' to verify you have configured
+ * this file, and are ready to enable gpg key creation
+*/
+$rslight_gpg['enable'] = '0';
+
+/* YOU MUST CONFIGURE 'domain_name' to your site
+ * domain name
+*/
+$rslight_gpg['domain_name'] = "www.example.com";
+
+/* Below settings need not be changed if you are
+ * ok with defaults
+*/
+$rslight_gpg['gnupghome'] = "$config_dir/.gnupg";
diff --git a/Rocksolid_Light/rslight/scripts/create_gpg_keys.sh b/Rocksolid_Light/rslight/scripts/create_gpg_keys.sh
new file mode 100755
index 0000000..9065b77
--- /dev/null
+++ b/Rocksolid_Light/rslight/scripts/create_gpg_keys.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+gnupghome="$1"
+server_pub_key="$2"
+domain="$3"
+
+export GNUPGHOME=$gnupghome
+gpg --batch --passphrase '' --quick-generate-key "$domain" rsa4096 cert 0
+gpg --export -a $domain > $server_pub_key
\ No newline at end of file
diff --git a/Rocksolid_Light/rslight/scripts/cron.php b/Rocksolid_Light/rslight/scripts/cron.php
index 1cdfdb5..13cc26e 100755
--- a/Rocksolid_Light/rslight/scripts/cron.php
+++ b/Rocksolid_Light/rslight/scripts/cron.php
@@ -3,6 +3,7 @@
   include "config.inc.php";
   include "newsportal.php";
   include $config_dir."/scripts/rslight-lib.php";
+  include $config_dir."/gpg.conf";
 
   $menulist = file($config_dir."menu.conf", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
 
@@ -55,7 +56,15 @@
   touch($overview);
   @chown($overview, $uinfo["uid"]);
   @chgrp($overview, $uinfo["gid"]);
-
+  
+  if($rslight_gpg['enable'] == '1') {
+    $gnupg = $rslight_gpg['gnupghome'];
+    if(!is_dir($gnupg)) {
+      mkdir($gnupg, 0700);
+      chown($gnupg, $uinfo["uid"]);
+      chgrp($gnupg, $uinfo["gid"]);
+    }
+  }
 /* Change to non root user */
   change_identity($uinfo["uid"],$uinfo["gid"]);
 /* Everything below runs as $CONFIG['webserver_user'] */
@@ -67,6 +76,14 @@ if(isset($CONFIG['enable_nocem']) && $CONFIG['enable_nocem'] == true) {
   @mkdir($spooldir."nocem",0755,'recursive');
   exec($CONFIG['php_exec']." ".$config_dir."/scripts/nocem.php");
 }
+// Set up server gpg keys
+if($rslight_gpg['enable'] == '1') {
+  if(!is_file($webtmp.'/server_pubkey.key')) {
+    $domain = 'rslight@'.$rslight_gpg['domain_name'];
+    $interBBS_mail = $config_dir.'/scripts/create_gpg_keys.sh "'.$gnupg.'" "'.$webtmp.'/server_pubkey.key" '.$domain;
+    exec($interBBS_mail);
+  }
+}
 
 reset($menulist);
 foreach($menulist as $menu) {