#!/bin/sh # generate signing keys # Copyright (c) 2009 Natanael Copa # # Distributed under GPL-2 # # Depends on: busybox utilities, fakeroot, # abuild_ver=@VERSION@ sysconfdir=@sysconfdir@ abuild_conf=${ABUILD_CONF:-"$sysconfdir/abuild.conf"} abuild_home=${ABUILD_USERDIR:-"$HOME/.abuild"} abuild_userconf=${ABUILD_USERCONF:-"$abuild_home/abuild.conf"} # echo message unless quite mode msg() { [ -n "$quiet" ] && return 0 echo "$@" } # ask for privkey unless non-interactive mode # returns value in global $privkey get_privkey_file() { privkey="$abuild_home/$default_name.rsa" [ "$non_interactive" = "yes" ] && return 0 echo "Generating public/private rsa key pair for abuild" echo -n "Enter file in which to save the key ($abuild_home/$default_name.rsa): " read line if [ -n "$line" ]; then privkey="$line" fi } # print usage and exit usage() { echo "abuild-keygen $abuild_ver" echo "usage: abuild-keygen [-ih]" echo "options:" echo " -a Set PACKAGER_PRIVKEY= in $abuild_userconf" echo " -i Install public key into /etc/apk/keys using sudo" echo " -h Show this help" echo " -n Non-interactive. Use defaults" echo " -q Quiet mode" echo "" exit 1 } # read config [ -f "$abuild_conf" ] && . "$abuild_conf" # read user config if exists [ -f "$abuild_userconf" ] && . "$abuild_userconf" emailaddr=${PACKAGER##*<} emailaddr=${emailaddr%%>*} # if PACKAGER does not contain a valid email address, then ask git if [ -z "$emailaddr" ] || [ "${emailaddr##*@}" = "$emailaddr" ]; then emailaddr=$(git config --get user.email 2>/dev/null) fi if [ -n "$emailaddr" ]; then default_name="$emailaddr-$(printf "%x" $(date +%s))" else default_name="$USER-$(printf "%x" $(date +%s))" fi while getopts "ahinq" opt; do case $opt in a) append_config=yes;; h) usage;; i) install_pubkey=yes;; n) non_interactive=yes;; q) quiet=-quiet;; esac done shift $(( $OPTIND - 1)) mkdir -p "$abuild_home" get_privkey_file pubkey="$privkey.pub" # generate the private key in a subshell with stricter umask ( umask 0007 openssl genrsa -out "$privkey" 2048 ) openssl rsa -in "$privkey" -pubout -out "$pubkey" if [ -n "$install_pubkey" ]; then msg "Installing $pubkey to /etc/apk/keys..." sudo mkdir -p /etc/apk/keys sudo cp -i "$pubkey" /etc/apk/keys/ else msg "" msg "You'll need to install $pubkey into " msg "/etc/apk/keys to be able to install packages and repositories signed with" msg "$privkey" fi if [ -n "$append_config" ]; then if [ -f "$abuild_userconf" ]; then # comment out the existing values sed -i -e 's/^\(PACKAGER_PRIVKEY=.*\)/\#\1/' "$abuild_userconf" fi echo "PACKAGER_PRIVKEY=\"$privkey\"" >> "$abuild_userconf" else msg "" msg "You might want add following line to $abuild_userconf:" msg "" msg "PACKAGER_PRIVKEY=\"$privkey\"" msg "" fi msg "" msg "Please remember to make a safe backup of your private key:" msg "$privkey" msg ""