WKS/WKD support

see https://wiki.gnupg.org/WKS
author: Andrew Cady <d@jerkface.net> 2020-09-15 21:10:05 -0400
committer: Andrew Cady <d@jerkface.net> 2020-09-15 21:10:05 -0400
commit: 1d03f9a0ebaa36fd5f2c6e46d0b39d5743c50dd5 (patch)
tree: d76ba1cf07c24afa9596bc764e49aabbba7637a6 /selfpublish.sh
parent: d54822906784f6db8305593da620f930d718858c (diff)
1 files changed, 40 insertions, 0 deletions
diff --git a/selfpublish.sh b/selfpublish.sh
index c97163f..7d19690 100644
--- a/selfpublish.sh
+++ b/selfpublish.sh
@@ -56,6 +56,7 @@ cgit
 curl
 fortune-mod
 fortunes-min
+gnupg (>= 2.2.14)
 libssl1.1 (>= 1.1.1d)
 openssl
 EOF
@@ -366,12 +367,51 @@ install_tls_public_certificate()
    fi
 }
+get_home()
+{
+    [ "$1" ] && getent passwd "$1" | (IFS=: read _ _ _ _ _ h _ && echo $h)
+}
+process_key()
+{
+    local uid="$1" domain="${1#*@}" destdir="$2" tdir
+    while read keyid some_uid
+    do
+        [ "$some_uid" = "$uid" ] || continue
+        tempdir=$(mktemp -d)
+        /usr/lib/gnupg/gpg-wks-client --install-key -C "$tempdir" "$keyid" "$uid" 2>/dev/null
+        mkdir -p "$destdir"
+        mv "$tempdir"/"$domain"/hu/* -t "$destdir"
+        rm -rf "$tempdir"
+    done
+}
+install_gpg_rings()
+{
+    (
+        domain=$DOMAIN
+        dest=/srv/$domain/public_html/.well-known/openpgpkey/hu
+        uid=${SUDO_USER:-$(id -un)}@$domain
+        if [ "$SUDO_USER" -a ! "$GNUPGHOME" ]
+        then
+            GNUPGHOME=$(get_home "$SUDO_USER")/.gnupg
+            export GNUPGHOME
+        fi
+        gpg --list-options show-only-fpr-mbox -k "$uid" 2>&- | process_key "$uid" "$dest"
+        find /srv/"$DOMAIN"/public_html/.well-known/openpgpkey/ -type d -exec chmod 755 '{}' ';'
+    )
+}
 configure_apache_vhost()
 {
    enable_apache_modules
    install_self_to_site
    install_header_to_site
    install_tls_public_certificate
+    install_gpg_rings
    write_cgit_config
 }
author	Andrew Cady <d@jerkface.net>	2020-09-15 21:10:05 -0400
committer	Andrew Cady <d@jerkface.net>	2020-09-15 21:10:05 -0400
commit	1d03f9a0ebaa36fd5f2c6e46d0b39d5743c50dd5 (patch)
tree	d76ba1cf07c24afa9596bc764e49aabbba7637a6 /selfpublish.sh
parent	d54822906784f6db8305593da620f930d718858c (diff)

diff --git a/selfpublish.sh b/selfpublish.sh index c97163f..7d19690 100644 --- a/selfpublish.sh +++ b/selfpublish.sh
@@ -56,6 +56,7 @@ cgit
56	curl	56	curl
57	fortune-mod	57	fortune-mod
58	fortunes-min	58	fortunes-min
		59	gnupg (>= 2.2.14)
59	libssl1.1 (>= 1.1.1d)	60	libssl1.1 (>= 1.1.1d)
60	openssl	61	openssl
61	EOF	62	EOF
@@ -366,12 +367,51 @@ install_tls_public_certificate()
366	fi	367	fi
367	}	368	}
368		369
		370	get_home()
		371	{
		372	[ "$1" ] && getent passwd "$1" \| (IFS=: read _ _ _ _ _ h _ && echo $h)
		373	}
		374
		375	process_key()
		376	{
		377	local uid="$1" domain="${1#*@}" destdir="$2" tdir
		378	while read keyid some_uid
		379	do
		380	[ "$some_uid" = "$uid" ] \|\| continue
		381	tempdir=$(mktemp -d)
		382	/usr/lib/gnupg/gpg-wks-client --install-key -C "$tempdir" "$keyid" "$uid" 2>/dev/null
		383	mkdir -p "$destdir"
		384	mv "$tempdir"/"$domain"/hu/* -t "$destdir"
		385	rm -rf "$tempdir"
		386	done
		387	}
		388
		389	install_gpg_rings()
		390	{
		391	(
		392	domain=$DOMAIN
		393	dest=/srv/$domain/public_html/.well-known/openpgpkey/hu
		394	uid=${SUDO_USER:-$(id -un)}@$domain
		395
		396	if [ "$SUDO_USER" -a ! "$GNUPGHOME" ]
		397	then
		398	GNUPGHOME=$(get_home "$SUDO_USER")/.gnupg
		399	export GNUPGHOME
		400	fi
		401
		402	gpg --list-options show-only-fpr-mbox -k "$uid" 2>&- \| process_key "$uid" "$dest"
		403
		404	find /srv/"$DOMAIN"/public_html/.well-known/openpgpkey/ -type d -exec chmod 755 '{}' ';'
		405	)
		406	}
		407
369	configure_apache_vhost()	408	configure_apache_vhost()
370	{	409	{
371	enable_apache_modules	410	enable_apache_modules
372	install_self_to_site	411	install_self_to_site
373	install_header_to_site	412	install_header_to_site
374	install_tls_public_certificate	413	install_tls_public_certificate
		414	install_gpg_rings
375	write_cgit_config	415	write_cgit_config
376	}	416	}
377		417