diff options
-rw-r--r-- | selfpublish.sh | 92 |
1 files changed, 71 insertions, 21 deletions
diff --git a/selfpublish.sh b/selfpublish.sh index 7a600ba..2f6caae 100644 --- a/selfpublish.sh +++ b/selfpublish.sh | |||
@@ -181,6 +181,12 @@ EOF | |||
181 | control_file_file /usr/lib/cryptonomic/cryptonomic-gpg 755 <<'EOF' | 181 | control_file_file /usr/lib/cryptonomic/cryptonomic-gpg 755 <<'EOF' |
182 | #!/bin/sh | 182 | #!/bin/sh |
183 | 183 | ||
184 | die() | ||
185 | { | ||
186 | printf 'Error: %s\n' "$*" | ||
187 | exit 1 | ||
188 | } | ||
189 | |||
184 | process_colons() | 190 | process_colons() |
185 | { | 191 | { |
186 | local callback="$*" IFS process_colons_break= | 192 | local callback="$*" IFS process_colons_break= |
@@ -272,6 +278,61 @@ GPG() | |||
272 | fi | 278 | fi |
273 | } | 279 | } |
274 | 280 | ||
281 | ensure_key_exists() | ||
282 | { | ||
283 | # 2. CHECK IF EXISTING SECRET KEY | ||
284 | t=$(GPG -K --with-colons) | ||
285 | if [ "$t" ] | ||
286 | then | ||
287 | # 3. CHECK IF EXISTING KEY HAS UID | ||
288 | if GPG -K --with-colons | find_secret_key_with_domain "${cryptonomic_hostname#*.}" | grep -q . && ! force | ||
289 | then | ||
290 | return | ||
291 | fi | ||
292 | |||
293 | # 4. ADD UID TO EXISTING KEY | ||
294 | gpg_default_key=$(GPG -K --with-colons | process_colons match_first_secret_key show_fpr) | ||
295 | [ "$gpg_default_key" ] | ||
296 | GPG --quick-add-uid "$gpg_default_key" "$uid" || force | ||
297 | verbose GPG -K "$gpg_default_key" | ||
298 | else | ||
299 | # 2.5 GENERATE NEW KEY | ||
300 | GPG --batch --passphrase '' --quick-generate-key "$uid" | ||
301 | verbose GPG -K "$uid" | ||
302 | fi | ||
303 | } | ||
304 | |||
305 | make_directories_maybe_become_root() | ||
306 | { | ||
307 | if [ -d "$html_dir" ] | ||
308 | then | ||
309 | if [ -d "$hu_dir" ] | ||
310 | then | ||
311 | [ -w "$hu_dir" ] || exec sudo -- "$0" "$@" || die "failed to exec sudo" | ||
312 | else | ||
313 | [ -w "$html_dir" ] || exec sudo -- "$0" "$@" || die "failed to exec sudo" | ||
314 | mkdir -p "$hu_dir" | ||
315 | fi | ||
316 | else | ||
317 | die "Directory not found: '$html_dir' -- you probably need to run selfpublish.sh" | ||
318 | # TODO: just run selfpublish here | ||
319 | fi | ||
320 | } | ||
321 | |||
322 | process_key() | ||
323 | { | ||
324 | local uid="$1" domain="${1#*@}" destdir="$2" tdir | ||
325 | while read keyid some_uid | ||
326 | do | ||
327 | [ "$some_uid" = "$uid" ] || continue | ||
328 | tempdir=$(mktemp -d) | ||
329 | /usr/lib/gnupg/gpg-wks-client --install-key -C "$tempdir" "$keyid" "$uid" 2>/dev/null | ||
330 | mkdir -p "$destdir" | ||
331 | mv "$tempdir"/"$domain"/hu/* -t "$destdir" | ||
332 | rm -rf "$tempdir" | ||
333 | done | ||
334 | } | ||
335 | |||
275 | set -e | 336 | set -e |
276 | 337 | ||
277 | # 1. GET CRYPTONOMIC UID | 338 | # 1. GET CRYPTONOMIC UID |
@@ -281,34 +342,23 @@ cryptonomic_hostname=$(cryptonomic hostname) | |||
281 | if [ "$SUDO_USER" ] | 342 | if [ "$SUDO_USER" ] |
282 | then | 343 | then |
283 | username=$SUDO_USER | 344 | username=$SUDO_USER |
345 | export GNUPGHOME=~$username/.gnupg | ||
284 | else | 346 | else |
285 | username=$(id -un) | 347 | username=$(id -un) |
286 | fi | 348 | fi |
287 | [ "$username" ] | 349 | [ "$username" ] |
350 | |||
288 | uid=${username}@${cryptonomic_hostname} | 351 | uid=${username}@${cryptonomic_hostname} |
352 | html_dir=/srv/${cryptonomic_hostname#*.}/public_html | ||
353 | hu_dir=$html_dir/.well-known/openpgpkey/hu | ||
289 | 354 | ||
290 | # 2. CHECK IF EXISTING SECRET KEY | 355 | ensure_key_exists |
291 | t=$(GPG -K --with-colons) | ||
292 | if [ "$t" ] | ||
293 | then | ||
294 | # 3. CHECK IF EXISTING KEY HAS UID | ||
295 | if GPG -K --with-colons | find_secret_key_with_domain "${cryptonomic_hostname#*.}" | grep -q . && ! force | ||
296 | then | ||
297 | exit | ||
298 | fi | ||
299 | 356 | ||
300 | # 4. ADD UID TO EXISTING KEY | 357 | make_directories_maybe_become_root |
301 | gpg_default_key=$(GPG -K --with-colons | process_colons match_first_secret_key show_fpr) | 358 | |
302 | [ "$gpg_default_key" ] | 359 | GPG --list-options show-only-fpr-mbox -k "$uid" 2>&- | process_key "$uid" "$hu_dir" |
303 | GPG --quick-add-uid "$gpg_default_key" "$uid" || force | 360 | |
304 | verbose GPG -K "$gpg_default_key" | 361 | printf 'gpg --locate-keys %s\n' "$uid" |
305 | exit 0 | ||
306 | else | ||
307 | # 2.5 GENERATE NEW KEY | ||
308 | GPG --batch --passphrase '' --quick-generate-key "$uid" | ||
309 | verbose GPG -K "$uid" | ||
310 | exit 0 | ||
311 | fi | ||
312 | EOF | 362 | EOF |
313 | control_file_file /usr/bin/cryptonomic 755 <<'EOF' | 363 | control_file_file /usr/bin/cryptonomic 755 <<'EOF' |
314 | #!/bin/dash | 364 | #!/bin/dash |