os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Largely reimplement addkey.sh to make it much more robust, including

Browse source 
better command-line parsing and more consistent output.
This commit is contained in:
Dag-Erling Smørgrav 2013-10-01 13:29:30 +00:00
parent afe331d916
commit 84d63261ea
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=42783
1 changed files with 136 additions and 65 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

189
share/pgpkeys/addkey.sh
View file

@ -3,87 +3,158 @@
# $FreeBSD$ # $FreeBSD$
# #
LANG=en_US.UTF-8; export LANG progname=$(basename $(realpath $0))
unset LC_ALL
unset LC_MESSAGES
# Print an informational message
info() {
echo "$@" >&2
}
# Print a warning message
warning() {
echo "WARNING: $@" >&2
}
# Print an error message and exit
error() {
echo "ERROR: $@" >&2
exit 1
}
# Print usage message and exit
usage() {
echo "usage: ${progname} [user] [keyid ...]\n" >&2
exit 1
}
# Look for gpg
gpg=$(which gpg)
if [ -z "${gpg}" -o ! -x "${gpg}" ] ; then
error "gpg does not seem to be installed"
fi
gpg() {
"${gpg}" \
--display-charset utf-8 \
--no-greeting \
--no-secmem-warning \
--keyid-format long \
--list-options no-show-uid-validity \
"$@"
}
# Look up key by key ID
getkeybyid() {
gpg --with-colons --list-keys "$1" 2>/dev/null | awk -F: \
'$5 ~ /^\([0-9A-F]{8}\)?'"$1"'$/i && $12 ~ /ESC/ { print $5 }'
}
# Look up key by email
getkeybyemail() {
gpg --with-colons --list-keys "$1" 2>/dev/null | awk -F: \
'$10 ~ /<'"$1"'>/i && $12 ~ /ESC/ { print $5 }'
}
# The first command-line argument can be a user name or a key ID.
if [ $# -gt 0 ] && expr "$1" : '^[a-z][0-9a-z-]*$' >/dev/null ; then
me="$1" me="$1"
if [ -z "${me}" ]; then
me=$(id -nu)
else
shift shift
fi fi
if [ -z "${me}" ] ; then
id="$@" me=$(id -nu)
if [ -z "${id}" ]; then fi
id="${me}@freebsd.org" if [ -z "${me}" ] ; then
error "Unable to determine user name."
fi
if ! expr "${me}" : '^[a-z][0-9a-z-]*$' >/dev/null ; then
error "${me} does not seem like a valid user name."
fi fi
gpg=$(which gpg) if [ $# -ne 0 ] ; then
if [ ! -x "${gpg}" ]; then # Verify the keys that were specified on the command line
echo "GnuPG does not seem to be installed" >/dev/stderr for arg ; do
exit 1 case $(expr "${arg}" : '^[0-9A-Fa-f]\{8,16\}$') in
8)
warning "${arg}: recommend using 16-digit keyid"
;&
16)
keyid=$(getkeybyid "${arg}")
if [ -n "${keyid}" ] ; then
keyids="${keyids} ${keyid}"
else
warning "${arg} not found"
fi
;;
*)
warning "${arg} does not appear to be a valid key ID"
;;
esac
done
else
# Search for keys by freebsd.org email
email="${me}@FreeBSD.org"
keyids=$(getkeybyemail "${email}")
case $(echo "${keyids}" | wc -w) in
0)
error "no keys found for ${email}"
;;
1)
;;
*)
warning "Multiple keys found for <${email}>; exporting all."
warning "If this is not what you want, specify a key ID" \
"on the command line."
;;
esac
fi fi
echo "Retrieving key..." # :(
keylist=$(gpg --list-keys ${id}) if [ -z "${keyids}" ] ; then
echo "${keylist}" | grep '^pub' error "no valid keys were found"
id=$(echo "${keylist}" | awk '/^pub/ { print $2 }' | sed 's%.*/%%' | sort -u)
id=$(echo $id)
if [ "${#id}" -lt 8 ]; then
echo "Invalid key ID." >/dev/stderr
exit 1
elif [ "${#id}" -gt 8 ]; then
echo "WARNING: Multiple keys; exporting all. If this is not what you want," >/dev/stderr
echo "WARNING: you should specify a key ID on the command line." >/dev/stderr
fi fi
fp=$(gpg --fingerprint ${id})
[ $? -eq 0 ] || exit 1
key=$(gpg --no-version --armor --export ${id})
[ $? -eq 0 ] || exit 1
# Generate key file
keyfile="${me}.key" keyfile="${me}.key"
if [ -f "${keyfile}" ]; then info "Generating ${keyfile}..."
rcsid=$(grep '^<!-- \$Free.*-->$' "${keyfile}")
fi
if [ -z "${rcsid}" ]; then
rcsid='<!-- $''FreeBSD''$ -->'
fi
echo "Generating ${keyfile}..."
( (
echo "${rcsid}" echo '<!-- $''FreeBSD''$ -->'
echo '<!--' echo '<!--'
echo "sh $0 ${me} ${id};" echo "sh ${progname} ${me}" ${keyids} ";"
echo '-->' echo '-->'
echo '<programlisting role="pgpfingerprint"><![CDATA[' echo '<programlisting role="pgpfingerprint"><![CDATA['
echo "${fp}" gpg --fingerprint ${keyids}
echo ']]></programlisting>' echo ']]></programlisting>'
echo '<programlisting role="pgpkey"><![CDATA[' echo '<programlisting role="pgpkey"><![CDATA['
echo "${key}" gpg --no-version --armor --export ${keyids}
echo ']]></programlisting>' echo ']]></programlisting>'
) >"${keyfile}" ) >"${keyfile}"
echo "Adding key to entity list..." info "Adding key to entity list..."
if ! grep -qwF "pgpkey.${me}" pgpkeys.ent ; then
mv pgpkeys.ent pgpkeys.ent.orig || exit 1 mv pgpkeys.ent pgpkeys.ent.orig || exit 1
( (
cat pgpkeys.ent.orig cat pgpkeys.ent.orig
printf '<!ENTITY pgpkey.%.*s SYSTEM "%s">' 16 "${me}" "${keyfile}" echo "<!ENTITY pgpkey.${me} SYSTEM \"${keyfile}\">"
) | sort -u >pgpkeys.ent ) | sort -u >pgpkeys.ent
fi
echo cat <<EOF
echo "Unless you are already listed there, you should now add the"
echo "following text to pgpkeys-developers.xml (unless this is a" Unless you are already listed there, you should now add the following
echo "role key or you are a core member. In that case add to" text to pgpkeys-developers.xml. Remember to keep the list sorted by
echo "pgpkeys-officers.xml or pgpkeys-core.xml)." last name!
echo "Remember to keep the list sorted by last name!"
echo <sect2 id=\"pgpkey-${me}\">
echo " <sect2 id=\"pgpkey-${me}\">" <title>&a.${me}.email;</title>
echo " <title>&a.${me}.email;</title>" &pgpkey.${me};
echo " &pgpkey.${me};" </sect2>
echo " </sect2>"
echo If this is a role key or you are a core member, you should add it to
echo "If this is a new entry, don't forget to 'svn add ${keyfile}'" either pgpkeys-officers.xml or pgpkeys-core.xml instead.
echo "and 'svn propset svn:keywords \"FreeBSD=%H\" ${keyfile}'"
echo "and commit each of ${keyfile}, pgpkeys.ent and" If this is a new entry, don't forget to run the following commands
echo "pgpkeys-developers.xml, pgpkeys-officers.xml, or" before committing:
echo "pgpkeys-core.xml as required."
% svn add ${keyfile}
% svn propset svn:keywords \"FreeBSD=%H\" ${keyfile}
EOF