~revu-hackers/revu/trunk : contents of /scripts/revu-key at revision 164

~revu-hackers/revu/trunk : (revision 164)

80 by siretart Sorry for big diff.	1	#!/bin/sh
80 by siretart Sorry for big diff.	2
144 by Reinhard Tartler sync trunk with changes on production	3	#set -e
80 by siretart Sorry for big diff.	4
	5	# We don't use a secret keyring, of course, but gpg panics and
	6	# implodes if there isn't one available
	7
145 by Stefan Potyra * change back pathes from revu-production to revu1-production to keep	8	REVUBASE=/srv/revu1-production
127 by siretart provide 'update' command	9	KEYRING=${REVUBASE}/uploaders.gpg
80 by siretart Sorry for big diff.	10	SECRING=$(tempfile)
127 by siretart provide 'update' command	11	TRUSTDB=${REVUBASE}/trustdb.gpg
142 by Stefan Potyra * add locking for revu-key	12	LOCKFILE=/tmp/revu-key.pid
80 by siretart Sorry for big diff.	13
145 by Stefan Potyra * change back pathes from revu-production to revu1-production to keep	14	GPG_CMD="gpg --no-options --no-default-keyring --secret-keyring $SECRING --homedir /srv/revu1-production --lock-never " # --trustdb-name $TRUSTDB"
80 by siretart Sorry for big diff.	15	GPG="$GPG_CMD --trust-model=always --keyring $KEYRING"
	16
	17	usage() {
	18	echo "Usage: revu-key [command] [arguments]"
	19	echo
	20	echo "Manage revu's list of trusted keys"
	21	echo
102 by siretart make importing from keyserver possible	22	echo " add <file> - add the key contained in <file> ('-' for stdin)"
	23	echo " del <keyid> - remove the key <keyid>"
	24	echo " list - list keys"
	25	echo " import <keyid> - import key from keyserver.ubuntu.com"
104 by siretart added refresh command, set after every execution group and permission suitable	26	echo " refresh - refresh keys from keyserver.ubuntu.com"
127 by siretart provide 'update' command	27	echo " update - imports keys from the launchpad group"
80 by siretart Sorry for big diff.	28	echo
	29	}
	30
142 by Stefan Potyra * add locking for revu-key	31	acquire_lock() {
	32	if [ -e ${LOCKFILE} ]; then
	33	LPID=$(cat ${LOCKFILE})
	34	echo "another revu-key instance is already running"
	35	echo "check ${LOCKFILE} and PID ${LPID}"
	36	exit 1
	37	fi
	38
	39	echo $$ > ${LOCKFILE}
	40	}
	41
	42	release_lock() {
	43	if [ ! -e ${LOCKFILE} ]; then
	44	echo "release_lock: no lockfile found, aborting."
	45	exit 1
	46	fi
	47
	48	LPID=$(cat ${LOCKFILE})
	49	if [ -z "${LPID}" ]; then
	50	echo "release_lock: no pid."
	51	echo "check ${LOCKFILE}."
	52	exit 1
	53	fi
	54
	55	if [ ! "${LPID}" -eq $$ ]; then
	56	echo "release_lock: pid mismatch."
	57	echo "check ${LOCKFILE}."
	58	exit 1
	59	fi
	60
	61	rm ${LOCKFILE} \|\| \
	62	echo "couldn't remove ${LOCKFILE}. please check."
	63	}
	64
	65
80 by siretart Sorry for big diff.	66	command="$1"
	67	if [ -z "$command" ]; then
	68	usage
	69	exit 1
	70	fi
	71	shift
	72
	73	if [ "$command" != "help" ] && ! which gpg >/dev/null 2>&1; then
	74	echo >&2 "Warning: gnupg does not seem to be installed."
	75	echo >&2 "Warning: revu requires gnupg for most operations."
	76	echo >&2
	77	fi
	78
142 by Stefan Potyra * add locking for revu-key	79
80 by siretart Sorry for big diff.	80	touch $SECRING
	81
	82	case "$command" in
127 by siretart provide 'update' command	83	update)
144 by Reinhard Tartler sync trunk with changes on production	84	acquire_lock
127 by siretart provide 'update' command	85	${REVUBASE}/scripts/fetch-launchpad-keys.py
144 by Reinhard Tartler sync trunk with changes on production	86	chgrp www-data ${REVUBASE}/launchpad.gpg \|\| /bin/true
	87	chmod g+w ${REVUBASE}/launchpad.gpg \|\| /bin/true
127 by siretart provide 'update' command	88	mv ${REVUBASE}/launchpad.gpg ${KEYRING}
144 by Reinhard Tartler sync trunk with changes on production	89	release_lock
127 by siretart provide 'update' command	90	;;
80 by siretart Sorry for big diff.	91	add)
	92	$GPG --quiet --batch --import "$1"
	93	echo "OK"
	94	;;
	95	del\|rm\|remove)
	96	$GPG --quiet --batch --delete-key --yes "$1"
	97	echo "OK"
	98	;;
102 by siretart make importing from keyserver possible	99	import)
102 by siretart make importing from keyserver possible	100	$GPG --keyserver keyserver.ubuntu.com --recv-key "$1"
103 by siretart typo. sorry	101	;;
80 by siretart Sorry for big diff.	102	list)
	103	$GPG --batch --list-keys $*
	104	;;
	105	finger*)
	106	$GPG --batch --fingerprint $*
	107	;;
	108	enc*)
	109	$GPG --armor --batch --encrypt --recipient $*
	110	;;
	111	adv*)
	112	echo "Executing: $GPG $*"
	113	$GPG $*
	114	;;
104 by siretart added refresh command, set after every execution group and permission suitable	115	refresh)
	116	echo "Refreshing keys"
	117	$GPG --refresh-keys --keyserver keyserver.ubuntu.com
	118	;;
80 by siretart Sorry for big diff.	119	help)
	120	usage
	121	;;
	122	*)
	123	usage
	124	;;
	125	esac
	126
108 by siretart uncommited changes from change breezy->dapper	127	chgrp www-data ${KEYRING}
	128	chmod 664 ${KEYRING}
104 by siretart added refresh command, set after every execution group and permission suitable	129
80 by siretart Sorry for big diff.	130	rm -f $SECRING
142 by Stefan Potyra * add locking for revu-key	131
144 by Reinhard Tartler sync trunk with changes on production	132
	133	exit 1