diff options
author | Erich Eckner <git@eckner.net> | 2019-09-09 14:53:27 +0200 |
---|---|---|
committer | Erich Eckner <git@eckner.net> | 2019-09-09 14:53:27 +0200 |
commit | 6b8374e739864b164587f4f088fc5384a48e16dc (patch) | |
tree | 1928c199385d3b4d65308990bb1c8e2bae8324fe /bin/manage-gpg-keys | |
parent | b83ad7f1672047b0ca4be1f1e2545000b85f9a9d (diff) | |
download | builder-6b8374e739864b164587f4f088fc5384a48e16dc.tar.xz |
bin/manage-gpg-keys: new (rudimentary functionality only)
Diffstat (limited to 'bin/manage-gpg-keys')
-rwxr-xr-x | bin/manage-gpg-keys | 96 |
1 files changed, 96 insertions, 0 deletions
diff --git a/bin/manage-gpg-keys b/bin/manage-gpg-keys new file mode 100755 index 0000000..ed67c02 --- /dev/null +++ b/bin/manage-gpg-keys @@ -0,0 +1,96 @@ +#!/bin/bash + +# shellcheck source=../lib/load-configuration +. "${0%/*}/../lib/load-configuration" + +# add the gpg key given by fingerprint as parameter + +if [ $# -le 2 ]; then + >&2 echo 'usage: owner fingerprint capability capability ...' + exit 1 +fi + +owner="$1" +shift + +owner_id=$( + # shellcheck disable=SC2016 + { + printf 'SELECT `persons`.`id`' + printf ' FROM `persons`' + printf ' WHERE `persons`.`name`=from_base64("%s");\n' \ + "$( + printf '%s' "${owner}" \ + | base64 -w0 + )" + } \ + | mysql_run_query +) + +if [ -z "${owner_id}" ]; then + >&2 printf 'Cannot find person "%s".\n' "${owner}" + exit 1 +fi + +key_id="$1" +key=$( + gpg -a --export "${key_id}" +) + +if [ -z "${key}" ]; then + >&2 printf 'Cannot find key %s.\n' "${key_id}" + exit 1 +fi + +key_id=$( + printf '%s\n' "${key_id}" \ + | base64 -w0 +) +key=$( + printf '%s\n' "${key}" \ + | base64 -w0 +) + +shift + +capabilities=$( + # shellcheck disable=SC2016 + { + printf 'SELECT' + printf ' `email_actions`.`id`' + printf ' FROM `email_actions`' + printf ' WHERE `email_actions`.`name` IN (' + printf '%s\n' "$@" \ + | base64_encode_each \ + | sed ' + s/^.*$/from_base64("\0"),/ + $ s/,$// + ' + printf ');\n' + } \ + | mysql_run_query +) + +if [ -z "${capabilities}" ]; then + >&2 echo 'No known capabilities matched any given one:' + >&2 printf '"%s"\n' "$@" + exit 1 +fi + +# shellcheck disable=SC2016 +{ + printf 'INSERT IGNORE INTO `gpg_keys`(`owner`,`fingerprint`,`public_key`)' + printf ' VALUES (%s,from_base64("%s"),from_base64("%s"));\n' \ + "${owner_id}" \ + "${key_id}" \ + "${key}" + printf 'INSERT IGNORE INTO `allowed_email_actions`(`gpg_key`,`action`)' + printf ' VALUES ' + printf '%s\n' "${capabilities}" \ + | sed ' + s/^.*$/(LAST_INSERT_ID(),\0),/ + $ s/,$// + ' + printf ';\n' +} \ +| mysql_run_query |