Sfoglia il codice sorgente

Generate GPG key, or use existing keys

Bob Mottram 11 anni fa
parent
commit
8f392a998f
1 ha cambiato i file con 39 aggiunte e 0 eliminazioni
  1. 39
    0
      install-freedombone.sh

+ 39
- 0
install-freedombone.sh Vedi File

@@ -66,8 +66,15 @@ FREEDNS_SUBDOMAIN_CODE=$3
66 66
 SSH_PORT=2222
67 67
 KERNEL_VERSION="v3.15.10-bone7"
68 68
 USE_HWRNG="yes"
69
+
69 70
 GPG_KEYSERVER="hkp://keys.gnupg.net"
70 71
 
72
+# optionally you can provide your exported GPG key pair here
73
+# Note that the private key file will be deleted after use
74
+# If these are unspecified then a new GPG key will be created
75
+MY_GPG_PUBLIC_KEY=
76
+MY_GPG_PRIVATE_KEY=
77
+
71 78
 # The Debian package repository to use.
72 79
 DEBIAN_REPO="ftp.de.debian.org"
73 80
 
@@ -833,6 +840,38 @@ function configure_gpg {
833 840
   fi
834 841
 
835 842
   chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg
843
+
844
+  if [ $MY_GPG_PUBLIC_KEY && $MY_GPG_PRIVATE_KEY ]; then
845
+	  # use your existing GPG keys which were exported
846
+	  if [ ! -f $MY_GPG_PUBLIC_KEY ]; then
847
+		  echo "GPG public key file $MY_GPG_PUBLIC_KEY was not found"
848
+		  exit 1
849
+	  fi
850
+	  if [ ! -f $MY_GPG_PRIVATE_KEY ]; then
851
+		  echo "GPG private key file $MY_GPG_PRIVATE_KEY was not found"
852
+		  exit 1
853
+	  fi
854
+      su - $MY_USERNAME gpg --import $MY_GPG_PUBLIC_KEY
855
+      su - $MY_USERNAME gpg --allow-secret-key-import --import $MY_GPG_PRIVATE_KEY
856
+	  # for security ensure that the private key file doesn't linger around
857
+	  shred -zu $MY_GPG_PRIVATE_KEY
858
+  else
859
+      # Generate a GPG key
860
+      echo "%echo Generating a GPG key for `hostname --fqdn`" > /home/$MY_USERNAME/gpg-genkey.conf
861
+      echo 'Key-Type: RSA' >> /home/$MY_USERNAME/gpg-genkey.conf
862
+      echo 'Key-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
863
+      echo 'Subkey-Type: ELG-E' >> /home/$MY_USERNAME/gpg-genkey.conf
864
+      echo 'Subkey-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
865
+      echo 'Name-Real:  `hostname --fqdn`' >> /home/$MY_USERNAME/gpg-genkey.conf
866
+      echo "Name-Email: $MY_USERNAME@$DOMAIN_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf
867
+      echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf
868
+      echo '%commit' >> /home/$MY_USERNAME/gpg-genkey.conf
869
+      echo '%echo Done' >> /home/$MY_USERNAME/gpg-genkey.conf
870
+	  chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf
871
+      su - $MY_USERNAME gpg --gen-key /home/$MY_USERNAME/gpg-genkey.conf
872
+      shred -zu /home/$MY_USERNAME/gpg-genkey.conf
873
+  fi
874
+
836 875
   echo 'configure_gpg' >> $COMPLETION_FILE
837 876
 }
838 877