free
/
freedombone
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Refresh gpg keys for all users

Bob Mottram 8 years ago
parent
110a2f08d4
commit
a4415c5de4
2 changed files with 22 additions and 3 deletions
Split View Show Diff Stats
  1. 6
    2
      src/freedombone
  2. 16
    1
      src/freedombone-sec

+ 6
- 2
src/freedombone View File 

@@ -5314,8 +5314,12 @@ function configure_gpg {
5314 5314 
 }
5315 5315
5316 5316 
 function refresh_gpg_keys {
5317 
-	if ! grep -q "gpg --refresh-keys" /etc/crontab; then
5318 
-		echo "0            */$REFRESH_GPG_KEYS_HOURS *   *   *   $MY_USERNAME /usr/bin/gpg --refresh-keys > /dev/null" >> /etc/crontab
5317 
+	if ! grep -q "${PROJECT_NAME}-sec --refresh" /etc/crontab; then
5318 
+		if [ -f /usr/local/bin/freedombone-sec ]; then
5319 
+			echo "0            */$REFRESH_GPG_KEYS_HOURS *   *   *   $MY_USERNAME /usr/local/bin/${PROJECT_NAME}-sec --refresh > /dev/null" >> /etc/crontab
5320 
+		else
5321 
+			echo "0            */$REFRESH_GPG_KEYS_HOURS *   *   *   $MY_USERNAME /usr/bin/${PROJECT_NAME}-sec --refresh > /dev/null" >> /etc/crontab
5322 
+		fi
5319 5323 
 		systemctl restart cron
5320 5324 
 	fi
5321 5325 
 }

+ 16
- 1
src/freedombone-sec View File 

@@ -617,7 +617,7 @@ function enable_monkeysphere {
617 617 
 		# The admin user is the identity certifier
618 618 
 		fpr=$(gpg --with-colons --fingerprint $MY_GPG_PUBLIC_KEY_ID | grep fpr | head -n 1 | awk -F ':' '{print $10}')
619 619 
 		monkeysphere-authentication add-identity-certifier $fpr
620 
-        monkeysphere-host publish-key
620 
+		monkeysphere-host publish-key
621 621 
 	else
622 622 
 		sed -i 's|#AuthorizedKeysFile|AuthorizedKeysFile|g' /etc/ssh/sshd_config
623 623 
 		sed -i 's|AuthorizedKeysFile.*|AuthorizedKeysFile %h/.ssh/authorized_keys|g' /etc/ssh/sshd_config
 
@@ -851,6 +851,16 @@ function export_settings {
851 851 
   exit 0
852 852 
 }
853 853
854 
+function refresh_gpg_keys {
855 
+	for d in /home/*/ ; do
856 
+		USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
857 
+		if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" ]]; then
858 
+			su -c 'gpg --refresh-keys' - $USERNAME
859 
+		fi
860 
+	done
861 
+	exit 0
862 
+}
863 
+
854 864 
 function show_help {
855 865 
   echo ''
856 866 
   echo "${PROJECT_NAME}-sec"
 
@@ -861,6 +871,7 @@ function show_help {
861 871 
   echo $'  -h --help             Show help'
862 872 
   echo $'  -e --export           Export security settings to a file'
863 873 
   echo $'  -i --import           Import security settings from a file'
874 
+  echo $'  -r --refresh          Refresh GPG keys for all users'
864 875 
   echo ''
865 876 
   exit 0
866 877 
 }
 
@@ -885,6 +896,10 @@ case $key in
885 896 
 	shift
886 897 
 	IMPORT_FILE="$1"
887 898 
 	;;
899 
+	# Refresh GPG keys
900 
+	-r|--refresh)
901 
+	refresh_gpg_keys
902 
+	;;
888 903 
 	*)
889 904 
 	# unknown option
890 905 
 	;;