Verified Commit a65cf936 authored by Matthias Adamczyk's avatar Matthias Adamczyk
Browse files

Update GPG management script

parent 408a3f25
......@@ -8,16 +8,20 @@ cd "$(dirname "$0")/.." || exit 1
usage () {
cat <<EOF
Usage:
$(basename "$0") -h | -i <gpg_id> | -p PUBKEY_FILE | -g [--use-remote-sudo] <host>
$(basename "$0") -h
$(basename "$0") -a { -i <gpg_id> | -p PUBKEY_FILE }
$(basename "$0") -s { -i <gpg_id> | -p PUBKEY_FILE | -g [--use-remote-sudo] <host> }
Add a new sysadmin to the secrets store
Adds a new public key to the secrets store
Options:
-h, --help Display this help message and exit
-a, --add-admin Add the pubkey of a new sysadmin
-s, --add-system Add the pubkey of a new system user (root)
-i, --gpg-id Add a gpg key of a new sysadmin by providing the gpg id
-p, --public-key Add a gpg key of a new sysadmin by providing the public key
-g, --generate-remote
--use-remote-sudo
-g, --generate-remote Genreate the keypair on the target host
--use-remote-sudo Generate the keys using sudo
<gpg_id> gpg id of the user
PUBKEY_FILE Path to the public key to import.
EOF
......@@ -33,12 +37,14 @@ error () {
kill -s TERM $TOP_PID
}
# Imports existing pubkeys to the user's gpg keyring
import_existing_pubkeys () {
echo "Importing existing pubkeys... " >&2
find secrets/.public-keys/ -type f -exec gpg --import "{}" \;
echo "done!" >&2
}
# Takes a gpg id and exports it to `secrets/.public-keys/`
export_pubkey () {
dest="secrets/.public-keys"
echo "Adding pubkey to secrets/.public-keys ..." >&2
......@@ -54,6 +60,7 @@ export_pubkey () {
echo "Done!" >&2
}
# Takes a pubkey and writes it to `secret/.public-keys/`
copy_pubkey () {
pubkey=$1
gpg_id=$2
......@@ -65,7 +72,7 @@ copy_pubkey () {
echo "Done!" >&2
}
# Commits the result
commit () {
git add secrets
......@@ -77,7 +84,8 @@ commit () {
fi
}
add_gpg_id () {
# Adds the pubkey of a new sysadmin to the password store
add_admin () {
gpg_id="$1"
printf '%s' "Adding gpg id to all .gpg-id files... " >&2
......@@ -123,7 +131,8 @@ generate_key_remote () {
|| error "$LINENO" "Exporting gpg pubkey \"$fingerprint\" failed"
mkdir -p "secrets/.public-keys"
echo "$pubkey" > "secrets/.public-keys/$gpg_id"
# shellcheck disable=SC2001
echo "$pubkey" > "secrets/.public-keys/$(echo "$host" | sed 's/\(.*@\)\(.*\)/\2/')"
rm "$generate_key_cmd"
echo "done!" >&2
......@@ -131,8 +140,10 @@ generate_key_remote () {
echo "$gpg_id"
}
# Adds a pubkey of a new host to the secrets store
setup_system () {
hostname="$1"
# shellcheck disable=SC2001
hostname="$(echo "$1" | sed 's/\(.*@\)\(.*\)/\2/')"
gpg_id="$2"
set -e
......@@ -157,43 +168,70 @@ setup_system () {
printf "\n%s\n" "All done \o/"
}
case "$1" in
-h|--help)
usage
;;
-i|--gpg-id)
shift
[ -z "$1" ] && error "$LINENO" "<gpg_id> empty!"
import_existing_pubkeys
export_pubkey "$1"
add_gpg_id "$1"
#commit
;;
-p|--pubkey)
shift
[ -z "$1" ] && error $LINENO "Path to PUBKEY not provided!"
import_existing_pubkeys
gpg_id=$(retrieve_gpg_id "$1")
copy_pubkey "$1" "$gpg_id"
add_gpg_id "$gpg_id"
#commit
;;
-g|--generate-remote)
shift
if [ "$1" = "--use-remote-sudo" ];then
use_remote_sudo="true"
# Displays a specific command line error
error_a_or_s_missing () {
error "$LINENO" "Argument \`-a\` or \`-s\` missing!"
}
while [[ $# -gt 0 ]]; do
case "$1" in
-h|--help)
usage
;;
-a|--add-admin)
shift
ADD_ADMIN="true"
;;
-s|--add-system)
shift
ADD_SYSTEM="true"
;;
-i|--gpg-id)
shift
[ -z "$1" ] && error "$LINENO" "<gpg_id> empty!"
import_existing_pubkeys
export_pubkey "$1"
if [ "$ADD_ADMIN" = "true" ]; then
add_admin "$1"
elif [ "$ADD_SYSTEM" ]; then
add_system "$1"
else
error_a_or_s_missing
fi
#commit
;;
-p|--pubkey)
shift
[ -z "$1" ] && error $LINENO "Path to PUBKEY not provided!"
import_existing_pubkeys
gpg_id=$(retrieve_gpg_id "$1")
copy_pubkey "$1" "$gpg_id"
if [ "$ADD_ADMIN" = "true" ]; then
add_admin "$gpg_id"
elif [ "$ADD_SYSTEM" ]; then
add_system "$1"
else
error_a_or_s_missing
fi
#commit
;;
-g|--generate-remote)
shift
hostname="$1"
else
use_remote_sudo="false"
hostname=$1
fi
gpg_id=$(generate_key_remote "$use_remote_sudo" "$hostname")
setup_system "$hostname" "$gpg_id"
;;
*)
echo "Error: Unrecognized argument." >&2
exit 1
esac
if [ "$1" = "--use-remote-sudo" ];then
use_remote_sudo="true"
shift
hostname="$1"
else
use_remote_sudo="false"
hostname=$1
fi
gpg_id=$(generate_key_remote "$use_remote_sudo" "$hostname")
setup_system "$hostname" "$gpg_id"
;;
*)
echo "Error: Unrecognized argument." >&2
exit 1
esac
done
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment