Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
path: root/bin
diff options
context:
space:
mode:
authorErich Eckner <git@eckner.net>2019-09-09 14:53:27 +0200
committerErich Eckner <git@eckner.net>2019-09-09 14:53:27 +0200
commit6b8374e739864b164587f4f088fc5384a48e16dc (patch)
tree1928c199385d3b4d65308990bb1c8e2bae8324fe /bin
parentb83ad7f1672047b0ca4be1f1e2545000b85f9a9d (diff)
bin/manage-gpg-keys: new (rudimentary functionality only)
Diffstat (limited to 'bin')
-rwxr-xr-xbin/manage-gpg-keys96
1 files changed, 96 insertions, 0 deletions
diff --git a/bin/manage-gpg-keys b/bin/manage-gpg-keys
new file mode 100755
index 0000000..ed67c02
--- /dev/null
+++ b/bin/manage-gpg-keys
@@ -0,0 +1,96 @@
+#!/bin/bash
+
+# shellcheck source=../lib/load-configuration
+. "${0%/*}/../lib/load-configuration"
+
+# add the gpg key given by fingerprint as parameter
+
+if [ $# -le 2 ]; then
+ >&2 echo 'usage: owner fingerprint capability capability ...'
+ exit 1
+fi
+
+owner="$1"
+shift
+
+owner_id=$(
+ # shellcheck disable=SC2016
+ {
+ printf 'SELECT `persons`.`id`'
+ printf ' FROM `persons`'
+ printf ' WHERE `persons`.`name`=from_base64("%s");\n' \
+ "$(
+ printf '%s' "${owner}" \
+ | base64 -w0
+ )"
+ } \
+ | mysql_run_query
+)
+
+if [ -z "${owner_id}" ]; then
+ >&2 printf 'Cannot find person "%s".\n' "${owner}"
+ exit 1
+fi
+
+key_id="$1"
+key=$(
+ gpg -a --export "${key_id}"
+)
+
+if [ -z "${key}" ]; then
+ >&2 printf 'Cannot find key %s.\n' "${key_id}"
+ exit 1
+fi
+
+key_id=$(
+ printf '%s\n' "${key_id}" \
+ | base64 -w0
+)
+key=$(
+ printf '%s\n' "${key}" \
+ | base64 -w0
+)
+
+shift
+
+capabilities=$(
+ # shellcheck disable=SC2016
+ {
+ printf 'SELECT'
+ printf ' `email_actions`.`id`'
+ printf ' FROM `email_actions`'
+ printf ' WHERE `email_actions`.`name` IN ('
+ printf '%s\n' "$@" \
+ | base64_encode_each \
+ | sed '
+ s/^.*$/from_base64("\0"),/
+ $ s/,$//
+ '
+ printf ');\n'
+ } \
+ | mysql_run_query
+)
+
+if [ -z "${capabilities}" ]; then
+ >&2 echo 'No known capabilities matched any given one:'
+ >&2 printf '"%s"\n' "$@"
+ exit 1
+fi
+
+# shellcheck disable=SC2016
+{
+ printf 'INSERT IGNORE INTO `gpg_keys`(`owner`,`fingerprint`,`public_key`)'
+ printf ' VALUES (%s,from_base64("%s"),from_base64("%s"));\n' \
+ "${owner_id}" \
+ "${key_id}" \
+ "${key}"
+ printf 'INSERT IGNORE INTO `allowed_email_actions`(`gpg_key`,`action`)'
+ printf ' VALUES '
+ printf '%s\n' "${capabilities}" \
+ | sed '
+ s/^.*$/(LAST_INSERT_ID(),\0),/
+ $ s/,$//
+ '
+ printf ';\n'
+} \
+| mysql_run_query