dcommander · August 6, 2020 20:52
diff --git a/debsig-import b/debsig-import
 #!/bin/bash

 set -u
 set -e
 trap onexit INT
 trap onexit TERM
 trap onexit EXIT

 TMPDIR=

 onexit() {
 	if [ ! "$TMPDIR" = "" ]; then
 		rm -rf $TMPDIR/*
 		rmdir $TMPDIR
 	fi
 }

 uid() {
 	id | cut -f2 -d = | cut -f1 -d \(;
 }

 usage() {
 	echo
 	echo USAGE:
 	echo
 	echo Import a key:
 	echo $0 \<GPG key ID\> \<GPG key URL\>
 	echo Delete a key:
 	echo $0 -d \<GPG key ID\>
 	echo
 	exit 1
 }

 if [ ! `uid` -eq 0 ]; then
 	echo This script must be executed as root.
 	exit 1
 fi

 if [ $# -lt 2 ]; then
 	usage
 fi

 DELETE=0
 if [ "$1" = "-d" ]; then
 	DELETE=1
 	ID=$2
 else
 	ID=$1
 	URL=$2
 fi

 umask 022

 if [ $DELETE = 1 ]; then
 	if [ -d /usr/share/debsig/keyrings/$ID ]; then
 		rm -f /usr/share/debsig/keyrings/$ID/*
 		rmdir /usr/share/debsig/keyrings/$ID
 	else
 		echo "/usr/share/debsig/keyrings/$ID doesn't exist."
 	fi
 	if [ -d /etc/debsig/policies/$ID ]; then
 		rm -f /etc/debsig/policies/$ID/*
 		rmdir /etc/debsig/policies/$ID
 	else
 		echo "/etc/debsig/policies/$ID doesn't exist."
 	fi
 	exit 0
 fi

 if [ ! -d /usr/share/debsig/keyrings/$ID ]; then
 	mkdir -p /usr/share/debsig/keyrings/$ID
 else
 	echo /usr/share/debsig/keyrings/$ID already exists.
 fi

 if [ ! -f /usr/share/debsig/keyrings/$ID/debsig.gpg ]; then
 	TMPDIR=`mktemp -d /tmp/debsig-import.XXXXXX`
 	wget "$URL" -O $TMPDIR/newsig
 	export GNUPGHOME=$TMPDIR
 	touch /usr/share/debsig/keyrings/$ID/debsig.gpg
 	gpg --no-default-keyring --keyring /usr/share/debsig/keyrings/$ID/debsig.gpg --import $TMPDIR/newsig
 	chmod 644 /usr/share/debsig/keyrings/$ID/debsig.gpg
 else
 	echo /usr/share/debsig/keyrings/$ID/debsig.gpg already exists.
 fi

 if [ ! -d /etc/debsig/policies/$ID ]; then
 	mkdir -p /etc/debsig/policies/$ID
 else
 	echo /etc/debsig/policies/$ID already exists.
 fi

 if [ ! -f /etc/debsig/policies/$ID/debsig.pol ]; then
 	URL=`debsig-verify --version 2>&1 | grep Signature\ Namespace | sed 's/.*\-\ //g'`
 	DESCRIPTION=`gpg --no-default-keyring --keyring /usr/share/debsig/keyrings/$ID/debsig.gpg --list-keys | grep uid | sed s/^uid[\ \t]*//g | sed s/\[\ \t]*\<.*//g`
 	cat >/etc/debsig/policies/$ID/debsig.pol <<EOF
 <!DOCTYPE Policy SYSTEM "$URL/policy.dtd">
 <Policy xmlns="$URL">
  <Origin Name="$DESCRIPTION" id="$ID" Description="$DESCRIPTION"/>
  <Selection>
    <Required Type="origin" File="debsig.gpg" id="$ID"/>
  </Selection>

   <Verification MinOptional="0">
    <Required Type="origin" File="debsig.gpg" id="$ID"/>
   </Verification>
 </Policy>
 EOF
 	chmod 644 /etc/debsig/policies/$ID/debsig.pol
 else
 	echo /etc/debsig/policies/$ID/debsig.pol already exists.
 fi
	#!/bin/bash

	set -u
	set -e
	trap onexit INT
	trap onexit TERM
	trap onexit EXIT

	TMPDIR=

	onexit() {
	if [ ! "$TMPDIR" = "" ]; then
	rm -rf $TMPDIR/*
	rmdir $TMPDIR
	fi
	}

	uid() {
	id \| cut -f2 -d = \| cut -f1 -d \(;
	}

	usage() {
	echo
	echo USAGE:
	echo
	echo Import a key:
	echo $0 \<GPG key ID\> \<GPG key URL\>
	echo Delete a key:
	echo $0 -d \<GPG key ID\>
	echo
	exit 1
	}

	if [ ! `uid` -eq 0 ]; then
	echo This script must be executed as root.
	exit 1
	fi

	if [ $# -lt 2 ]; then
	usage
	fi

	DELETE=0
	if [ "$1" = "-d" ]; then
	DELETE=1
	ID=$2
	else
	ID=$1
	URL=$2
	fi

	umask 022

	if [ $DELETE = 1 ]; then
	if [ -d /usr/share/debsig/keyrings/$ID ]; then
	rm -f /usr/share/debsig/keyrings/$ID/*
	rmdir /usr/share/debsig/keyrings/$ID
	else
	echo "/usr/share/debsig/keyrings/$ID doesn't exist."
	fi
	if [ -d /etc/debsig/policies/$ID ]; then
	rm -f /etc/debsig/policies/$ID/*
	rmdir /etc/debsig/policies/$ID
	else
	echo "/etc/debsig/policies/$ID doesn't exist."
	fi
	exit 0
	fi

	if [ ! -d /usr/share/debsig/keyrings/$ID ]; then
	mkdir -p /usr/share/debsig/keyrings/$ID
	else
	echo /usr/share/debsig/keyrings/$ID already exists.
	fi

	if [ ! -f /usr/share/debsig/keyrings/$ID/debsig.gpg ]; then
	TMPDIR=`mktemp -d /tmp/debsig-import.XXXXXX`
	wget "$URL" -O $TMPDIR/newsig
	export GNUPGHOME=$TMPDIR
	touch /usr/share/debsig/keyrings/$ID/debsig.gpg
	gpg --no-default-keyring --keyring /usr/share/debsig/keyrings/$ID/debsig.gpg --import $TMPDIR/newsig
	chmod 644 /usr/share/debsig/keyrings/$ID/debsig.gpg
	else
	echo /usr/share/debsig/keyrings/$ID/debsig.gpg already exists.
	fi

	if [ ! -d /etc/debsig/policies/$ID ]; then
	mkdir -p /etc/debsig/policies/$ID
	else
	echo /etc/debsig/policies/$ID already exists.
	fi

	if [ ! -f /etc/debsig/policies/$ID/debsig.pol ]; then
	URL=`debsig-verify --version 2>&1 \| grep Signature\ Namespace \| sed 's/.*\-\ //g'`
	DESCRIPTION=`gpg --no-default-keyring --keyring /usr/share/debsig/keyrings/$ID/debsig.gpg --list-keys \| grep uid \| sed s/^uid[\ \t]//g \| sed s/\[\ \t]\<.*//g`
	cat >/etc/debsig/policies/$ID/debsig.pol <<EOF
	<!DOCTYPE Policy SYSTEM "$URL/policy.dtd">
	<Policy xmlns="$URL">
	<Origin Name="$DESCRIPTION" id="$ID" Description="$DESCRIPTION"/>
	<Selection>
	<Required Type="origin" File="debsig.gpg" id="$ID"/>
	</Selection>

	<Verification MinOptional="0">
	<Required Type="origin" File="debsig.gpg" id="$ID"/>
	</Verification>
	</Policy>
	EOF
	chmod 644 /etc/debsig/policies/$ID/debsig.pol
	else
	echo /etc/debsig/policies/$ID/debsig.pol already exists.
	fi