diff options
-rwxr-xr-x | nixops/scripts/setup | 27 |
1 files changed, 26 insertions, 1 deletions
diff --git a/nixops/scripts/setup b/nixops/scripts/setup index 38cee65..81ba8aa 100755 --- a/nixops/scripts/setup +++ b/nixops/scripts/setup | |||
@@ -1,6 +1,6 @@ | |||
1 | #!/bin/bash | 1 | #!/bin/bash |
2 | 2 | ||
3 | set -euxo pipefail | 3 | set -euo pipefail |
4 | 4 | ||
5 | RemoteRepo="gitolite@git.immae.eu:perso/Immae/Prive/Password_store/Sites" | 5 | RemoteRepo="gitolite@git.immae.eu:perso/Immae/Prive/Password_store/Sites" |
6 | DeploymentUuid="cef694f3-081d-11e9-b31f-0242ec186adf" | 6 | DeploymentUuid="cef694f3-081d-11e9-b31f-0242ec186adf" |
@@ -52,6 +52,31 @@ if ! pass $NIXOPS_CONFIG_PASS_SUBTREE_PATH > /dev/null 2>/dev/null; then | |||
52 | fi | 52 | fi |
53 | fi | 53 | fi |
54 | 54 | ||
55 | gpg_keys=$(pass ls $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/GPGKeys | sed -e "1d" | cut -d" " -f2) | ||
56 | for key in $gpg_keys; do | ||
57 | content=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/GPGKeys/$key) | ||
58 | fpr=$(echo "$content" | gpg --import-options show-only --import --with-colons | grep -e "^pub" | cut -d':' -f5) | ||
59 | gpg --list-key "$fpr" >/dev/null 2>/dev/null && imported=yes || imported=no | ||
60 | # /usr/share/doc/gnupg/DETAILS field 2 | ||
61 | (echo "$content" | gpg --import-options show-only --import --with-colons | | ||
62 | grep -E '^pub:' | | ||
63 | cut -d':' -f2 | | ||
64 | grep -q '[fu]') && signed=yes || signed=no | ||
65 | if [ "$signed" = no -o "$imported" = no ] ; then | ||
66 | echo "The key for $key needs to be imported and signed (a local signature is enough)" | ||
67 | echo "$content" | gpg --import-options show-only --import | ||
68 | echo "Continue? [y/N]" | ||
69 | read y | ||
70 | if [ "$y" = "y" -o "$y" = "Y" ]; then | ||
71 | echo "$content" | gpg --import | ||
72 | gpg --expert --edit-key "$fpr" lsign quit | ||
73 | else | ||
74 | echo "Aborting" | ||
75 | exit 1 | ||
76 | fi | ||
77 | fi | ||
78 | done | ||
79 | |||
55 | nix_group=$(stat -c %G /nix/store) | 80 | nix_group=$(stat -c %G /nix/store) |
56 | if [ "$nix_group" = "nixbld" ]; then | 81 | if [ "$nix_group" = "nixbld" ]; then |
57 | nix_user="nixbld1" | 82 | nix_user="nixbld1" |