From d07d139ae42fb2c4263c96167ca6ca67f562bbe9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Sat, 20 Apr 2019 00:42:49 +0200 Subject: Add GPG keys importing from password store --- nixops/scripts/setup | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) (limited to 'nixops/scripts/setup') diff --git a/nixops/scripts/setup b/nixops/scripts/setup index 38cee65..81ba8aa 100755 --- a/nixops/scripts/setup +++ b/nixops/scripts/setup @@ -1,6 +1,6 @@ #!/bin/bash -set -euxo pipefail +set -euo pipefail RemoteRepo="gitolite@git.immae.eu:perso/Immae/Prive/Password_store/Sites" DeploymentUuid="cef694f3-081d-11e9-b31f-0242ec186adf" @@ -52,6 +52,31 @@ if ! pass $NIXOPS_CONFIG_PASS_SUBTREE_PATH > /dev/null 2>/dev/null; then fi fi +gpg_keys=$(pass ls $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/GPGKeys | sed -e "1d" | cut -d" " -f2) +for key in $gpg_keys; do + content=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/GPGKeys/$key) + fpr=$(echo "$content" | gpg --import-options show-only --import --with-colons | grep -e "^pub" | cut -d':' -f5) + gpg --list-key "$fpr" >/dev/null 2>/dev/null && imported=yes || imported=no + # /usr/share/doc/gnupg/DETAILS field 2 + (echo "$content" | gpg --import-options show-only --import --with-colons | + grep -E '^pub:' | + cut -d':' -f2 | + grep -q '[fu]') && signed=yes || signed=no + if [ "$signed" = no -o "$imported" = no ] ; then + echo "The key for $key needs to be imported and signed (a local signature is enough)" + echo "$content" | gpg --import-options show-only --import + echo "Continue? [y/N]" + read y + if [ "$y" = "y" -o "$y" = "Y" ]; then + echo "$content" | gpg --import + gpg --expert --edit-key "$fpr" lsign quit + else + echo "Aborting" + exit 1 + fi + fi +done + nix_group=$(stat -c %G /nix/store) if [ "$nix_group" = "nixbld" ]; then nix_user="nixbld1" -- cgit v1.2.3