dcommander/debsig-import

## debsig-import
#!/bin/bash

set -u
set -e
trap onexit INT
trap onexit TERM
trap onexit EXIT

TMPDIR=

onexit() {
	if [ ! "$TMPDIR" = "" ]; then
		rm -rf $TMPDIR/*
		rmdir $TMPDIR
	fi
}

uid() {
	id | cut -f2 -d = | cut -f1 -d \(;
}

usage() {
	echo
	echo USAGE:
	echo
	echo Import a key:
	echo $0 \<GPG key ID\> \<GPG key URL\>
	echo Delete a key:
	echo $0 -d \<GPG key ID\>
	echo
	exit 1
}

if [ ! `uid` -eq 0 ]; then
	echo This script must be executed as root.
	exit 1
fi

if [ $# -lt 2 ]; then
	usage
fi

DELETE=0
if [ "$1" = "-d" ]; then
	DELETE=1
	ID=$2
else
	ID=$1
	URL=$2
fi

umask 022

if [ $DELETE = 1 ]; then
	if [ -d /usr/share/debsig/keyrings/$ID ]; then
		rm -f /usr/share/debsig/keyrings/$ID/*
		rmdir /usr/share/debsig/keyrings/$ID
	else
		echo "/usr/share/debsig/keyrings/$ID doesn't exist."
	fi
	if [ -d /etc/debsig/policies/$ID ]; then
		rm -f /etc/debsig/policies/$ID/*
		rmdir /etc/debsig/policies/$ID
	else
		echo "/etc/debsig/policies/$ID doesn't exist."
	fi
	exit 0
fi

if [ ! -d /usr/share/debsig/keyrings/$ID ]; then
	mkdir -p /usr/share/debsig/keyrings/$ID
else
	echo /usr/share/debsig/keyrings/$ID already exists.
fi

if [ ! -f /usr/share/debsig/keyrings/$ID/debsig.gpg ]; then
	TMPDIR=`mktemp -d /tmp/debsig-import.XXXXXX`
	wget "$URL" -O $TMPDIR/newsig
	export GNUPGHOME=$TMPDIR
	touch /usr/share/debsig/keyrings/$ID/debsig.gpg
	gpg --no-default-keyring --keyring /usr/share/debsig/keyrings/$ID/debsig.gpg --import $TMPDIR/newsig
	chmod 644 /usr/share/debsig/keyrings/$ID/debsig.gpg
else
	echo /usr/share/debsig/keyrings/$ID/debsig.gpg already exists.
fi

if [ ! -d /etc/debsig/policies/$ID ]; then
	mkdir -p /etc/debsig/policies/$ID
else
	echo /etc/debsig/policies/$ID already exists.
fi

if [ ! -f /etc/debsig/policies/$ID/debsig.pol ]; then
	URL=`debsig-verify --version 2>&1 | grep Signature\ Namespace | sed 's/.*\-\ //g'`
	DESCRIPTION=`gpg --no-default-keyring --keyring /usr/share/debsig/keyrings/$ID/debsig.gpg --list-keys | grep uid | sed s/^uid[\ \t]*//g | sed s/\[\ \t]*\<.*//g`
	cat >/etc/debsig/policies/$ID/debsig.pol <<EOF
<!DOCTYPE Policy SYSTEM "$URL/policy.dtd">
<Policy xmlns="$URL">
  <Origin Name="$DESCRIPTION" id="$ID" Description="$DESCRIPTION"/>
  <Selection>
    <Required Type="origin" File="debsig.gpg" id="$ID"/>
  </Selection>

   <Verification MinOptional="0">
    <Required Type="origin" File="debsig.gpg" id="$ID"/>
   </Verification>
</Policy>
EOF
	chmod 644 /etc/debsig/policies/$ID/debsig.pol
else
	echo /etc/debsig/policies/$ID/debsig.pol already exists.
fi
	#!/bin/bash

	set -u
	set -e
	trap onexit INT
	trap onexit TERM
	trap onexit EXIT

	TMPDIR=

	onexit() {
	if [ ! "$TMPDIR" = "" ]; then
	rm -rf $TMPDIR/*
	rmdir $TMPDIR
	fi
	}

	uid() {
	id \| cut -f2 -d = \| cut -f1 -d \(;
	}

	usage() {
	echo
	echo USAGE:
	echo
	echo Import a key:
	echo $0 \<GPG key ID\> \<GPG key URL\>
	echo Delete a key:
	echo $0 -d \<GPG key ID\>
	echo
	exit 1
	}

	if [ ! `uid` -eq 0 ]; then
	echo This script must be executed as root.
	exit 1
	fi

	if [ $# -lt 2 ]; then
	usage
	fi

	DELETE=0
	if [ "$1" = "-d" ]; then
	DELETE=1
	ID=$2
	else
	ID=$1
	URL=$2
	fi

	umask 022

	if [ $DELETE = 1 ]; then
	if [ -d /usr/share/debsig/keyrings/$ID ]; then
	rm -f /usr/share/debsig/keyrings/$ID/*
	rmdir /usr/share/debsig/keyrings/$ID
	else
	echo "/usr/share/debsig/keyrings/$ID doesn't exist."
	fi
	if [ -d /etc/debsig/policies/$ID ]; then
	rm -f /etc/debsig/policies/$ID/*
	rmdir /etc/debsig/policies/$ID
	else
	echo "/etc/debsig/policies/$ID doesn't exist."
	fi
	exit 0
	fi

	if [ ! -d /usr/share/debsig/keyrings/$ID ]; then
	mkdir -p /usr/share/debsig/keyrings/$ID
	else
	echo /usr/share/debsig/keyrings/$ID already exists.
	fi

	if [ ! -f /usr/share/debsig/keyrings/$ID/debsig.gpg ]; then
	TMPDIR=`mktemp -d /tmp/debsig-import.XXXXXX`
	wget "$URL" -O $TMPDIR/newsig
	export GNUPGHOME=$TMPDIR
	touch /usr/share/debsig/keyrings/$ID/debsig.gpg
	gpg --no-default-keyring --keyring /usr/share/debsig/keyrings/$ID/debsig.gpg --import $TMPDIR/newsig
	chmod 644 /usr/share/debsig/keyrings/$ID/debsig.gpg
	else
	echo /usr/share/debsig/keyrings/$ID/debsig.gpg already exists.
	fi

	if [ ! -d /etc/debsig/policies/$ID ]; then
	mkdir -p /etc/debsig/policies/$ID
	else
	echo /etc/debsig/policies/$ID already exists.
	fi

	if [ ! -f /etc/debsig/policies/$ID/debsig.pol ]; then
	URL=`debsig-verify --version 2>&1 \| grep Signature\ Namespace \| sed 's/.*\-\ //g'`
	DESCRIPTION=`gpg --no-default-keyring --keyring /usr/share/debsig/keyrings/$ID/debsig.gpg --list-keys \| grep uid \| sed s/^uid[\ \t]//g \| sed s/\[\ \t]\<.*//g`
	cat >/etc/debsig/policies/$ID/debsig.pol <<EOF
	<!DOCTYPE Policy SYSTEM "$URL/policy.dtd">
	<Policy xmlns="$URL">
	<Origin Name="$DESCRIPTION" id="$ID" Description="$DESCRIPTION"/>
	<Selection>
	<Required Type="origin" File="debsig.gpg" id="$ID"/>
	</Selection>

	<Verification MinOptional="0">
	<Required Type="origin" File="debsig.gpg" id="$ID"/>
	</Verification>
	</Policy>
	EOF
	chmod 644 /etc/debsig/policies/$ID/debsig.pol
	else
	echo /etc/debsig/policies/$ID/debsig.pol already exists.
	fi