[dak/master] generate-archive-key: use configuration file

To: debian-dak@lists.debian.org,dak@commit.ganneff.de
Subject: [dak/master] generate-archive-key: use configuration file
From: Ansgar Burchardt <ansgar@debian.org>
Date: Sat, 20 May 2017 13:44:17 +0000
Message-id: <[🔎] E1dC4g5-000GF7-CH@fasolo.debian.org>

---
 config/debian-security/generate-archive-key.conf |  3 +++
 config/debian/generate-archive-key.conf          |  3 +++
 scripts/debian/generate-archive-key              | 33 ++++++++++++++++++++----
 3 files changed, 34 insertions(+), 5 deletions(-)
 create mode 100644 config/debian-security/generate-archive-key.conf
 create mode 100644 config/debian/generate-archive-key.conf

diff --git a/config/debian-security/generate-archive-key.conf b/config/debian-security/generate-archive-key.conf
new file mode 100644
index 0000000..9d4c537
--- /dev/null
+++ b/config/debian-security/generate-archive-key.conf
@@ -0,0 +1,3 @@
+name_real="Debian Security Archive Automatic Signing Key"
+name_email="ftpmaster@debian.org"
+name_comment="9/stretch"
diff --git a/config/debian/generate-archive-key.conf b/config/debian/generate-archive-key.conf
new file mode 100644
index 0000000..da4be05
--- /dev/null
+++ b/config/debian/generate-archive-key.conf
@@ -0,0 +1,3 @@
+name_real="Debian Archive Automatic Signing Key"
+name_email="ftpmaster@debian.org"
+name_comment="9/stretch"
diff --git a/scripts/debian/generate-archive-key b/scripts/debian/generate-archive-key
index 7e5edd0..8cfb8bc 100755
--- a/scripts/debian/generate-archive-key
+++ b/scripts/debian/generate-archive-key
@@ -1,14 +1,18 @@
 #! /bin/bash
 #
-# usage: generate-archive-key <output-directory>
+# usage: generate-archive-key <configuration> <output-directory>
 #
 # generate a new archive key
+#
+# Required packages:
+#     gnupg libgfshare-bin pinentry-tty
 
 set -e
 set -u
 set -o pipefail
 
-output="${1}"
+conf="${1}"
+output="${2}"
 
 # designated revokers
 revokers=(
@@ -34,6 +38,25 @@ if [[ -f /srv/keyring.debian.org/keyrings/debian-keyring.gpg ]]; then
     keyring=/srv/keyring.debian.org/keyrings/debian-keyring.gpg
 fi
 
+if [[ ! -e ${conf} ]]; then
+    echo "Configuration file '${conf}' does not exist" >&2
+    exit 1
+fi
+
+. ${conf}
+
+for v in \
+    revokers \
+    revocation_holders revocation_shares \
+    backup_holders backup_shares \
+    name_real name_email \
+    ; do
+    if [[ ! -v ${v} ]]; then
+        echo "Option '${v}' is not set" >&2
+        exit 1
+    fi
+done
+
 umask 077
 
 show-file() {
@@ -104,9 +127,9 @@ cat > generate-key.conf <<EOF
 Key-Type: RSA
 Key-Length: 4096
 Key-Usage: sign
-Name-Real: Debian Archive Automatic Signing Key
-Name-Email: ftpmaster@debian.org
-Name-Comment: 9.0/stretch
+Name-Real: ${name_real:?}
+Name-Email: ${name_email:?}
+Name-Comment: ${name_comment:-}
 Expire-Date: 8y
 EOF
 
-- 
2.1.4

Reply to:

Prev by Date: [dak/master] script to generate GnuPG keys
Next by Date: [dak/master] Check if output argument is given and check non-existance of output dir early
Previous by thread: [dak/master] script to generate GnuPG keys
Next by thread: [dak/master] Check if output argument is given and check non-existance of output dir early
Index(es):
- Date
- Thread