NBash

Форк
0
206 строк · 4.4 Кб
1
#!/bin/sh
2
#
3
# Copyright (C) 2023  Etersoft
4
# Copyright (C) 2023  Vitaly Lipatov <lav@etersoft.ru>
5
#
6
# This program is free software: you can redistribute it and/or modify
7
# it under the terms of the GNU Affero General Public License as published by
8
# the Free Software Foundation, either version 3 of the License, or
9
# (at your option) any later version.
10
#
11
# This program is distributed in the hope that it will be useful,
12
# but WITHOUT ANY WARRANTY; without even the implied warranty of
13
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14
# GNU Affero General Public License for more details.
15
#
16
# You should have received a copy of the GNU Affero General Public License
17
# along with this program. If not, see <http://www.gnu.org/licenses/>.
18
#
19

20
load_helper epm-sh-altlinux
21

22

23
# allowed files too
24
__epm_get_file_from_url()
25
{
26
    local url="$1"
27
    local tmpfile
28
    tmpfile=$(mktemp) || fatal
29
    remove_on_exit $tmpfile
30
    eget -O "$tmpfile" "$url" >/dev/null
31
    echo "$tmpfile"
32
}
33

34
__epm_addkey_altlinux()
35
{
36
    local name
37
    local url="$1"
38
    shift
39
    if is_url "$url" ; then
40
        name="$(basename "$url" .gpg)"
41
    else
42
        name="$url"
43
        url="$1"
44
        shift
45
    fi
46

47
    local fingerprint
48
    if is_url "$url" ; then
49
        fingerprint="$1"
50
        shift
51
    else
52
        fingerprint="$url"
53
        url=""
54
    fi
55

56
    local comment="$1"
57
    # compat
58
    [ -n "$2" ] && name="$2"
59

60
    [ -s /etc/apt/vendors.list.d/$name.list ] && return
61

62
# TODO: get this info from the gpg key
63
    cat << EOF | sudorun tee /etc/apt/vendors.list.d/$name.list
64
simple-key "$name" {
65
        FingerPrint "$fingerprint";
66
        Name "$comment";
67
}
68
EOF
69
    if [ -n "$url" ] ; then
70
        local tmpfile=$(__epm_get_file_from_url $url) || fatal
71
        sudocmd gpg --no-default-keyring --keyring /usr/lib/alt-gpgkeys/pubring.gpg --import $tmpfile
72
    fi
73
}
74

75

76
__epm_addkey_alpine()
77
{
78
    local name
79
    local url="$1"
80
    shift
81
    if is_url "$url" ; then
82
        name="$(basename "$url" .rsa)"
83
    else
84
        name="$url"
85
        url="$1"
86
        shift
87
    fi
88

89
    local target="/etc/apk/keys/$name.rsa"
90

91
    [ -s $target ] && return
92

93
    local tmpfile=$(__epm_get_file_from_url $url) || fatal
94
    sudocmd cp $tmpfile $target
95
}
96

97

98
__epm_addkey_dnf()
99
{
100
    local name
101
    local url="$1"
102
    shift
103
    if is_url "$url" ; then
104
        name="$(basename "$url" .gpg)"
105
    else
106
        name="$url"
107
        url="$1"
108
        shift
109
    fi
110
    local gpgkeyurl="$1"
111
    local nametext="$2"
112
    # compat
113
    [ -n "$3" ] && name="$3"
114

115
    # TODO: missed name, nametext, gpgkeyurl (disable gpgcheck=1)
116

117
    local target="/etc/yum.repos.d/$name.repo"
118
    [ -s $target ] && return
119

120
    local tmpfile
121
    tmpfile=$(mktemp) || fatal
122
    remove_on_exit $tmpfile
123
    cat >$tmpfile <<EOF
124
[$name]
125
name=$nametext
126
baseurl=$url
127
gpgcheck=1
128
enabled=1
129
gpgkey=$gpgkeyurl
130
EOF
131
    chmod 644 $tmpfile
132
    sudocmd cp $tmpfile $target
133
}
134

135

136
__epm_addkey_deb()
137
{
138
    local name
139
    local url="$1"
140
    shift
141
    if is_url "$url" ; then
142
        name="$(basename "$url" .gpg)"
143
    else
144
        name="$url"
145
        url="$1"
146
        shift
147
    fi
148
    local fingerprint="$1"
149
    local comment="$2"
150
    # compat
151
    [ -n "$3" ] && name="$3"
152

153
    # FIXME: check by GPG PUBKEY
154
    [ -s /etc/apt/trusted.gpg.d/$name.gpg ] && return
155

156
    if [ -z "$fingerprint" ] ; then
157
        local tmpfile=$(__epm_get_file_from_url $url) || fatal
158
        if cat $tmpfile | head -n3 | grep -- "-----BEGIN PGP PUBLIC KEY BLOCK-----" ; then
159
            # This is a GnuPG extension to OpenPGP
160
            cat $tmpfile | a= gpg --dearmor >$tmpfile
161
        fi
162
        sudocmd apt-key add $tmpfile
163
#
164
#        if [ ! -f /etc/apt/trusted.gpg.d/$name.gpg ]; then
165
#                epm tool eget -q -O /etc/apt/trusted.gpg.d/$name.gpg https://example.com/$name.gpg > /dev/null
166
#                chmod 0644 /etc/apt/trusted.gpg.d/$name.gpg
167
#        fi
168

169
        return
170
    fi
171
    sudocmd apt-key adv --keyserver "$url" --recv "$fingerprint"
172
}
173

174

175
epm_addkey()
176
{
177

178
if [ "$1" = "-h" ] || [ "$1" = "--help" ] || [ -z "$1" ] ; then
179
    echo "Usage: $ epm repo addkey [name] [url] [fingerprint/gpgkey] [comment/name]"
180
    return
181
fi
182

183
# initialize here
184
remove_on_exit
185

186
case $BASEDISTRNAME in
187
    "alt")
188
        __epm_addkey_altlinux "$@"
189
        return
190
        ;;
191
    "alpine")
192
        __epm_addkey_alpine "$@"
193
        return
194
        ;;
195
esac
196

197
case $PMTYPE in
198
    apt-dpkg)
199
        __epm_addkey_deb "$@"
200
        ;;
201
    dnf-*|yum-*)
202
        __epm_addkey_dnf "$@"
203
        ;;
204
esac
205

206
}
207

208

Использование cookies

Мы используем файлы cookie в соответствии с Политикой конфиденциальности и Политикой использования cookies.

Нажимая кнопку «Принимаю», Вы даете АО «СберТех» согласие на обработку Ваших персональных данных в целях совершенствования нашего веб-сайта и Сервиса GitVerse, а также повышения удобства их использования.

Запретить использование cookies Вы можете самостоятельно в настройках Вашего браузера.