From 6b8374e739864b164587f4f088fc5384a48e16dc Mon Sep 17 00:00:00 2001
From: Erich Eckner <git@eckner.net>
Date: Mon, 9 Sep 2019 14:53:27 +0200
Subject: bin/manage-gpg-keys: new (rudimentary functionality only)

---
 bin/manage-gpg-keys | 96 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 96 insertions(+)
 create mode 100755 bin/manage-gpg-keys

(limited to 'bin/manage-gpg-keys')

diff --git a/bin/manage-gpg-keys b/bin/manage-gpg-keys
new file mode 100755
index 0000000..ed67c02
--- /dev/null
+++ b/bin/manage-gpg-keys
@@ -0,0 +1,96 @@
+#!/bin/bash
+
+# shellcheck source=../lib/load-configuration
+. "${0%/*}/../lib/load-configuration"
+
+# add the gpg key given by fingerprint as parameter
+
+if [ $# -le 2 ]; then
+  >&2 echo 'usage: owner fingerprint capability capability ...'
+  exit 1
+fi
+
+owner="$1"
+shift
+
+owner_id=$(
+  # shellcheck disable=SC2016
+  {
+    printf 'SELECT `persons`.`id`'
+    printf ' FROM `persons`'
+    printf ' WHERE `persons`.`name`=from_base64("%s");\n' \
+      "$(
+        printf '%s' "${owner}" \
+        | base64 -w0
+      )"
+  } \
+  | mysql_run_query
+)
+
+if [ -z "${owner_id}" ]; then
+  >&2 printf 'Cannot find person "%s".\n' "${owner}"
+  exit 1
+fi
+
+key_id="$1"
+key=$(
+  gpg -a --export "${key_id}"
+)
+
+if [ -z "${key}" ]; then
+  >&2 printf 'Cannot find key %s.\n' "${key_id}"
+  exit 1
+fi
+
+key_id=$(
+  printf '%s\n' "${key_id}" \
+  | base64 -w0
+)
+key=$(
+  printf '%s\n' "${key}" \
+  | base64 -w0
+)
+
+shift
+
+capabilities=$(
+  # shellcheck disable=SC2016
+  {
+    printf 'SELECT'
+    printf ' `email_actions`.`id`'
+    printf ' FROM `email_actions`'
+    printf ' WHERE `email_actions`.`name` IN ('
+    printf '%s\n' "$@" \
+    | base64_encode_each \
+    | sed '
+      s/^.*$/from_base64("\0"),/
+      $ s/,$//
+    '
+    printf ');\n'
+  } \
+  | mysql_run_query
+)
+
+if [ -z "${capabilities}" ]; then
+  >&2 echo 'No known capabilities matched any given one:'
+  >&2 printf '"%s"\n' "$@"
+  exit 1
+fi
+
+# shellcheck disable=SC2016
+{
+  printf 'INSERT IGNORE INTO `gpg_keys`(`owner`,`fingerprint`,`public_key`)'
+  printf ' VALUES (%s,from_base64("%s"),from_base64("%s"));\n' \
+    "${owner_id}" \
+    "${key_id}" \
+    "${key}"
+  printf 'INSERT IGNORE INTO `allowed_email_actions`(`gpg_key`,`action`)'
+  printf ' VALUES '
+  printf '%s\n' "${capabilities}" \
+  | sed '
+    s/^.*$/(LAST_INSERT_ID(),\0),/
+    $ s/,$//
+  '
+  printf ';\n'
+} \
+| mysql_run_query
-- 
cgit v1.2.3