summaryrefslogtreecommitdiff
path: root/bin/manage-gpg-keys
blob: ed67c021482f3cfa953542830ef9847214840bc2 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
#!/bin/bash

# shellcheck source=../lib/load-configuration
. "${0%/*}/../lib/load-configuration"

# add the gpg key given by fingerprint as parameter

if [ $# -le 2 ]; then
  >&2 echo 'usage: owner fingerprint capability capability ...'
  exit 1
fi

owner="$1"
shift

owner_id=$(
  # shellcheck disable=SC2016
  {
    printf 'SELECT `persons`.`id`'
    printf ' FROM `persons`'
    printf ' WHERE `persons`.`name`=from_base64("%s");\n' \
      "$(
        printf '%s' "${owner}" \
        | base64 -w0
      )"
  } \
  | mysql_run_query
)

if [ -z "${owner_id}" ]; then
  >&2 printf 'Cannot find person "%s".\n' "${owner}"
  exit 1
fi

key_id="$1"
key=$(
  gpg -a --export "${key_id}"
)

if [ -z "${key}" ]; then
  >&2 printf 'Cannot find key %s.\n' "${key_id}"
  exit 1
fi

key_id=$(
  printf '%s\n' "${key_id}" \
  | base64 -w0
)
key=$(
  printf '%s\n' "${key}" \
  | base64 -w0
)

shift

capabilities=$(
  # shellcheck disable=SC2016
  {
    printf 'SELECT'
    printf ' `email_actions`.`id`'
    printf ' FROM `email_actions`'
    printf ' WHERE `email_actions`.`name` IN ('
    printf '%s\n' "$@" \
    | base64_encode_each \
    | sed '
      s/^.*$/from_base64("\0"),/
      $ s/,$//
    '
    printf ');\n'
  } \
  | mysql_run_query
)

if [ -z "${capabilities}" ]; then
  >&2 echo 'No known capabilities matched any given one:'
  >&2 printf '"%s"\n' "$@"
  exit 1
fi

# shellcheck disable=SC2016
{
  printf 'INSERT IGNORE INTO `gpg_keys`(`owner`,`fingerprint`,`public_key`)'
  printf ' VALUES (%s,from_base64("%s"),from_base64("%s"));\n' \
    "${owner_id}" \
    "${key_id}" \
    "${key}"
  printf 'INSERT IGNORE INTO `allowed_email_actions`(`gpg_key`,`action`)'
  printf ' VALUES '
  printf '%s\n' "${capabilities}" \
  | sed '
    s/^.*$/(LAST_INSERT_ID(),\0),/
    $ s/,$//
  '
  printf ';\n'
} \
| mysql_run_query