diff options
Diffstat (limited to 'share/hydra/import-keys')
| -rwxr-xr-x | share/hydra/import-keys | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/share/hydra/import-keys b/share/hydra/import-keys new file mode 100755 index 0000000..8929baf --- /dev/null +++ b/share/hydra/import-keys @@ -0,0 +1,67 @@ +#!/bin/bash +# +# Import a key into nodes. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public +# License along with this program. If not, see +# <http://www.gnu.org/licenses/>. + +# Load +source $APP_BASE/lib/hydra/functions || exit 1 +hydra_config_load + +# Command line arguments +NODES="$*" + +# Build node list +if [ -z "$NODES" ]; then + NODES="`hydra $HYDRA nodes`" +fi + +# Deploy +for node in $NODES; do + if [ ! -z "$HOST" ]; then + hostname="$HOST" + else + hostname="`echo $node | cut -d . -f 1`" + fi + + key="$(keyringer $HYDRA decrypt $hostname/gpg/key 2> /dev/null | sed -ne '1,$p')" + key_id="$(echo "$key" | gpg --with-colons | grep sec | cut -d : -f 5)" + + if [ -z "$key" ]; then + echo "Could not find key for $node, skipping." + continue + fi + + $HYDRA_CONNECT $node <<EOF + ##### BEGIN REMOTE SCRIPT ##### + echo "" + echo "-----------------------------" + echo "Importing gpg key to $node..." + echo "-----------------------------" + echo "" + echo "$key" | sudo gpg --homedir /root/.gnupg --import + + echo "" + echo "Trusting key at $node..." + echo "" + printf "trust\n5\ny\nsave\n" | sudo gpg --homedir /root/.gnupg --no-tty --status-fd=2 --command-fd=0 --edit-key $key_id + + echo "" + echo "Verifying..." + echo "" + sudo gpg --homedir /root/.gnupg --list-keys + ##### END REMOTE SCRIPT ####### +EOF +done |