Handbuchskizze und GPG-Key-Script
This commit is contained in:
parent
77ed3f68dc
commit
9dd716d014
3 changed files with 355 additions and 0 deletions
73
Office/Handbuch/handbuch.md
Normal file
73
Office/Handbuch/handbuch.md
Normal file
|
@ -0,0 +1,73 @@
|
|||
WIP
|
||||
|
||||
# Handbuch für den Vorstand des Hackspace Jena e.V."
|
||||
|
||||
Dieses Handbuch ist kein Gesetz. Es dokumentiert eine selbst auferlegte
|
||||
Aufgabenverteilung, die immer wieder ständig angepasst werden kann und die
|
||||
dokumentiert, wie der aktuelle Vorstand seine Arbeit machen möchte. Natürlich
|
||||
kann das Handbuch bei der Aufnahme der Arbeit eines neu gewählten Vorstandes als
|
||||
Orientierung dienen, an die er sich mehr oder weniger hält. Ein Ziel, das mit
|
||||
der Erstellung und Pflege dieses Dokumentes verfolgt wird, ist auch, bei der
|
||||
Übergabe und Einarbeitung Zeit zu sparen und Kommunikationsfehler zu vermeiden.
|
||||
|
||||
TODO: https://kraut.space/hswiki:anleitungen:vorstandswechsel einarbeiten
|
||||
|
||||
## Gemeinsame Arbeit
|
||||
|
||||
- Vorstandssitzungen
|
||||
|
||||
## Vorsitzender
|
||||
|
||||
### Übergabe
|
||||
|
||||
#### Eintretend
|
||||
|
||||
- Sicherheitsbeauftragten benennen und unter
|
||||
https://kraut.space/hswiki:verein:verantwortliche#sicherheitsbeauftragter
|
||||
vermerken
|
||||
|
||||
### Laufender Betrieb
|
||||
|
||||
## Schatzmeister
|
||||
|
||||
### Übergabe
|
||||
|
||||
### Laufender Betrieb
|
||||
|
||||
#### Finanzen
|
||||
|
||||
#### Mitgliederverwaltung
|
||||
|
||||
- Mitgliederanträge werden chronologisch sortiert in einem Ordner abgeheftet
|
||||
- Austrittserklärungen werden bei dem korrespondierenden Mitgliedsantrag
|
||||
abgeheftet
|
||||
- Austrittserklärungen werden mit einem Formschreiben bestätigt
|
||||
- Eintritt und Austritt werden in Jameica gepflegt
|
||||
|
||||
#### Sonstiges
|
||||
|
||||
- Bei Bedarf Domains bei OVH verlängern, man bekommt ne E-Mail (Login in keepass file)
|
||||
|
||||
## Schriftführer
|
||||
|
||||
### Übergabe
|
||||
|
||||
#### Scheidend
|
||||
|
||||
- Erstellung und Übergabe des Protokolls der Mitgliederversammlung organisieren
|
||||
|
||||
#### Eintretend
|
||||
|
||||
- Unterlagen zum Notar für Vereinsregistereintragung
|
||||
- Im Januar: Neues E-Mail-Zertifikat erstellen und veröffentlichen
|
||||
- Mit scripts/gen-office-key erstellen
|
||||
- Auf Keyserver veröffentilchen
|
||||
- In ORTS einspielen
|
||||
- Links und Download auf Webseite aktualisieren
|
||||
|
||||
### Laufender Betrieb
|
||||
|
||||
- Außenkommunikation (OTRS)
|
||||
- Junk aussortieren
|
||||
- Rest beantworten oder anderen Vorstandsmitgliedern zuweißen
|
||||
- Protokolle der Vorstandssitzungen
|
1
Office/Handbuch/scripts/.gitignore
vendored
Normal file
1
Office/Handbuch/scripts/.gitignore
vendored
Normal file
|
@ -0,0 +1 @@
|
|||
*.asc
|
281
Office/Handbuch/scripts/gen-office-key
Executable file
281
Office/Handbuch/scripts/gen-office-key
Executable file
|
@ -0,0 +1,281 @@
|
|||
#!/bin/bash
|
||||
#---help---
|
||||
# Usage:
|
||||
# gen-ffice-key
|
||||
# gen-ffice-key [-h|--help]
|
||||
#
|
||||
# Generate a GPG key pair for Hackspace Jena e.V.'s office email addresses
|
||||
#
|
||||
# Options:
|
||||
#
|
||||
# -h --help Show this message and exit
|
||||
#
|
||||
# Description:
|
||||
#
|
||||
# gen-office-key generates a GPG key pair for the three Hackspace Jena e.V.
|
||||
# office email addresses
|
||||
#
|
||||
# office@hackspace-jena.de ,
|
||||
# office@krautspace.de , and
|
||||
# office@kraut.space
|
||||
#
|
||||
# under the user id 'Hackspace Jena e.V. Büro ($year)', for the current year
|
||||
# ($year). The script generates a 4096-bit RSA key pair for signing,
|
||||
# encryption, and authentication. The key expires on January 31st of the
|
||||
# following year and the a new key should be generated every Janurary.
|
||||
#
|
||||
# The scripts exports two files. 'office_key_$year.pub.asc' with the ASCII
|
||||
# armored public key, and 'office_key_$year.asc' with both keys in ASCII
|
||||
# armored form. If either file exists, the script reports and error and exists
|
||||
# without doing anyting.
|
||||
#
|
||||
# Notes:
|
||||
#
|
||||
# This script has no arguments or options (except for -h) so that the user
|
||||
# does not have to think. You run it in January once every year, upload the
|
||||
# key to the appropriate places, and that is it.
|
||||
#
|
||||
# If circumstances change in the future, rather than add options to this
|
||||
# script, adapt it.
|
||||
#
|
||||
# License:
|
||||
#
|
||||
# 2019 Philipp Matthias Schäfer <philipp.matthias.schaefer@posteo.de>
|
||||
#
|
||||
# To the extent possible under law, the author has dedicated all copyright and
|
||||
# related and neighboring rights to this software to the public domain
|
||||
# worldwide. This software is distributed without any warranty.
|
||||
#
|
||||
# You can find a copy of the CC0 Public Domain Dedication at the end of source
|
||||
# of this script and under <http://creativecommons.org/publicdomain/zero/1.0/>.
|
||||
#---help---
|
||||
|
||||
# This script exports environment variables and changes the file mode creation
|
||||
# mask
|
||||
if [[ "${BASH_SOURCE[0]}" != "${0}" ]]; then
|
||||
echo "Error: ${BASH_SOURCE[0]} must not be sourced"
|
||||
return 1
|
||||
fi
|
||||
|
||||
set -eu
|
||||
|
||||
if [ $# -gt 0 ]; then
|
||||
# Print the help message enclosed between the two lines containing
|
||||
# '#---help---'
|
||||
sed -n '/^#---help---/,/^#---help---/p;' "$0" \
|
||||
| sed -E 's/^# ?//;1d;$d;'
|
||||
|
||||
# If -h or --help was passed, the user wanted to see the help message,
|
||||
# otherwise, we showed it due to an erroneous invocation.
|
||||
case "$1" in
|
||||
-h | --help) exit 0;;
|
||||
*) exit 1;;
|
||||
esac
|
||||
fi
|
||||
|
||||
# Determine the current year
|
||||
year=$(date +%Y)
|
||||
# The next year
|
||||
next_year=$((year+1))
|
||||
# And from that the expiration date of new key
|
||||
expiration_date="$next_year-01-31"
|
||||
|
||||
# Derive the output file names from the current year
|
||||
public_key_file="office_key_$year.pub.asc"
|
||||
secret_key_file="office_key_$year.asc"
|
||||
|
||||
# Ensure that the files do not exist
|
||||
die_if_exists() {
|
||||
if [ -f "$1" ]; then
|
||||
echo "Error: File $1 already exists"
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
die_if_exists "$public_key_file"
|
||||
die_if_exists "$secret_key_file"
|
||||
|
||||
# Warn when it is not January
|
||||
if [ "01" -ne "$(date +%m)" ]; then
|
||||
echo "Warning: This script should have been run in January."
|
||||
fi
|
||||
|
||||
# Create temporary directory as our working directory
|
||||
work_directory=$(mktemp -d)
|
||||
# Ensure that it gets deleted when this script exists (for whatever reason)
|
||||
trap "rm -rf '$work_directory'" EXIT HUP INT TERM
|
||||
|
||||
# Make GPG use the work directory
|
||||
export GNUPGHOME="$work_directory"
|
||||
|
||||
# Create key generation configuration with first uid
|
||||
# https://www.gnupg.org/documentation/manuals/gnupg/Unattended-GPG-key-generation.html
|
||||
cat > "$work_directory/configuration" << EOF
|
||||
%no-protection
|
||||
Key-Type: RSA
|
||||
Key-Length: 4096
|
||||
Key-Usage: encrypt,sign,auth
|
||||
Name-Real: Hackspace Jena e.V. Büro ($year)
|
||||
Name-Email: office@hackspace-jena.de
|
||||
Expire-Date: $expiration_date
|
||||
%commit
|
||||
EOF
|
||||
|
||||
echo -n "Generating..."
|
||||
|
||||
# Generate key
|
||||
gpg --quiet --batch --no-tty --gen-key "$work_directory/configuration" \
|
||||
2>&1 >/dev/null \
|
||||
| grep -v "marked as ultimately trusted" 1>&2 \
|
||||
|| echo -n '' # Because grep exits with 1
|
||||
|
||||
# Determine keyid of the new key
|
||||
keyid=$(gpg --quiet --no-tty --list-secret-keys --with-colons 2>/dev/null \
|
||||
| awk -F: '/^sec:/ { print $5 }')
|
||||
|
||||
# Add two additional uids
|
||||
gpg --quick-add-uid "$keyid" \
|
||||
"Hackspace Jena e.V. Büro ($year) <office@krautspace.de>"
|
||||
gpg --quick-add-uid "$keyid" \
|
||||
"Hackspace Jena e.V. Büro ($year) <office@kraut.space>"
|
||||
|
||||
# Export public key
|
||||
gpg --batch --yes --no-tty --armor \
|
||||
--output "$public_key_file" --export "$keyid"
|
||||
|
||||
# Store old umask
|
||||
old_umask=$(umask)
|
||||
# Ensure secret key is only readable by the current user
|
||||
umask 0077
|
||||
# Export secret key
|
||||
gpg --batch --yes --no-tty --armor \
|
||||
--output "$secret_key_file" --export-secret-keys "$keyid"
|
||||
|
||||
echo -e "\rGenerated key pair:"
|
||||
gpg --list-keys | grep -v "$work_directory"
|
||||
|
||||
echo "Public Key: $public_key_file"
|
||||
echo "Secret Key: $secret_key_file"
|
||||
|
||||
#---license---
|
||||
# Creative Commons Legal Code
|
||||
#
|
||||
# CC0 1.0 Universal
|
||||
#
|
||||
# CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE
|
||||
# LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN
|
||||
# ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS
|
||||
# INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES
|
||||
# REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS
|
||||
# PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM
|
||||
# THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED
|
||||
# HEREUNDER.
|
||||
#
|
||||
# Statement of Purpose
|
||||
#
|
||||
# The laws of most jurisdictions throughout the world automatically confer
|
||||
# exclusive Copyright and Related Rights (defined below) upon the creator
|
||||
# and subsequent owner(s) (each and all, an "owner") of an original work of
|
||||
# authorship and/or a database (each, a "Work").
|
||||
#
|
||||
# Certain owners wish to permanently relinquish those rights to a Work for
|
||||
# the purpose of contributing to a commons of creative, cultural and
|
||||
# scientific works ("Commons") that the public can reliably and without fear
|
||||
# of later claims of infringement build upon, modify, incorporate in other
|
||||
# works, reuse and redistribute as freely as possible in any form whatsoever
|
||||
# and for any purposes, including without limitation commercial purposes.
|
||||
# These owners may contribute to the Commons to promote the ideal of a free
|
||||
# culture and the further production of creative, cultural and scientific
|
||||
# works, or to gain reputation or greater distribution for their Work in
|
||||
# part through the use and efforts of others.
|
||||
#
|
||||
# For these and/or other purposes and motivations, and without any
|
||||
# expectation of additional consideration or compensation, the person
|
||||
# associating CC0 with a Work (the "Affirmer"), to the extent that he or she
|
||||
# is an owner of Copyright and Related Rights in the Work, voluntarily
|
||||
# elects to apply CC0 to the Work and publicly distribute the Work under its
|
||||
# terms, with knowledge of his or her Copyright and Related Rights in the
|
||||
# Work and the meaning and intended legal effect of CC0 on those rights.
|
||||
#
|
||||
# 1. Copyright and Related Rights. A Work made available under CC0 may be
|
||||
# protected by copyright and related or neighboring rights ("Copyright and
|
||||
# Related Rights"). Copyright and Related Rights include, but are not
|
||||
# limited to, the following:
|
||||
#
|
||||
# i. the right to reproduce, adapt, distribute, perform, display,
|
||||
# communicate, and translate a Work;
|
||||
# ii. moral rights retained by the original author(s) and/or performer(s);
|
||||
# iii. publicity and privacy rights pertaining to a person's image or
|
||||
# likeness depicted in a Work;
|
||||
# iv. rights protecting against unfair competition in regards to a Work,
|
||||
# subject to the limitations in paragraph 4(a), below;
|
||||
# v. rights protecting the extraction, dissemination, use and reuse of data
|
||||
# in a Work;
|
||||
# vi. database rights (such as those arising under Directive 96/9/EC of the
|
||||
# European Parliament and of the Council of 11 March 1996 on the legal
|
||||
# protection of databases, and under any national implementation
|
||||
# thereof, including any amended or successor version of such
|
||||
# directive); and
|
||||
# vii. other similar, equivalent or corresponding rights throughout the
|
||||
# world based on applicable law or treaty, and any national
|
||||
# implementations thereof.
|
||||
#
|
||||
# 2. Waiver. To the greatest extent permitted by, but not in contravention
|
||||
# of, applicable law, Affirmer hereby overtly, fully, permanently,
|
||||
# irrevocably and unconditionally waives, abandons, and surrenders all of
|
||||
# Affirmer's Copyright and Related Rights and associated claims and causes
|
||||
# of action, whether now known or unknown (including existing as well as
|
||||
# future claims and causes of action), in the Work (i) in all territories
|
||||
# worldwide, (ii) for the maximum duration provided by applicable law or
|
||||
# treaty (including future time extensions), (iii) in any current or future
|
||||
# medium and for any number of copies, and (iv) for any purpose whatsoever,
|
||||
# including without limitation commercial, advertising or promotional
|
||||
# purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each
|
||||
# member of the public at large and to the detriment of Affirmer's heirs and
|
||||
# successors, fully intending that such Waiver shall not be subject to
|
||||
# revocation, rescission, cancellation, termination, or any other legal or
|
||||
# equitable action to disrupt the quiet enjoyment of the Work by the public
|
||||
# as contemplated by Affirmer's express Statement of Purpose.
|
||||
#
|
||||
# 3. Public License Fallback. Should any part of the Waiver for any reason
|
||||
# be judged legally invalid or ineffective under applicable law, then the
|
||||
# Waiver shall be preserved to the maximum extent permitted taking into
|
||||
# account Affirmer's express Statement of Purpose. In addition, to the
|
||||
# extent the Waiver is so judged Affirmer hereby grants to each affected
|
||||
# person a royalty-free, non transferable, non sublicensable, non exclusive,
|
||||
# irrevocable and unconditional license to exercise Affirmer's Copyright and
|
||||
# Related Rights in the Work (i) in all territories worldwide, (ii) for the
|
||||
# maximum duration provided by applicable law or treaty (including future
|
||||
# time extensions), (iii) in any current or future medium and for any number
|
||||
# of copies, and (iv) for any purpose whatsoever, including without
|
||||
# limitation commercial, advertising or promotional purposes (the
|
||||
# "License"). The License shall be deemed effective as of the date CC0 was
|
||||
# applied by Affirmer to the Work. Should any part of the License for any
|
||||
# reason be judged legally invalid or ineffective under applicable law, such
|
||||
# partial invalidity or ineffectiveness shall not invalidate the remainder
|
||||
# of the License, and in such case Affirmer hereby affirms that he or she
|
||||
# will not (i) exercise any of his or her remaining Copyright and Related
|
||||
# Rights in the Work or (ii) assert any associated claims and causes of
|
||||
# action with respect to the Work, in either case contrary to Affirmer's
|
||||
# express Statement of Purpose.
|
||||
#
|
||||
# 4. Limitations and Disclaimers.
|
||||
#
|
||||
# a. No trademark or patent rights held by Affirmer are waived, abandoned,
|
||||
# surrendered, licensed or otherwise affected by this document.
|
||||
# b. Affirmer offers the Work as-is and makes no representations or
|
||||
# warranties of any kind concerning the Work, express, implied,
|
||||
# statutory or otherwise, including without limitation warranties of
|
||||
# title, merchantability, fitness for a particular purpose, non
|
||||
# infringement, or the absence of latent or other defects, accuracy, or
|
||||
# the present or absence of errors, whether or not discoverable, all to
|
||||
# the greatest extent permissible under applicable law.
|
||||
# c. Affirmer disclaims responsibility for clearing rights of other persons
|
||||
# that may apply to the Work or any use thereof, including without
|
||||
# limitation any person's Copyright and Related Rights in the Work.
|
||||
# Further, Affirmer disclaims responsibility for obtaining any necessary
|
||||
# consents, permissions or other rights required for any use of the
|
||||
# Work.
|
||||
# d. Affirmer understands and acknowledges that Creative Commons is not a
|
||||
# party to this document and has no duty or obligation with respect to
|
||||
# this CC0 or use of the Work.
|
||||
#---license---
|
Loading…
Reference in a new issue