dokumente/Office/Handbuch/scripts/gen-office-key
2019-03-07 21:57:19 +01:00

281 lines
12 KiB
Bash
Executable file

#!/bin/bash
#---help---
# Usage:
# gen-ffice-key
# gen-ffice-key [-h|--help]
#
# Generate a GPG key pair for Hackspace Jena e.V.'s office email addresses
#
# Options:
#
# -h --help Show this message and exit
#
# Description:
#
# gen-office-key generates a GPG key pair for the three Hackspace Jena e.V.
# office email addresses
#
# office@hackspace-jena.de ,
# office@krautspace.de , and
# office@kraut.space
#
# under the user id 'Hackspace Jena e.V. Büro ($year)', for the current year
# ($year). The script generates a 4096-bit RSA key pair for signing,
# encryption, and authentication. The key expires on January 31st of the
# following year and the a new key should be generated every Janurary.
#
# The scripts exports two files. 'office_key_$year.pub.asc' with the ASCII
# armored public key, and 'office_key_$year.asc' with both keys in ASCII
# armored form. If either file exists, the script reports and error and exists
# without doing anyting.
#
# Notes:
#
# This script has no arguments or options (except for -h) so that the user
# does not have to think. You run it in January once every year, upload the
# key to the appropriate places, and that is it.
#
# If circumstances change in the future, rather than add options to this
# script, adapt it.
#
# License:
#
# 2019 Philipp Matthias Schäfer <philipp.matthias.schaefer@posteo.de>
#
# To the extent possible under law, the author has dedicated all copyright and
# related and neighboring rights to this software to the public domain
# worldwide. This software is distributed without any warranty.
#
# You can find a copy of the CC0 Public Domain Dedication at the end of source
# of this script and under <http://creativecommons.org/publicdomain/zero/1.0/>.
#---help---
# This script exports environment variables and changes the file mode creation
# mask
if [[ "${BASH_SOURCE[0]}" != "${0}" ]]; then
echo "Error: ${BASH_SOURCE[0]} must not be sourced"
return 1
fi
set -eu
if [ $# -gt 0 ]; then
# Print the help message enclosed between the two lines containing
# '#---help---'
sed -n '/^#---help---/,/^#---help---/p;' "$0" \
| sed -E 's/^# ?//;1d;$d;'
# If -h or --help was passed, the user wanted to see the help message,
# otherwise, we showed it due to an erroneous invocation.
case "$1" in
-h | --help) exit 0;;
*) exit 1;;
esac
fi
# Determine the current year
year=$(date +%Y)
# The next year
next_year=$((year+1))
# And from that the expiration date of new key
expiration_date="$next_year-01-31"
# Derive the output file names from the current year
public_key_file="office_key_$year.pub.asc"
secret_key_file="office_key_$year.asc"
# Ensure that the files do not exist
die_if_exists() {
if [ -f "$1" ]; then
echo "Error: File $1 already exists"
exit 1
fi
}
die_if_exists "$public_key_file"
die_if_exists "$secret_key_file"
# Warn when it is not January
if [ "01" -ne "$(date +%m)" ]; then
echo "Warning: This script should have been run in January."
fi
# Create temporary directory as our working directory
work_directory=$(mktemp -d)
# Ensure that it gets deleted when this script exists (for whatever reason)
trap "rm -rf '$work_directory'" EXIT HUP INT TERM
# Make GPG use the work directory
export GNUPGHOME="$work_directory"
# Create key generation configuration with first uid
# https://www.gnupg.org/documentation/manuals/gnupg/Unattended-GPG-key-generation.html
cat > "$work_directory/configuration" << EOF
%no-protection
Key-Type: RSA
Key-Length: 4096
Key-Usage: encrypt,sign,auth
Name-Real: Hackspace Jena e.V. Büro ($year)
Name-Email: office@hackspace-jena.de
Expire-Date: $expiration_date
%commit
EOF
echo -n "Generating..."
# Generate key
gpg --quiet --batch --no-tty --gen-key "$work_directory/configuration" \
2>&1 >/dev/null \
| grep -v "marked as ultimately trusted" 1>&2 \
|| echo -n '' # Because grep exits with 1
# Determine keyid of the new key
keyid=$(gpg --quiet --no-tty --list-secret-keys --with-colons 2>/dev/null \
| awk -F: '/^sec:/ { print $5 }')
# Add two additional uids
gpg --quick-add-uid "$keyid" \
"Hackspace Jena e.V. Büro ($year) <office@krautspace.de>"
gpg --quick-add-uid "$keyid" \
"Hackspace Jena e.V. Büro ($year) <office@kraut.space>"
# Export public key
gpg --batch --yes --no-tty --armor \
--output "$public_key_file" --export "$keyid"
# Store old umask
old_umask=$(umask)
# Ensure secret key is only readable by the current user
umask 0077
# Export secret key
gpg --batch --yes --no-tty --armor \
--output "$secret_key_file" --export-secret-keys "$keyid"
echo -e "\rGenerated key pair:"
gpg --list-keys | grep -v "$work_directory"
echo "Public Key: $public_key_file"
echo "Secret Key: $secret_key_file"
#---license---
# Creative Commons Legal Code
#
# CC0 1.0 Universal
#
# CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE
# LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN
# ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS
# INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES
# REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS
# PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM
# THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED
# HEREUNDER.
#
# Statement of Purpose
#
# The laws of most jurisdictions throughout the world automatically confer
# exclusive Copyright and Related Rights (defined below) upon the creator
# and subsequent owner(s) (each and all, an "owner") of an original work of
# authorship and/or a database (each, a "Work").
#
# Certain owners wish to permanently relinquish those rights to a Work for
# the purpose of contributing to a commons of creative, cultural and
# scientific works ("Commons") that the public can reliably and without fear
# of later claims of infringement build upon, modify, incorporate in other
# works, reuse and redistribute as freely as possible in any form whatsoever
# and for any purposes, including without limitation commercial purposes.
# These owners may contribute to the Commons to promote the ideal of a free
# culture and the further production of creative, cultural and scientific
# works, or to gain reputation or greater distribution for their Work in
# part through the use and efforts of others.
#
# For these and/or other purposes and motivations, and without any
# expectation of additional consideration or compensation, the person
# associating CC0 with a Work (the "Affirmer"), to the extent that he or she
# is an owner of Copyright and Related Rights in the Work, voluntarily
# elects to apply CC0 to the Work and publicly distribute the Work under its
# terms, with knowledge of his or her Copyright and Related Rights in the
# Work and the meaning and intended legal effect of CC0 on those rights.
#
# 1. Copyright and Related Rights. A Work made available under CC0 may be
# protected by copyright and related or neighboring rights ("Copyright and
# Related Rights"). Copyright and Related Rights include, but are not
# limited to, the following:
#
# i. the right to reproduce, adapt, distribute, perform, display,
# communicate, and translate a Work;
# ii. moral rights retained by the original author(s) and/or performer(s);
# iii. publicity and privacy rights pertaining to a person's image or
# likeness depicted in a Work;
# iv. rights protecting against unfair competition in regards to a Work,
# subject to the limitations in paragraph 4(a), below;
# v. rights protecting the extraction, dissemination, use and reuse of data
# in a Work;
# vi. database rights (such as those arising under Directive 96/9/EC of the
# European Parliament and of the Council of 11 March 1996 on the legal
# protection of databases, and under any national implementation
# thereof, including any amended or successor version of such
# directive); and
# vii. other similar, equivalent or corresponding rights throughout the
# world based on applicable law or treaty, and any national
# implementations thereof.
#
# 2. Waiver. To the greatest extent permitted by, but not in contravention
# of, applicable law, Affirmer hereby overtly, fully, permanently,
# irrevocably and unconditionally waives, abandons, and surrenders all of
# Affirmer's Copyright and Related Rights and associated claims and causes
# of action, whether now known or unknown (including existing as well as
# future claims and causes of action), in the Work (i) in all territories
# worldwide, (ii) for the maximum duration provided by applicable law or
# treaty (including future time extensions), (iii) in any current or future
# medium and for any number of copies, and (iv) for any purpose whatsoever,
# including without limitation commercial, advertising or promotional
# purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each
# member of the public at large and to the detriment of Affirmer's heirs and
# successors, fully intending that such Waiver shall not be subject to
# revocation, rescission, cancellation, termination, or any other legal or
# equitable action to disrupt the quiet enjoyment of the Work by the public
# as contemplated by Affirmer's express Statement of Purpose.
#
# 3. Public License Fallback. Should any part of the Waiver for any reason
# be judged legally invalid or ineffective under applicable law, then the
# Waiver shall be preserved to the maximum extent permitted taking into
# account Affirmer's express Statement of Purpose. In addition, to the
# extent the Waiver is so judged Affirmer hereby grants to each affected
# person a royalty-free, non transferable, non sublicensable, non exclusive,
# irrevocable and unconditional license to exercise Affirmer's Copyright and
# Related Rights in the Work (i) in all territories worldwide, (ii) for the
# maximum duration provided by applicable law or treaty (including future
# time extensions), (iii) in any current or future medium and for any number
# of copies, and (iv) for any purpose whatsoever, including without
# limitation commercial, advertising or promotional purposes (the
# "License"). The License shall be deemed effective as of the date CC0 was
# applied by Affirmer to the Work. Should any part of the License for any
# reason be judged legally invalid or ineffective under applicable law, such
# partial invalidity or ineffectiveness shall not invalidate the remainder
# of the License, and in such case Affirmer hereby affirms that he or she
# will not (i) exercise any of his or her remaining Copyright and Related
# Rights in the Work or (ii) assert any associated claims and causes of
# action with respect to the Work, in either case contrary to Affirmer's
# express Statement of Purpose.
#
# 4. Limitations and Disclaimers.
#
# a. No trademark or patent rights held by Affirmer are waived, abandoned,
# surrendered, licensed or otherwise affected by this document.
# b. Affirmer offers the Work as-is and makes no representations or
# warranties of any kind concerning the Work, express, implied,
# statutory or otherwise, including without limitation warranties of
# title, merchantability, fitness for a particular purpose, non
# infringement, or the absence of latent or other defects, accuracy, or
# the present or absence of errors, whether or not discoverable, all to
# the greatest extent permissible under applicable law.
# c. Affirmer disclaims responsibility for clearing rights of other persons
# that may apply to the Work or any use thereof, including without
# limitation any person's Copyright and Related Rights in the Work.
# Further, Affirmer disclaims responsibility for obtaining any necessary
# consents, permissions or other rights required for any use of the
# Work.
# d. Affirmer understands and acknowledges that Creative Commons is not a
# party to this document and has no duty or obligation with respect to
# this CC0 or use of the Work.
#---license---