281 lines
12 KiB
Bash
Executable file
281 lines
12 KiB
Bash
Executable file
#!/bin/bash
|
|
#---help---
|
|
# Usage:
|
|
# gen-ffice-key
|
|
# gen-ffice-key [-h|--help]
|
|
#
|
|
# Generate a GPG key pair for Hackspace Jena e.V.'s office email addresses
|
|
#
|
|
# Options:
|
|
#
|
|
# -h --help Show this message and exit
|
|
#
|
|
# Description:
|
|
#
|
|
# gen-office-key generates a GPG key pair for the three Hackspace Jena e.V.
|
|
# office email addresses
|
|
#
|
|
# office@hackspace-jena.de ,
|
|
# office@krautspace.de , and
|
|
# office@kraut.space
|
|
#
|
|
# under the user id 'Hackspace Jena e.V. Büro ($year)', for the current year
|
|
# ($year). The script generates a 4096-bit RSA key pair for signing,
|
|
# encryption, and authentication. The key expires on January 31st of the
|
|
# following year and the a new key should be generated every Janurary.
|
|
#
|
|
# The scripts exports two files. 'office_key_$year.pub.asc' with the ASCII
|
|
# armored public key, and 'office_key_$year.asc' with both keys in ASCII
|
|
# armored form. If either file exists, the script reports and error and exists
|
|
# without doing anyting.
|
|
#
|
|
# Notes:
|
|
#
|
|
# This script has no arguments or options (except for -h) so that the user
|
|
# does not have to think. You run it in January once every year, upload the
|
|
# key to the appropriate places, and that is it.
|
|
#
|
|
# If circumstances change in the future, rather than add options to this
|
|
# script, adapt it.
|
|
#
|
|
# License:
|
|
#
|
|
# 2019 Philipp Matthias Schäfer <philipp.matthias.schaefer@posteo.de>
|
|
#
|
|
# To the extent possible under law, the author has dedicated all copyright and
|
|
# related and neighboring rights to this software to the public domain
|
|
# worldwide. This software is distributed without any warranty.
|
|
#
|
|
# You can find a copy of the CC0 Public Domain Dedication at the end of source
|
|
# of this script and under <http://creativecommons.org/publicdomain/zero/1.0/>.
|
|
#---help---
|
|
|
|
# This script exports environment variables and changes the file mode creation
|
|
# mask
|
|
if [[ "${BASH_SOURCE[0]}" != "${0}" ]]; then
|
|
echo "Error: ${BASH_SOURCE[0]} must not be sourced"
|
|
return 1
|
|
fi
|
|
|
|
set -eu
|
|
|
|
if [ $# -gt 0 ]; then
|
|
# Print the help message enclosed between the two lines containing
|
|
# '#---help---'
|
|
sed -n '/^#---help---/,/^#---help---/p;' "$0" \
|
|
| sed -E 's/^# ?//;1d;$d;'
|
|
|
|
# If -h or --help was passed, the user wanted to see the help message,
|
|
# otherwise, we showed it due to an erroneous invocation.
|
|
case "$1" in
|
|
-h | --help) exit 0;;
|
|
*) exit 1;;
|
|
esac
|
|
fi
|
|
|
|
# Determine the current year
|
|
year=$(date +%Y)
|
|
# The next year
|
|
next_year=$((year+1))
|
|
# And from that the expiration date of new key
|
|
expiration_date="$next_year-01-31"
|
|
|
|
# Derive the output file names from the current year
|
|
public_key_file="office_key_$year.pub.asc"
|
|
secret_key_file="office_key_$year.asc"
|
|
|
|
# Ensure that the files do not exist
|
|
die_if_exists() {
|
|
if [ -f "$1" ]; then
|
|
echo "Error: File $1 already exists"
|
|
exit 1
|
|
fi
|
|
}
|
|
die_if_exists "$public_key_file"
|
|
die_if_exists "$secret_key_file"
|
|
|
|
# Warn when it is not January
|
|
if [ "01" -ne "$(date +%m)" ]; then
|
|
echo "Warning: This script should have been run in January."
|
|
fi
|
|
|
|
# Create temporary directory as our working directory
|
|
work_directory=$(mktemp -d)
|
|
# Ensure that it gets deleted when this script exists (for whatever reason)
|
|
trap "rm -rf '$work_directory'" EXIT HUP INT TERM
|
|
|
|
# Make GPG use the work directory
|
|
export GNUPGHOME="$work_directory"
|
|
|
|
# Create key generation configuration with first uid
|
|
# https://www.gnupg.org/documentation/manuals/gnupg/Unattended-GPG-key-generation.html
|
|
cat > "$work_directory/configuration" << EOF
|
|
%no-protection
|
|
Key-Type: RSA
|
|
Key-Length: 4096
|
|
Key-Usage: encrypt,sign,auth
|
|
Name-Real: Hackspace Jena e.V. Büro ($year)
|
|
Name-Email: office@hackspace-jena.de
|
|
Expire-Date: $expiration_date
|
|
%commit
|
|
EOF
|
|
|
|
echo -n "Generating..."
|
|
|
|
# Generate key
|
|
gpg --quiet --batch --no-tty --gen-key "$work_directory/configuration" \
|
|
2>&1 >/dev/null \
|
|
| grep -v "marked as ultimately trusted" 1>&2 \
|
|
|| echo -n '' # Because grep exits with 1
|
|
|
|
# Determine keyid of the new key
|
|
keyid=$(gpg --quiet --no-tty --list-secret-keys --with-colons 2>/dev/null \
|
|
| awk -F: '/^sec:/ { print $5 }')
|
|
|
|
# Add two additional uids
|
|
gpg --quick-add-uid "$keyid" \
|
|
"Hackspace Jena e.V. Büro ($year) <office@krautspace.de>"
|
|
gpg --quick-add-uid "$keyid" \
|
|
"Hackspace Jena e.V. Büro ($year) <office@kraut.space>"
|
|
|
|
# Export public key
|
|
gpg --batch --yes --no-tty --armor \
|
|
--output "$public_key_file" --export "$keyid"
|
|
|
|
# Store old umask
|
|
old_umask=$(umask)
|
|
# Ensure secret key is only readable by the current user
|
|
umask 0077
|
|
# Export secret key
|
|
gpg --batch --yes --no-tty --armor \
|
|
--output "$secret_key_file" --export-secret-keys "$keyid"
|
|
|
|
echo -e "\rGenerated key pair:"
|
|
gpg --list-keys | grep -v "$work_directory"
|
|
|
|
echo "Public Key: $public_key_file"
|
|
echo "Secret Key: $secret_key_file"
|
|
|
|
#---license---
|
|
# Creative Commons Legal Code
|
|
#
|
|
# CC0 1.0 Universal
|
|
#
|
|
# CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE
|
|
# LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN
|
|
# ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS
|
|
# INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES
|
|
# REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS
|
|
# PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM
|
|
# THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED
|
|
# HEREUNDER.
|
|
#
|
|
# Statement of Purpose
|
|
#
|
|
# The laws of most jurisdictions throughout the world automatically confer
|
|
# exclusive Copyright and Related Rights (defined below) upon the creator
|
|
# and subsequent owner(s) (each and all, an "owner") of an original work of
|
|
# authorship and/or a database (each, a "Work").
|
|
#
|
|
# Certain owners wish to permanently relinquish those rights to a Work for
|
|
# the purpose of contributing to a commons of creative, cultural and
|
|
# scientific works ("Commons") that the public can reliably and without fear
|
|
# of later claims of infringement build upon, modify, incorporate in other
|
|
# works, reuse and redistribute as freely as possible in any form whatsoever
|
|
# and for any purposes, including without limitation commercial purposes.
|
|
# These owners may contribute to the Commons to promote the ideal of a free
|
|
# culture and the further production of creative, cultural and scientific
|
|
# works, or to gain reputation or greater distribution for their Work in
|
|
# part through the use and efforts of others.
|
|
#
|
|
# For these and/or other purposes and motivations, and without any
|
|
# expectation of additional consideration or compensation, the person
|
|
# associating CC0 with a Work (the "Affirmer"), to the extent that he or she
|
|
# is an owner of Copyright and Related Rights in the Work, voluntarily
|
|
# elects to apply CC0 to the Work and publicly distribute the Work under its
|
|
# terms, with knowledge of his or her Copyright and Related Rights in the
|
|
# Work and the meaning and intended legal effect of CC0 on those rights.
|
|
#
|
|
# 1. Copyright and Related Rights. A Work made available under CC0 may be
|
|
# protected by copyright and related or neighboring rights ("Copyright and
|
|
# Related Rights"). Copyright and Related Rights include, but are not
|
|
# limited to, the following:
|
|
#
|
|
# i. the right to reproduce, adapt, distribute, perform, display,
|
|
# communicate, and translate a Work;
|
|
# ii. moral rights retained by the original author(s) and/or performer(s);
|
|
# iii. publicity and privacy rights pertaining to a person's image or
|
|
# likeness depicted in a Work;
|
|
# iv. rights protecting against unfair competition in regards to a Work,
|
|
# subject to the limitations in paragraph 4(a), below;
|
|
# v. rights protecting the extraction, dissemination, use and reuse of data
|
|
# in a Work;
|
|
# vi. database rights (such as those arising under Directive 96/9/EC of the
|
|
# European Parliament and of the Council of 11 March 1996 on the legal
|
|
# protection of databases, and under any national implementation
|
|
# thereof, including any amended or successor version of such
|
|
# directive); and
|
|
# vii. other similar, equivalent or corresponding rights throughout the
|
|
# world based on applicable law or treaty, and any national
|
|
# implementations thereof.
|
|
#
|
|
# 2. Waiver. To the greatest extent permitted by, but not in contravention
|
|
# of, applicable law, Affirmer hereby overtly, fully, permanently,
|
|
# irrevocably and unconditionally waives, abandons, and surrenders all of
|
|
# Affirmer's Copyright and Related Rights and associated claims and causes
|
|
# of action, whether now known or unknown (including existing as well as
|
|
# future claims and causes of action), in the Work (i) in all territories
|
|
# worldwide, (ii) for the maximum duration provided by applicable law or
|
|
# treaty (including future time extensions), (iii) in any current or future
|
|
# medium and for any number of copies, and (iv) for any purpose whatsoever,
|
|
# including without limitation commercial, advertising or promotional
|
|
# purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each
|
|
# member of the public at large and to the detriment of Affirmer's heirs and
|
|
# successors, fully intending that such Waiver shall not be subject to
|
|
# revocation, rescission, cancellation, termination, or any other legal or
|
|
# equitable action to disrupt the quiet enjoyment of the Work by the public
|
|
# as contemplated by Affirmer's express Statement of Purpose.
|
|
#
|
|
# 3. Public License Fallback. Should any part of the Waiver for any reason
|
|
# be judged legally invalid or ineffective under applicable law, then the
|
|
# Waiver shall be preserved to the maximum extent permitted taking into
|
|
# account Affirmer's express Statement of Purpose. In addition, to the
|
|
# extent the Waiver is so judged Affirmer hereby grants to each affected
|
|
# person a royalty-free, non transferable, non sublicensable, non exclusive,
|
|
# irrevocable and unconditional license to exercise Affirmer's Copyright and
|
|
# Related Rights in the Work (i) in all territories worldwide, (ii) for the
|
|
# maximum duration provided by applicable law or treaty (including future
|
|
# time extensions), (iii) in any current or future medium and for any number
|
|
# of copies, and (iv) for any purpose whatsoever, including without
|
|
# limitation commercial, advertising or promotional purposes (the
|
|
# "License"). The License shall be deemed effective as of the date CC0 was
|
|
# applied by Affirmer to the Work. Should any part of the License for any
|
|
# reason be judged legally invalid or ineffective under applicable law, such
|
|
# partial invalidity or ineffectiveness shall not invalidate the remainder
|
|
# of the License, and in such case Affirmer hereby affirms that he or she
|
|
# will not (i) exercise any of his or her remaining Copyright and Related
|
|
# Rights in the Work or (ii) assert any associated claims and causes of
|
|
# action with respect to the Work, in either case contrary to Affirmer's
|
|
# express Statement of Purpose.
|
|
#
|
|
# 4. Limitations and Disclaimers.
|
|
#
|
|
# a. No trademark or patent rights held by Affirmer are waived, abandoned,
|
|
# surrendered, licensed or otherwise affected by this document.
|
|
# b. Affirmer offers the Work as-is and makes no representations or
|
|
# warranties of any kind concerning the Work, express, implied,
|
|
# statutory or otherwise, including without limitation warranties of
|
|
# title, merchantability, fitness for a particular purpose, non
|
|
# infringement, or the absence of latent or other defects, accuracy, or
|
|
# the present or absence of errors, whether or not discoverable, all to
|
|
# the greatest extent permissible under applicable law.
|
|
# c. Affirmer disclaims responsibility for clearing rights of other persons
|
|
# that may apply to the Work or any use thereof, including without
|
|
# limitation any person's Copyright and Related Rights in the Work.
|
|
# Further, Affirmer disclaims responsibility for obtaining any necessary
|
|
# consents, permissions or other rights required for any use of the
|
|
# Work.
|
|
# d. Affirmer understands and acknowledges that Creative Commons is not a
|
|
# party to this document and has no duty or obligation with respect to
|
|
# this CC0 or use of the Work.
|
|
#---license---
|