create-user-key-store.sh: support gpg 2.x used to generate rpm signing key

Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
author: Jia Zhang <lans.zhang2008@gmail.com> 2017-08-20 15:06:22 +0800
committer: Jia Zhang <lans.zhang2008@gmail.com> 2017-08-20 15:06:22 +0800
commit: cbdefad44c474bd8a6c987442ccc0d6d11234c68 (patch)
tree: 3c5df8d8f1f8097f559b9cf18621631258c281b1
parent: 038aa54bc28fa4c4c19a711596260eb8bb8576be (diff)
download: meta-secure-core-cbdefad44c474bd8a6c987442ccc0d6d11234c68.tar.gz
1 files changed, 26 insertions, 18 deletions
diff --git a/meta-signing-key/scripts/create-user-key-store.sh b/meta-signing-key/scripts/create-user-key-store.sh
index 85d6965..12da2e7 100755
--- a/meta-signing-key/scripts/create-user-key-store.sh
+++ b/meta-signing-key/scripts/create-user-key-store.sh
@@ -188,21 +188,28 @@ create_ima_user_key() {
 create_rpm_user_key() {
    local gpg_ver=`gpg --version | head -1 | awk '{ print $3 }' | awk -F. '{ print $1 }'`
-    if [ x"$gpg_ver" != x"1" ]; then
-        echo "gpg version 2 is not supported"
-        exit 1
-    fi
    local key_dir="$RPM_KEYS_DIR"
-    [ ! -d "$key_dir" ] && mkdir -p "$key_dir"
+    [ ! -d "$key_dir" ] && mkdir -m 0700 -p "$key_dir"
    local gpg_key_name="SecureCore"
    local priv_key="$key_dir/RPM-GPG-PRIVKEY-$gpg_key_name"
    local pub_key="$key_dir/RPM-GPG-KEY-$gpg_key_name"
-    cat >"$key_dir/gen_rpm_keyring" <<EOF
+    if [ "$gpg_ver" == "2" ]; then
+        gpg --homedir "$key_dir" --quick-generate-key --batch \
+            "$gpg_key_name" default default never
+        gpg --homedir "$key_dir" --export --armor "$gpg_key_name" > "$pub_key"
+        gpg --homedir "$key_dir" --export-secret-keys --armor "$gpg_key_name" > "$priv_key"
+        cd "$key_dir"
+        rm -rf openpgp-revocs.d private-keys-v1.d pubring.kbx* \
+            trustdb.gpg
+        cd -
+    else
+        cat >"$key_dir/gen_rpm_keyring" <<EOF
 Key-Type: RSA
 Key-Length: 2048
 Name-Real: $gpg_key_name
@@ -215,22 +222,23 @@ Expire-Date: 0
 %echo RPM keyring $gpg_key_name created
 EOF
-    gpg --batch --gen-key "$key_dir/gen_rpm_keyring"
+        gpg --batch --gen-key "$key_dir/gen_rpm_keyring"
-    gpg="gpg --no-default-keyring --secret-keyring \
+        gpg="gpg --no-default-keyring --secret-keyring \
-        $priv_key.sec --keyring $pub_key.pub"
+            $priv_key.sec --keyring $pub_key.pub"
-    $gpg --list-secret-keys
+        $gpg --list-secret-keys
-    print_error "Please type passwd to modify the passphrase, and type quit to exit"
+        print_error "Please type passwd to modify the passphrase, and type quit to exit"
-    $gpg --edit-key "$gpg_key_name"
+        $gpg --edit-key "$gpg_key_name"
-    $gpg --export --armor "$gpg_key_name" > "$pub_key"
+        $gpg --export --armor "$gpg_key_name" > "$pub_key"
-    $gpg --export-secret-keys --armor "$gpg_key_name" > "$priv_key"
+        $gpg --export-secret-keys --armor "$gpg_key_name" > "$priv_key"
-    rm -f "$key_dir/gen_rpm_keyring"
+        rm -f "$key_dir/gen_rpm_keyring"
-    rm -f "$priv_key.sec" "$pub_key.pub"
+        rm -f "$priv_key.sec" "$pub_key.pub"
+    fi
 }
 create_user_keys() {
author	Jia Zhang <lans.zhang2008@gmail.com>	2017-08-20 15:06:22 +0800
committer	Jia Zhang <lans.zhang2008@gmail.com>	2017-08-20 15:06:22 +0800
commit	cbdefad44c474bd8a6c987442ccc0d6d11234c68 (patch)
tree	3c5df8d8f1f8097f559b9cf18621631258c281b1
parent	038aa54bc28fa4c4c19a711596260eb8bb8576be (diff)
download	meta-secure-core-cbdefad44c474bd8a6c987442ccc0d6d11234c68.tar.gz