From 4a676cd301ef96ab556a5abb35771760060fb5f3 Mon Sep 17 00:00:00 2001
From: Lans Zhang <jia.zhang@windriver.com>
Date: Fri, 11 Aug 2017 16:39:22 +0800
Subject: create-user-key-store.sh: gpg key creation updates

- code style fixup
- remove gen_rpm_keyring script
- check gpg version

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
---
 meta-signing-key/scripts/create-user-key-store.sh | 46 +++++++++++++++++------
 meta-signing-key/scripts/gen_rpm_keyring          |  8 ----
 2 files changed, 34 insertions(+), 20 deletions(-)
 delete mode 100644 meta-signing-key/scripts/gen_rpm_keyring

diff --git a/meta-signing-key/scripts/create-user-key-store.sh b/meta-signing-key/scripts/create-user-key-store.sh
index e5f754a..85d6965 100755
--- a/meta-signing-key/scripts/create-user-key-store.sh
+++ b/meta-signing-key/scripts/create-user-key-store.sh
@@ -187,28 +187,50 @@ create_ima_user_key() {
 }
 
 create_rpm_user_key() {
+    local gpg_ver=`gpg --version | head -1 | awk '{ print $3 }' | awk -F. '{ print $1 }'`
+
+    if [ x"$gpg_ver" != x"1" ]; then
+        echo "gpg version 2 is not supported"
+	exit 1
+    fi
+
     local key_dir="$RPM_KEYS_DIR"
-    local gpg=""
 
     [ ! -d "$key_dir" ] && mkdir -p "$key_dir"
 
-   gpg --batch --gen-key gen_rpm_keyring
+    local gpg_key_name="SecureCore"
+    local priv_key="$key_dir/RPM-GPG-PRIVKEY-$gpg_key_name"
+    local pub_key="$key_dir/RPM-GPG-KEY-$gpg_key_name"
+
+    cat >"$key_dir/gen_rpm_keyring" <<EOF
+Key-Type: RSA
+Key-Length: 2048
+Name-Real: $gpg_key_name
+Name-Comment: RPM Signing Certificate
+Name-Email: $gpg_key_name@foo.com
+Expire-Date: 0
+%pubring $pub_key.pub
+%secring $priv_key.sec
+%commit
+%echo RPM keyring $gpg_key_name created
+EOF
+
+    gpg --batch --gen-key "$key_dir/gen_rpm_keyring"
 
-   gpg="gpg --no-default-keyring --secret-keyring \
-        ./rpm_keyring.sec --keyring ./rpm_keyring.pub"
+    gpg="gpg --no-default-keyring --secret-keyring \
+        $priv_key.sec --keyring $pub_key.pub"
 
-   $gpg --list-secret-keys
+    $gpg --list-secret-keys
 
-   print_error "Please type passwd to modify the passphrase, and type quit to exit"
+    print_error "Please type passwd to modify the passphrase, and type quit to exit"
 
-   $gpg --edit-key "RPM Signing Certificate"
+    $gpg --edit-key "$gpg_key_name"
 
-   $gpg --export --armor "RPM Signing Certificate" \
-       > "$key_dir/RPM-GPG-KEY-SecureCore"
-   $gpg --export-secret-keys --armor "RPM Signing Certificate" \
-       > "$key_dir/RPM-GPG-PRIVKEY-SecureCore"
+    $gpg --export --armor "$gpg_key_name" > "$pub_key"
+    $gpg --export-secret-keys --armor "$gpg_key_name" > "$priv_key"
 
-   rm -f ./rpm_keyring.sec ./rpm_keyring.pub
+    rm -f "$key_dir/gen_rpm_keyring"
+    rm -f "$priv_key.sec" "$pub_key.pub"
 }
 
 create_user_keys() {
diff --git a/meta-signing-key/scripts/gen_rpm_keyring b/meta-signing-key/scripts/gen_rpm_keyring
deleted file mode 100644
index 6b4c74e..0000000
--- a/meta-signing-key/scripts/gen_rpm_keyring
+++ /dev/null
@@ -1,8 +0,0 @@
-Key-Type: RSA
-Key-Length: 2048
-Name-Real: RPM Signing Certificate
-Expire-Date: 0
-%pubring rpm_keyring.pub
-%secring rpm_keyring.sec
-%commit
-%echo RPM keyring created
-- 
cgit v1.2.3-54-g00ecf