3 # rhesus: monkeysphere authorized_keys update script
6 # Jameson Rollins <jrollins@fifthhorseman.net>
8 # Copyright 2008, released under the GPL, version 3 or later
10 ##################################################
12 #. /etc/monkeysphere/monkeysphere.conf
13 . ~/ms/monkeysphere.conf
15 # user name of user to update
18 #AUTH_KEYS_DIR_BASE=/var/lib/monkeysphere/authorized_keys/
19 AUTH_KEYS_DIR_BASE=~/ms/authorized_keys
21 AUTH_KEYS_DIR="$AUTH_KEYS_DIR_BASE"/"$USERNAME"
22 AUTH_KEYS_FILE="$AUTH_KEYS_DIR"/authorized_keys
24 AUTH_USER_IDS="$AUTH_USER_IDS_DIR"/"$USERNAME"
27 ##################################################
37 grep -v -e "^[[:space:]]*#" -e '^$' "$1"
41 head --line="$1" | tail -1
46 # make sure the gnupg home exists with proper permissions
48 chmod 0700 "$GNUPGHOME"
50 # find number of user ids in auth_user_ids file
51 NLINES=$(meat "$AUTH_USER_IDS" | wc -l)
53 # clean out keys file and remake keys directory
54 rm -rf "$AUTH_KEYS_DIR"/keys
55 mkdir -p "$AUTH_KEYS_DIR"/keys
57 # loop through all user ids, and generate ssh keys
58 for (( N=1; N<=$NLINES; N=N+1 )) ; do
60 USERID=$(meat "$AUTH_USER_IDS" | head --line="$N" | tail -1)
61 USERID_HASH=$(echo "$USERID" | sha1sum | awk '{ print $1 }')
63 # get key id from user id
64 #KEYID=$(gpguser2key "$USERID")
67 echo "Receiving keys for: $USERID ($KEYID)..."
69 # is primary key revoked && kill
70 # for all associated keys (primary and sub)
73 # - signed by trusted user
76 # Receive keys into key ring
77 if gpg --recv-keys --keyserver "$KEYSERVER" "$KEYID" ; then
78 # convert pgp key to ssh key, and write to cache file
79 KEYFILE="$AUTH_KEYS_DIR"/keys/"$USERID_HASH"
80 gpgkey2ssh "$KEYID" | sed -e "s/COMMENT/$USERID/" > "$KEYFILE"
84 echo "Writing authorized_keys file '$AUTH_KEYS_FILE'..."
85 cat "$AUTH_KEYS_DIR"/keys/* > "$AUTH_KEYS_FILE" || > "$AUTH_KEYS_FILE"
86 if [ -s ~"$USERNAME"/.ssh/authorized_keys ] ; then
87 cat ~"$USERNAME"/.ssh/authorized_keys >> "$AUTH_KEYS_FILE"