From 1a3442e26926198fc3b07b4682d6d6d2ead7099b Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Wed, 25 Mar 2020 23:47:47 +0100 Subject: [PATCH] Add GPG encryption of old plomlombot logs. --- buster/apt-mark/website | 2 ++ buster/setup_scripts/setup_website.sh | 24 ++++++++++++++++++++++-- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/buster/apt-mark/website b/buster/apt-mark/website index a309575..c046f50 100644 --- a/buster/apt-mark/website +++ b/buster/apt-mark/website @@ -2,5 +2,7 @@ gitweb fcgiwrap # for plomlombot +gnupg +dirmngr python3-venv screen diff --git a/buster/setup_scripts/setup_website.sh b/buster/setup_scripts/setup_website.sh index 6288a27..2eabead 100755 --- a/buster/setup_scripts/setup_website.sh +++ b/buster/setup_scripts/setup_website.sh @@ -3,13 +3,14 @@ set -e set -x # Heavily inspired by -if [ "$#" -ne 3 ]; then - echo 'Need domain name and mail and old server IP as argument.' +if [ "$#" -ne 4 ]; then + echo 'Need domain name and mail and old server IP and key ID as argument.' false fi domain="$1" mail="$2" old_server="$3" +gpg_key="$4" # Install configs, set up firewall. config_tree_prefix="${HOME}/config/buster" @@ -46,6 +47,25 @@ su -lc "cd /var/repos && git clone --mirror ${old_server}:repos/website" plom cp "${config_tree_prefix}/other_files/website_hook_post-receive" /var/repos/website.git/hooks/post-receive su -lc 'cd /var/www && git clone /var/repos/website.git .' plom +# Add encryption key. +keyservers='sks-keyservers.net/ keys.gnupg.net' +set +e +while true; do + do_break=0 + for keyserver in $(echo "${keyservers}"); do + su plom -c "gpg --no-tty --keyserver $keyserver --recv-key ${gpg_key}" + if [ $? -eq "0" ]; then + do_break=1 + break + fi + echo "Attempt with keyserver ${keyserver} unsuccessful, trying other." + done + if [ "${do_break}" -eq "1" ]; then + break + fi +done +set -e + # Set up plomlombot. irclogs_dir=/var/www/html/irclogs irclogs_pw_dir=/var/www/irclogs_pw -- 2.30.2