Merge lp:~timrchavez/ubuntu-system-image/server-add-key-generation-script into lp:ubuntu-system-image/server

Proposed by Timothy R. Chavez on 2014-02-14
Status: Merged
Merged at revision: 215
Proposed branch: lp:~timrchavez/ubuntu-system-image/server-add-key-generation-script
Merge into: lp:ubuntu-system-image/server
Diff against target: 64 lines (+60/-0)
1 file modified
bin/generate-keys (+60/-0)
To merge this branch: bzr merge lp:~timrchavez/ubuntu-system-image/server-add-key-generation-script
Reviewer Review Type Date Requested Status
Ubuntu System Image team 2014-02-14 Pending
Review via email: mp+206323@code.launchpad.net

Description of the change

Add a script to generate all of the keys. Users must provide an e-mail address and a prefix to be included in the name of each key via some command line parameters. The master keys will not expire while the signing keys will be set to expire two years from their creation date as per the recommendation of Stéphane. Once keys are generated with ./bin/generate-keys, ./bin/generate-keyrings can be called.

To post a comment you must log in.
212. By Timothy R. Chavez on 2014-02-17

Revert accidental removal of the secret/ssh/ directory.

213. By Timothy R. Chavez on 2014-02-17

Remove crufty import of datetime and make some other small cosmetic changes.

Stéphane Graber (stgraber) wrote :

You forgot a line break at line 35, but besides that (which I just fixed inline), looks good. merged.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== added file 'bin/generate-keys'
2--- bin/generate-keys 1970-01-01 00:00:00 +0000
3+++ bin/generate-keys 2014-02-17 14:17:27 +0000
4@@ -0,0 +1,60 @@
5+#!/usr/bin/python
6+# -*- coding: utf-8 -*-
7+#
8+# Copyright (C) 2014 Canonical Ltd.
9+# Author: Timothy Chavez <timothy.chavez@canonical.com>
10+#
11+# This program is free software: you can redistribute it and/or modify
12+# it under the terms of the GNU General Public License as published by
13+# the Free Software Foundation; version 3 of the License.
14+#
15+# This program is distributed in the hope that it will be useful,
16+# but WITHOUT ANY WARRANTY; without even the implied warranty of
17+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18+# GNU General Public License for more details.
19+#
20+# You should have received a copy of the GNU General Public License
21+# along with this program. If not, see <http://www.gnu.org/licenses/>.
22+
23+import argparse
24+import os
25+import sys
26+
27+sys.path.insert(0, 'lib')
28+from systemimage import config
29+from systemimage.gpg import generate_signing_key
30+
31+
32+KEYS = {
33+ "archive-master": ("{0} Archive Master key", 0),
34+ "image-master": ("{0} Image Master key", 0),
35+ "device-signing": ("{0} Device Signing key", "2y"),
36+ "image-signing": ("{0} Image Signing key", "2y")
37+}
38+
39+def main():
40+ parser = argparse.ArgumentParser(description='Generate signing keya.')
41+ parser.add_argument("--email", dest="email", required=True,
42+ help="An email address to associate with the keys")
43+ parser.add_argument("--prefix", dest="prefix", required=True,
44+ help="A prefix to include in the key name")
45+ args = parser.parse_args()
46+
47+ conf = config.Config()
48+
49+ print("I: Generating signing keys...")
50+
51+ for key_id, (key_name, key_expiry) in KEYS.iteritems():
52+ key_path = os.path.join(conf.gpg_key_path, key_id)
53+ if os.path.exists(key_path):
54+ print("W: The key \"{0}\" already exists".format(key_id))
55+ continue
56+ os.makedirs(key_path)
57+ generate_signing_key(
58+ key_path, key_name.format(args.prefix), args.email, key_expiry)
59+
60+ print("I: Done")
61+
62+
63+if __name__ == "__main__":
64+ main()

Subscribers

People subscribed via source and target branches