From 480ac06686d50f4e9379f4d490cdb81ceda5c796 Mon Sep 17 00:00:00 2001 From: Jon Azpiazu Date: Wed, 30 May 2018 17:03:37 +0200 Subject: [PATCH] Increase gpg key security --- assets/gpg.conf.sh | 8 ++++++++ assets/gpg_batch.sh | 2 +- assets/startup.sh | 8 +++++++- 3 files changed, 16 insertions(+), 2 deletions(-) create mode 100755 assets/gpg.conf.sh diff --git a/assets/gpg.conf.sh b/assets/gpg.conf.sh new file mode 100755 index 0000000..934e2b2 --- /dev/null +++ b/assets/gpg.conf.sh @@ -0,0 +1,8 @@ +#!/bin/bash +mkdir -p ~/.gnupg/ +touch ~/.gnupg/gpg.conf +cat >> ~/.gnupg/gpg.conf < /opt/gpg_batch %echo Generating a GPG key, might take a while Key-Type: RSA -Key-Length: 2048 +Key-Length: 4096 Subkey-Type: ELG-E Subkey-Length: 1024 Name-Real: ${FULL_NAME} diff --git a/assets/startup.sh b/assets/startup.sh index 6aa72fb..8b86c06 100755 --- a/assets/startup.sh +++ b/assets/startup.sh @@ -1,5 +1,9 @@ #! /bin/bash +if [[ ! -f /root/.gnupg/gpg.conf ]]; then + /opt/gpg.conf.sh +fi + # If the repository GPG keypair doesn't exist, create it. if [[ ! -f /opt/aptly/aptly.sec ]] || [[ ! -f /opt/aptly/aptly.pub ]]; then echo "Generating new gpg keys" @@ -8,6 +12,8 @@ if [[ ! -f /opt/aptly/aptly.sec ]] || [[ ! -f /opt/aptly/aptly.pub ]]; then # If your system doesn't have a lot of entropy this may, take a long time # Google how-to create "artificial" entropy if this gets stuck gpg --batch --gen-key /opt/gpg_batch +else + echo "No need to generate new gpg keys" fi # Export the GPG Public key @@ -40,7 +46,7 @@ fi # Aptly looks in /root/.gnupg for default keyrings ln -sf /root/.gnupg/secring.gpg /opt/aptly/aptly.sec -ln -sf /root/.gnupg/pubring.gpg /opt/aptly/aptly.pub +ln -sf /root/.gnupg/pubring.gpg /opt/aptly/aptly.pub # Generate Nginx Config /opt/nginx.conf.sh