diff --git a/binhost.sh b/binhost.sh index eae1271..a627783 100755 --- a/binhost.sh +++ b/binhost.sh @@ -92,21 +92,40 @@ init_container() { echo "Running setup..." podman exec "$CONTAINER_NAME" bash -c " mkdir -p /root/.gnupg + chmod 700 /root/.gnupg + + # needed for headless signing echo 'allow-loopback-pinentry' > /root/.gnupg/gpg-agent.conf gpg-connect-agent reloadagent /bye - gpg --batch --import /tmp/signing.key - mkdir -p /etc/portage/gnupg - gpg --export | gpg --homedir /etc/portage/gnupg --import - # really yikes man, i don't know what it's doing - # that it can't read trustdb - chmod 755 /etc/portage/gnupg - chmod 755 /root/.gnupg - find /etc/portage/gnupg -type f -exec chmod 666 {} + - FINGERPRINT=\$(gpg --with-colons --show-keys /tmp/signing.key | awk -F: '/^pub/ { print \$5 }' | head -n1) - echo \"\$FINGERPRINT:6:\" | gpg --homedir /etc/portage/gnupg --import-ownertrust + # import to root + gpg --batch --import /tmp/signing.key + + mkdir -p /etc/portage/gnupg + chmod 700 /etc/portage/gnupg # Keep strict during import operations + + # import to portage + gpg --homedir /etc/portage/gnupg --batch --import /tmp/signing.key + + FINGERPRINT=\$(gpg --with-colons --show-keys /tmp/signing.key | awk -F: '/^fpr:/ { print \$10; exit }') + + if [ -z \"\$FINGERPRINT\" ]; then + echo \"Error: Could not obtain fingerprint\" + exit 1 + fi + + # trust the key in root + echo \"\$FINGERPRINT:6:\" | gpg --batch --import-ownertrust + # trust the key in portage + echo \"\$FINGERPRINT:6:\" | gpg --homedir /etc/portage/gnupg --batch --import-ownertrust gpg --homedir /etc/portage/gnupg --check-trustdb + chmod 700 /root/.gnupg + find /root/.gnupg -type f -exec chmod 600 {} + + + chmod 755 /etc/portage/gnupg + find /etc/portage/gnupg -type f -exec chmod 644 {} + + if [[ ! -d /var/db/repos/gentoo/profiles ]]; then emerge-webrsync -q fi