blob: ed67c021482f3cfa953542830ef9847214840bc2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
#!/bin/bash
# shellcheck source=../lib/load-configuration
. "${0%/*}/../lib/load-configuration"
# add the gpg key given by fingerprint as parameter
if [ $# -le 2 ]; then
>&2 echo 'usage: owner fingerprint capability capability ...'
exit 1
fi
owner="$1"
shift
owner_id=$(
# shellcheck disable=SC2016
{
printf 'SELECT `persons`.`id`'
printf ' FROM `persons`'
printf ' WHERE `persons`.`name`=from_base64("%s");\n' \
"$(
printf '%s' "${owner}" \
| base64 -w0
)"
} \
| mysql_run_query
)
if [ -z "${owner_id}" ]; then
>&2 printf 'Cannot find person "%s".\n' "${owner}"
exit 1
fi
key_id="$1"
key=$(
gpg -a --export "${key_id}"
)
if [ -z "${key}" ]; then
>&2 printf 'Cannot find key %s.\n' "${key_id}"
exit 1
fi
key_id=$(
printf '%s\n' "${key_id}" \
| base64 -w0
)
key=$(
printf '%s\n' "${key}" \
| base64 -w0
)
shift
capabilities=$(
# shellcheck disable=SC2016
{
printf 'SELECT'
printf ' `email_actions`.`id`'
printf ' FROM `email_actions`'
printf ' WHERE `email_actions`.`name` IN ('
printf '%s\n' "$@" \
| base64_encode_each \
| sed '
s/^.*$/from_base64("\0"),/
$ s/,$//
'
printf ');\n'
} \
| mysql_run_query
)
if [ -z "${capabilities}" ]; then
>&2 echo 'No known capabilities matched any given one:'
>&2 printf '"%s"\n' "$@"
exit 1
fi
# shellcheck disable=SC2016
{
printf 'INSERT IGNORE INTO `gpg_keys`(`owner`,`fingerprint`,`public_key`)'
printf ' VALUES (%s,from_base64("%s"),from_base64("%s"));\n' \
"${owner_id}" \
"${key_id}" \
"${key}"
printf 'INSERT IGNORE INTO `allowed_email_actions`(`gpg_key`,`action`)'
printf ' VALUES '
printf '%s\n' "${capabilities}" \
| sed '
s/^.*$/(LAST_INSERT_ID(),\0),/
$ s/,$//
'
printf ';\n'
} \
| mysql_run_query
|