heads/initrd/bin/key-init

#!/bin/bash
set -e -o pipefail
. /etc/functions
. /etc/gui_functions

TRACE_FUNC

# Post processing of keys

# Good system clock is required for GPG to work properly.
# if system year is less then 2024, prompt user to set correct time
if [ "$(date +%Y)" -lt 2024 ]; then
    if whiptail_warning --title "System Time Incorrect" \
        --yesno "The system time is incorrect. Please set the correct time." \
        0 80 --yes-button Continue --no-button Skip --clear; then
        change-time.sh
    fi
fi

# Import user's keys if they exist
if [ -d /.gnupg/keys ]; then
    # This is legacy location for user's keys. cbfs-init takes for granted that keyring and trustdb are in /.gnupg
    #  oem-factory-reset generates keyring and trustdb which cbfs-init dumps to /.gnupg
    # TODO: Remove individual key imports. This is still valid for distro keys only below.
    gpg --import /.gnupg/keys/*.key  /.gnupg/keys/*.asc 2>/dev/null || warn "Importing user's keys failed"
fi

# Import trusted distro keys allowed for ISO signing
gpg --homedir=/etc/distro/ --import /etc/distro/keys/* 2>/dev/null || warn "Importing distro keys failed"
#Set distro keys trust level to ultimate (trust anything that was signed with these keys)
gpg --homedir=/etc/distro/ --list-keys --fingerprint --with-colons|sed -E -n -e 's/^fpr:::::::::([0-9A-F]+):$/\1:6:/p' |gpg --homedir=/etc/distro/ --import-ownertrust 2>/dev/null || warn "Setting distro keys ultimate trust failed"
gpg --homedir=/etc/distro/ --update-trust 2>/dev/null || warn "Updating distro keys trust failed"

# Add user's keys to the list of trusted keys for ISO signing
gpg --export | gpg --homedir=/etc/distro/ --import 2>/dev/null || warn "Adding user's keys to distro keys failed"
Add dual support for real bash and busybox's bash(ash) - modify bash to have it configured with -Os 2023-02-08 16:01:48 -05:00			`#!/bin/bash`
Read and measure an EFI file into initrd during init 2018-04-29 19:58:44 -07:00			`set -e -o pipefail`
			`. /etc/functions`
key-init: If time resets, tell user to set it, but allow skipping The 'warn' message was not very effective, because change-time.sh clears the screen right after. Prompt with whiptail instead, which also lets the user know what's happening before we drop them into a series of prompts. Let the user skip changing time if they really want to. While they usually should set the time, it's rather frustrating if Heads forces them to go through these prompts when they don't want to. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm> Signed-off-by: Thierry Laurion <insurgo@riseup.net> 2024-09-06 08:44:11 -04:00			`. /etc/gui_functions`
Read and measure an EFI file into initrd during init 2018-04-29 19:58:44 -07:00
all scripts: replace TRACE manual strings with dynamic tracing by bash debug Exception: scripts sourcing/calls within etc/ash_functions continues to use old TRACE functions until we switch to bash completely getting rid of ash. This would mean getting rid of legacy boards (flash + legacy boards which do not have enough space for bash in flash boards) once and for all. Signed-off-by: Thierry Laurion <insurgo@riseup.net> 2024-02-01 14:30:31 -05:00			`TRACE_FUNC`
All scripts and functions: Add DEBUG calling trace on console when CONFIG_DEBUG_OUTPUT is exported in board config -qemu-coreboot-*whiptail-tpm1(-hotp) boards have 'export CONFIG_DEBUG_OUTPUT=y' by default now 2023-02-18 12:58:43 -05:00
Read and measure an EFI file into initrd during init 2018-04-29 19:58:44 -07:00			`# Post processing of keys`
Separate trusted ISO signers from trusted config signers 2018-05-17 19:52:11 -07:00
key-init: force user to change time if <2024, give warnings on errors Signed-off-by: Thierry Laurion <insurgo@riseup.net> 2024-09-03 14:28:45 -04:00			`# Good system clock is required for GPG to work properly.`
			`# if system year is less then 2024, prompt user to set correct time`
			`if [ "$(date +%Y)" -lt 2024 ]; then`
key-init: If time resets, tell user to set it, but allow skipping The 'warn' message was not very effective, because change-time.sh clears the screen right after. Prompt with whiptail instead, which also lets the user know what's happening before we drop them into a series of prompts. Let the user skip changing time if they really want to. While they usually should set the time, it's rather frustrating if Heads forces them to go through these prompts when they don't want to. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm> Signed-off-by: Thierry Laurion <insurgo@riseup.net> 2024-09-06 08:44:11 -04:00			`if whiptail_warning --title "System Time Incorrect" \`
			`--yesno "The system time is incorrect. Please set the correct time." \`
			`0 80 --yes-button Continue --no-button Skip --clear; then`
			`change-time.sh`
			`fi`
key-init: force user to change time if <2024, give warnings on errors Signed-off-by: Thierry Laurion <insurgo@riseup.net> 2024-09-03 14:28:45 -04:00			`fi`

key-init: only attempt to import individual user keys if legacy dir exists, skip otherwise Signed-off-by: Thierry Laurion <insurgo@riseup.net> 2024-09-03 14:49:42 -04:00			`# Import user's keys if they exist`
			`if [ -d /.gnupg/keys ]; then`
			`# This is legacy location for user's keys. cbfs-init takes for granted that keyring and trustdb are in /.gnupg`
			`# oem-factory-reset generates keyring and trustdb which cbfs-init dumps to /.gnupg`
			`# TODO: Remove individual key imports. This is still valid for distro keys only below.`
			`gpg --import /.gnupg/keys/.key /.gnupg/keys/.asc 2>/dev/null \|\| warn "Importing user's keys failed"`
			`fi`
Read and measure an EFI file into initrd during init 2018-04-29 19:58:44 -07:00
Separate trusted ISO signers from trusted config signers 2018-05-17 19:52:11 -07:00			`# Import trusted distro keys allowed for ISO signing`
key-init: force user to change time if <2024, give warnings on errors Signed-off-by: Thierry Laurion <insurgo@riseup.net> 2024-09-03 14:28:45 -04:00			`gpg --homedir=/etc/distro/ --import /etc/distro/keys/* 2>/dev/null \|\| warn "Importing distro keys failed"`
properly deal with trusting keys to supress UX confusion about trusted keys key-init makes sure trustdb is updated at run time and user and distro keys are ultimately trusted. Each time a file is signed, the related public key is showed without error on it's trustability. flash-gui deals with gpg1 to gpg2 migration. If pubring.kbx is found, pubring.gpg is deleted from running rom dump. 2019-02-08 12:38:38 -05:00			`#Set distro keys trust level to ultimate (trust anything that was signed with these keys)`
key-init: force user to change time if <2024, give warnings on errors Signed-off-by: Thierry Laurion <insurgo@riseup.net> 2024-09-03 14:28:45 -04:00			`gpg --homedir=/etc/distro/ --list-keys --fingerprint --with-colons\|sed -E -n -e 's/^fpr:::::::::([0-9A-F]+):$/\1:6:/p' \|gpg --homedir=/etc/distro/ --import-ownertrust 2>/dev/null \|\| warn "Setting distro keys ultimate trust failed"`
			`gpg --homedir=/etc/distro/ --update-trust 2>/dev/null \|\| warn "Updating distro keys trust failed"`
properly deal with trusting keys to supress UX confusion about trusted keys key-init makes sure trustdb is updated at run time and user and distro keys are ultimately trusted. Each time a file is signed, the related public key is showed without error on it's trustability. flash-gui deals with gpg1 to gpg2 migration. If pubring.kbx is found, pubring.gpg is deleted from running rom dump. 2019-02-08 12:38:38 -05:00
Separate trusted ISO signers from trusted config signers 2018-05-17 19:52:11 -07:00			`# Add user's keys to the list of trusted keys for ISO signing`
key-init: force user to change time if <2024, give warnings on errors Signed-off-by: Thierry Laurion <insurgo@riseup.net> 2024-09-03 14:28:45 -04:00			`gpg --export \| gpg --homedir=/etc/distro/ --import 2>/dev/null \|\| warn "Adding user's keys to distro keys failed"`