mirror of
https://github.com/grafana/grafana.git
synced 2024-12-30 10:47:30 -06:00
85 lines
2.2 KiB
Go
85 lines
2.2 KiB
Go
package gpg
|
|
|
|
import (
|
|
"encoding/base64"
|
|
"fmt"
|
|
"log"
|
|
"os"
|
|
|
|
"github.com/grafana/grafana/pkg/build/config"
|
|
)
|
|
|
|
func createTempFile(sfx string) (string, error) {
|
|
f, err := os.CreateTemp("", fmt.Sprintf("*-%s", sfx))
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
if err := f.Close(); err != nil {
|
|
return "", err
|
|
}
|
|
|
|
return f.Name(), nil
|
|
}
|
|
|
|
// LoadGPGKeys loads GPG key pair and password from the environment and writes them to corresponding files.
|
|
//
|
|
// The passed config's GPG fields also get updated. Make sure to call RemoveGPGFiles at application exit.
|
|
func LoadGPGKeys(cfg *config.Config) error {
|
|
var err error
|
|
cfg.GPGPrivateKey, err = createTempFile("priv.key")
|
|
if err != nil {
|
|
return err
|
|
}
|
|
cfg.GPGPublicKey, err = createTempFile("pub.key")
|
|
if err != nil {
|
|
return err
|
|
}
|
|
cfg.GPGPassPath, err = createTempFile("")
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
gpgPrivKey := os.Getenv("GPG_PRIV_KEY")
|
|
if gpgPrivKey == "" {
|
|
return fmt.Errorf("$GPG_PRIV_KEY must be defined")
|
|
}
|
|
gpgPubKey := os.Getenv("GPG_PUB_KEY")
|
|
if gpgPubKey == "" {
|
|
return fmt.Errorf("$GPG_PUB_KEY must be defined")
|
|
}
|
|
gpgPass := os.Getenv("GPG_KEY_PASSWORD")
|
|
if gpgPass == "" {
|
|
return fmt.Errorf("$GPG_KEY_PASSWORD must be defined")
|
|
}
|
|
|
|
gpgPrivKeyB, err := base64.StdEncoding.DecodeString(gpgPrivKey)
|
|
if err != nil {
|
|
return fmt.Errorf("couldn't decode $GPG_PRIV_KEY: %w", err)
|
|
}
|
|
gpgPubKeyB, err := base64.StdEncoding.DecodeString(gpgPubKey)
|
|
if err != nil {
|
|
return fmt.Errorf("couldn't decode $GPG_PUB_KEY: %w", err)
|
|
}
|
|
|
|
if err := os.WriteFile(cfg.GPGPrivateKey, append(gpgPrivKeyB, '\n'), 0400); err != nil {
|
|
return fmt.Errorf("failed to write GPG private key file: %w", err)
|
|
}
|
|
if err := os.WriteFile(cfg.GPGPublicKey, append(gpgPubKeyB, '\n'), 0400); err != nil {
|
|
return fmt.Errorf("failed to write GPG public key file: %w", err)
|
|
}
|
|
if err := os.WriteFile(cfg.GPGPassPath, []byte(gpgPass+"\n"), 0400); err != nil {
|
|
return fmt.Errorf("failed to write GPG password file: %w", err)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// RemoveGPGFiles removes configured GPG files.
|
|
func RemoveGPGFiles(cfg config.Config) {
|
|
for _, fpath := range []string{cfg.GPGPrivateKey, cfg.GPGPublicKey, cfg.GPGPassPath} {
|
|
if err := os.Remove(fpath); err != nil {
|
|
log.Printf("failed to remove %q", fpath)
|
|
}
|
|
}
|
|
}
|