From 605ea490ac3c28356ee06123e4042809969dadf4 Mon Sep 17 00:00:00 2001
From: Jan Dittberner <jan@dittberner.info>
Date: Sat, 26 Dec 2020 11:52:37 +0100
Subject: [PATCH] Fix gpg setup for signer

---
 docker/run-signer | 12 ++++++------
 setup_test_ca.sh  | 18 +++++++++++-------
 2 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/docker/run-signer b/docker/run-signer
index 9f95d85..c145ea5 100755
--- a/docker/run-signer
+++ b/docker/run-signer
@@ -9,18 +9,18 @@ cp /srv/testca/root/ca.crt.pem /srv/ca/CA/ca.crt.pem
 cp /srv/testca/root/private/ca.key.pem /srv/ca/CA/private/ca.key.pem
 if [ ! -f /srv/ca/CA/index.txt ]; then cp /srv/testca/root/index.txt /srv/ca/CA/index.txt; fi
 if [ ! -f /srv/ca/CA/index.txt.attr ]; then cp /srv/testca/root/index.txt.attr /srv/ca/CA/index.txt.attr; fi
-if [ ! -f /srv/ca/CA/serial ]; then echo -n '00' > /srv/ca/CA/serial; fi
-if [ ! -f /srv/ca/CA/crlnumber ]; then echo 1000 > /srv/ca/CA/crlnumber; fi
+if [ ! -f /srv/ca/CA/serial ]; then printf '00' >/srv/ca/CA/serial; fi
+if [ ! -f /srv/ca/CA/crlnumber ]; then echo 1000 >/srv/ca/CA/crlnumber; fi
 
 mkdir -p /srv/ca/class3/certs /srv/ca/class3/private /srv/ca/class3/newcerts /srv/ca/gpg/gpg_root_0
 cp /srv/testca/class3/ca.crt.pem /srv/ca/class3/ca.crt.pem
 cp /srv/testca/class3/private/ca.key.pem /srv/ca/class3/private/ca.key.pem
 if [ ! -f /srv/ca/class3/index.txt ]; then cp /srv/testca/class3/index.txt /srv/ca/class3/index.txt; fi
 if [ ! -f /srv/ca/class3/index.txt.attr ]; then cp /srv/testca/class3/index.txt.attr /srv/ca/class3/index.txt.attr; fi
-if [ ! -f /srv/ca/class3/serial ]; then echo -n '00' > /srv/ca/class3/serial; fi
-if [ ! -f /srv/ca/class3/crlnumber ]; then echo 1000 > /srv/ca/class3/crlnumber; fi
+if [ ! -f /srv/ca/class3/serial ]; then printf '00' >/srv/ca/class3/serial; fi
+if [ ! -f /srv/ca/class3/crlnumber ]; then echo 1000 >/srv/ca/class3/crlnumber; fi
 if [ ! -f /srv/ca/gpg/gpg_root_0/secring.gpg ]; then cp /srv/testca/gpg/gpg_root_0/secring.gpg /srv/ca/gpg/gpg_root_0/secring.gpg; fi
-if [ ! -f /srv/ca/gpg/gpg_root_0/pubring.gpg ]; then cp /srv/testca/gpg/gpg_root_0/secring.gpg /srv/ca/gpg/gpg_root_0/pubring.gpg; fi
+if [ ! -f /srv/ca/gpg/gpg_root_0/pubring.gpg ]; then cp /srv/testca/gpg/gpg_root_0/pubring.gpg /srv/ca/gpg/gpg_root_0/pubring.gpg; fi
 
 rm -f /srv/sockets/signer
 socat -d -d PTY,link=/dev/ttyUSB0 UNIX-LISTEN:/srv/sockets/signer 2>&1 &
@@ -29,4 +29,4 @@ sleep 1
 cd /srv/CommModule/
 
 touch server.pl-active
-exec perl -w server.pl
\ No newline at end of file
+exec perl -w server.pl
diff --git a/setup_test_ca.sh b/setup_test_ca.sh
index 755a415..9a9a3b3 100755
--- a/setup_test_ca.sh
+++ b/setup_test_ca.sh
@@ -4,6 +4,9 @@ set -eu
 
 ORGANIZATION="CAcert Inc."
 COUNTRY_CODE="AU"
+CACERT_GPG_NAME="CA Cert Signing Authority (Root CA)"
+CACERT_GPG_EMAIL="gpg@cacert.localhost"
+
 . ./.env
 
 if [ ! -d testca/ ]; then
@@ -225,14 +228,15 @@ if [ ! -f certs/testclient.p12 ]; then
 fi
 
 if [ ! -f gpg/gpg_root_0/secring.gpg ]; then
-  gpg --homedir testca/gpg/gpg_root_0 --generate-key --batch <<EOF
+  chmod 0700 gpg/gpg_root_0
+  gpg --homedir gpg/gpg_root_0 --generate-key --batch <<EOF
 Key-Type: RSA
 Key-Length: 4096
 Key-Usage: cert
-Name-Real: CAcert Inc. GnuPG WoT
-Name-Email: gpg@cacert.localhost
-%no-protection"
+Name-Real: ${CACERT_GPG_NAME}
+Name-Email: ${CACERT_GPG_EMAIL}
+%no-protection
 EOF
-  gpg --homedir testca/gpg/gpg_root_0 --export | gpg1 --homedir testca/gpg/gpg_root_0 --import
-  gpg --homedir testca/gpg/gpg_root_0 --export-secret-keys | gpg1 --homedir testca/gpg/gpg_root_0 --import
-fi
\ No newline at end of file
+  gpg --homedir gpg/gpg_root_0 --export | gpg1 --homedir gpg/gpg_root_0 --import
+  gpg --homedir gpg/gpg_root_0 --export-secret-keys | gpg1 --homedir gpg/gpg_root_0 --import
+fi