Commit 715a4496 authored by Ilya Frolov's avatar Ilya Frolov Committed by John Jarvis

add lazy solution to key fetching

parent a702edbd
......@@ -5,6 +5,11 @@
# Variables
UNAME := $(shell uname -s)
KEY_SERVERS := pool.sks-keyservers.net \
subkeys.pgp.net \
pgp.mit.edu \
keyserver.ubuntu.com \
keys.gnupg.net
#
TF_URL := https://releases.hashicorp.com/terraform
HASHICORP_KEY := 0x51852D87348FFC4C
......@@ -105,8 +110,27 @@ endif
debug: ### Debug Makefile itself placeholder
@echo $(UNAME)
.PHONY: gpgkey
gpgkey: ### Get Hashicop's gpg key from list of servers
@gpg --list-keys $(HASHICORP_KEY); \
if [ $$? -eq 0 ]; then \
echo "Key $(HASHICORP_KEY) is already in keystore"; \
else \
for ksrv in $(KEY_SERVERS); do \
echo -n "Getting key $(HASHICORP_KEY) from server $$ksrv ... "; \
gpg --keyserver $$ksrv --recv-keys $(HASHICORP_KEY); \
if [ $$? -eq 0 ]; then \
echo "Success!"; \
exit 0 ; \
else \
echo "Fail"; \
fi; \
done; \
fi
.PHONY: tfinstall
tfinstall: ### Download, check sum and unpack specific terraform version
tfinstall: gpgkey
@# First, we download into temporary dir
$(eval [email protected]_TMP := $(shell mktemp -d "/tmp/tfinstall.tmp.XXXXXX"))
test -n "$([email protected]_TMP)" || exit 1
......@@ -115,7 +139,6 @@ tfinstall: ### Download, check sum and unpack specific terraform version
"$(TF_URL_SHA256)" \
"$(TF_URL_SHA256SIG)"
@# Then, we verify signature on hashsums
gpg --list-keys $(HASHICORP_KEY) || gpg --keyserver pgp.mit.edu --recv-keys $(HASHICORP_KEY)
gpg --verbose --verify "$([email protected]_TMP)/$(TF_SHA256SIG)" "$([email protected]_TMP)/$(TF_SHA256)"
@# Then, we verify hashsum on our zip archive, using only its line as stdin
cd $([email protected]_TMP) && grep "$(TF_ZIP)" "$(TF_SHA256)" | sha256sum -c -w
......@@ -126,6 +149,7 @@ tfinstall: ### Download, check sum and unpack specific terraform version
.PHONY: vainstall
vainstall: ### Download, check sum and unpack specific vault version
vainstall: gpgkey
@# First, we download into temporary dir
$(eval [email protected]_TMP := $(shell mktemp -d "/tmp/vainstall.tmp.XXXXXX"))
test -n "$([email protected]_TMP)" || exit 1
......@@ -134,7 +158,6 @@ vainstall: ### Download, check sum and unpack specific vault version
"$(VA_URL_SHA256)" \
"$(VA_URL_SHA256SIG)"
@# Then, we verify signature on hashsums
gpg --list-keys $(HASHICORP_KEY) || gpg --keyserver pgp.mit.edu --recv-keys $(HASHICORP_KEY)
gpg --verbose --verify "$([email protected]_TMP)/$(VA_SHA256SIG)" "$([email protected]_TMP)/$(VA_SHA256)"
@# Then, we verify hashsum on our zip archive, using only its line as stdin
cd $([email protected]_TMP) && grep "$(VA_ZIP)" "$(VA_SHA256)" | sha256sum -c -w
......@@ -145,6 +168,7 @@ vainstall: ### Download, check sum and unpack specific vault version
.PHONY: pkinstall
pkinstall: ### Download, check sum and unpack specific packer version
pkinstall: gpgkey
@# First, we download into temporary dir
$(eval [email protected]_TMP := $(shell mktemp -d "/tmp/pkinstall.tmp.XXXXXX"))
test -n "$([email protected]_TMP)" || exit 1
......@@ -153,7 +177,6 @@ pkinstall: ### Download, check sum and unpack specific packer version
"$(PK_URL_SHA256)" \
"$(PK_URL_SHA256SIG)"
@# Then, we verify signature on hashsums
gpg --list-keys $(HASHICORP_KEY) || gpg --keyserver pgp.mit.edu --recv-keys $(HASHICORP_KEY)
gpg --verbose --verify "$([email protected]_TMP)/$(PK_SHA256SIG)" "$([email protected]_TMP)/$(PK_SHA256)"
@# Then, we verify hashsum on our zip archive, using only its line as stdin
cd $([email protected]_TMP) && grep "$(PK_ZIP)" "$(PK_SHA256)" | sha256sum -c -w
......@@ -164,6 +187,7 @@ pkinstall: ### Download, check sum and unpack specific packer version
.PHONY: coinstall
coinstall: ### Download, check sum and unpack specific consul version
coinstall: gpgkey
@# First, we download into temporary dir
$(eval [email protected]_TMP := $(shell mktemp -d "/tmp/coinstall.tmp.XXXXXX"))
test -n "$([email protected]_TMP)" || exit 1
......@@ -172,7 +196,6 @@ coinstall: ### Download, check sum and unpack specific consul version
"$(CO_URL_SHA256)" \
"$(CO_URL_SHA256SIG)"
@# Then, we verify signature on hashsums
gpg --list-keys $(HASHICORP_KEY) || gpg --keyserver pgp.mit.edu --recv-keys $(HASHICORP_KEY)
gpg --verbose --verify "$([email protected]_TMP)/$(CO_SHA256SIG)" "$([email protected]_TMP)/$(CO_SHA256)"
@# Then, we verify hashsum on our zip archive, using only its line as stdin
cd $([email protected]_TMP) && grep "$(CO_ZIP)" "$(CO_SHA256)" | sha256sum -c -w
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment