run.sh: using inotifywait to automagically reload kuvert when gpg keyring changes; also, by default running kuvert with the debug mode on

2017-02-24 12:41:23 +01:00 · 2017-02-24 12:41:23 +01:00 · fd0e74813e
parent c9fe1b6f43
commit fd0e74813e
2 changed files with 31 additions and 2 deletions
--- a/10
+++ b/10
@ -8,6 +8,14 @@ ENV KUVERT_UID 1000
 ENV KUVERT_GID 1000
 ENV KUVERT_HOME /home/kuvert

+# install inotify-tools
+RUN DEBIAN_FRONTEND=noninteractive apt-get -q update && \
+    apt-get -q -y --no-install-recommends install \
+        inotify-tools && \
+    apt-get -q clean && \
+    apt-get -q -y autoremove && \
+    rm -rf /var/lib/apt/lists/*
+
 # install the needed CPAN modules
 # divided into separate RUN commands for easier debugging
 # (cpan's output does not lend itself to debugging very well...)
@ -33,4 +41,4 @@ RUN cd /usr/local/src/kuvert/ && \
 RUN chmod a+x /usr/local/src/kuvert/run.sh

 ENTRYPOINT ["/usr/local/src/kuvert/run.sh"]
-CMD ["kuvert"]
+CMD ["kuvert", "-d"]
--- a/run.sh
+++ b/run.sh
@ -175,7 +175,6 @@ Name-Real: $KUVERT_USER
 Name-Comment: Auto-generated for kuvert testing, change as soon as possible
 Name-Email: $KUVERT_USER@localhost
 Expire-Date: 0
-# Do a commit here, so that we can later print "done" :-)
 %commit
 EOT
    echo "    +-- done."
@ -184,6 +183,28 @@ else
    echo "$SECRET_KEYS" | wc -l
 fi

+# this watches the $KUVERT_GNUPG_DIR files for changes
+# and re-loads kuvert's config and keychain when they're detected
+function watch_pubkeys {
+    echo "+-- watching for changes in $KUVERT_GNUPG_DIR"
+    # FIXME we need to handle SIGHUP/SIGTERM/SIGKILL nicely some day
+    while true; do
+        # wait for events
+        inotifywait -r -e modify -e move -e create -e delete -qq "$KUVERT_GNUPG_DIR"
+        # if a watched event occured, redo authorized_keys
+        if [ $? -eq 0 ]; then
+            echo "    +-- files in $KUVERT_GNUPG_DIR changed"
+            echo "        reloading kuvert config and keuring..."
+            su -p -c "env PATH=\"$PATH\" kuvert -r" "$KUVERT_USER"
+        fi
+    done
+}
+
+# watch for changes with the keyring in the background
+# when changes are detected, kuvert gets reloaded
+watch_pubkeys &
+sleep 1
+
 # inform
 echo "========================================================================"
 echo "== Starting kuvert                                                    =="