run.sh: using inotifywait to automagically reload kuvert when gpg keyring changes; also, by default running kuvert with the debug mode on
parent
c9fe1b6f43
commit
fd0e74813e
10
Dockerfile
10
Dockerfile
|
@ -8,6 +8,14 @@ ENV KUVERT_UID 1000
|
||||||
ENV KUVERT_GID 1000
|
ENV KUVERT_GID 1000
|
||||||
ENV KUVERT_HOME /home/kuvert
|
ENV KUVERT_HOME /home/kuvert
|
||||||
|
|
||||||
|
# install inotify-tools
|
||||||
|
RUN DEBIAN_FRONTEND=noninteractive apt-get -q update && \
|
||||||
|
apt-get -q -y --no-install-recommends install \
|
||||||
|
inotify-tools && \
|
||||||
|
apt-get -q clean && \
|
||||||
|
apt-get -q -y autoremove && \
|
||||||
|
rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
# install the needed CPAN modules
|
# install the needed CPAN modules
|
||||||
# divided into separate RUN commands for easier debugging
|
# divided into separate RUN commands for easier debugging
|
||||||
# (cpan's output does not lend itself to debugging very well...)
|
# (cpan's output does not lend itself to debugging very well...)
|
||||||
|
@ -33,4 +41,4 @@ RUN cd /usr/local/src/kuvert/ && \
|
||||||
RUN chmod a+x /usr/local/src/kuvert/run.sh
|
RUN chmod a+x /usr/local/src/kuvert/run.sh
|
||||||
|
|
||||||
ENTRYPOINT ["/usr/local/src/kuvert/run.sh"]
|
ENTRYPOINT ["/usr/local/src/kuvert/run.sh"]
|
||||||
CMD ["kuvert"]
|
CMD ["kuvert", "-d"]
|
23
run.sh
23
run.sh
|
@ -175,7 +175,6 @@ Name-Real: $KUVERT_USER
|
||||||
Name-Comment: Auto-generated for kuvert testing, change as soon as possible
|
Name-Comment: Auto-generated for kuvert testing, change as soon as possible
|
||||||
Name-Email: $KUVERT_USER@localhost
|
Name-Email: $KUVERT_USER@localhost
|
||||||
Expire-Date: 0
|
Expire-Date: 0
|
||||||
# Do a commit here, so that we can later print "done" :-)
|
|
||||||
%commit
|
%commit
|
||||||
EOT
|
EOT
|
||||||
echo " +-- done."
|
echo " +-- done."
|
||||||
|
@ -184,6 +183,28 @@ else
|
||||||
echo "$SECRET_KEYS" | wc -l
|
echo "$SECRET_KEYS" | wc -l
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# this watches the $KUVERT_GNUPG_DIR files for changes
|
||||||
|
# and re-loads kuvert's config and keychain when they're detected
|
||||||
|
function watch_pubkeys {
|
||||||
|
echo "+-- watching for changes in $KUVERT_GNUPG_DIR"
|
||||||
|
# FIXME we need to handle SIGHUP/SIGTERM/SIGKILL nicely some day
|
||||||
|
while true; do
|
||||||
|
# wait for events
|
||||||
|
inotifywait -r -e modify -e move -e create -e delete -qq "$KUVERT_GNUPG_DIR"
|
||||||
|
# if a watched event occured, redo authorized_keys
|
||||||
|
if [ $? -eq 0 ]; then
|
||||||
|
echo " +-- files in $KUVERT_GNUPG_DIR changed"
|
||||||
|
echo " reloading kuvert config and keuring..."
|
||||||
|
su -p -c "env PATH=\"$PATH\" kuvert -r" "$KUVERT_USER"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
# watch for changes with the keyring in the background
|
||||||
|
# when changes are detected, kuvert gets reloaded
|
||||||
|
watch_pubkeys &
|
||||||
|
sleep 1
|
||||||
|
|
||||||
# inform
|
# inform
|
||||||
echo "========================================================================"
|
echo "========================================================================"
|
||||||
echo "== Starting kuvert =="
|
echo "== Starting kuvert =="
|
||||||
|
|
Loading…
Reference in New Issue