#!/bin/bash
#
#

#
#   Stop the build service
#
obs stop

HOSTNAME_FQDM=obs.`hostname -f`

if [ ! -e /srv/obs/certs/server.key ] ; then
    #
    # defaults keys and certificates
    #
    mkdir -p /srv/obs/certs /srv/obs/gnupg /srv/obs/gnupg/phrases
    
    echo "Generate server keys"
    
    /usr/bin/openssl genrsa -passout pass:opensuse -out /srv/obs/certs/server.key 4096
    /usr/bin/openssl req -new -key /srv/obs/certs/server.key -passin pass:opensuse -subj "/CN=localhost/emailAddress=root@localhost" -out /srv/obs/certs/localhost.csr
    /usr/bin/openssl req -new -key /srv/obs/certs/server.key -passin pass:opensuse -subj "/CN=$HOSTNAME_FQDM/emailAddress=root@localhost" -out /srv/obs/certs/$HOSTNAME_FQDM.csr
    /usr/bin/openssl x509 -req -days 3650 -in /srv/obs/certs/localhost.csr -signkey /srv/obs/certs/server.key -out /srv/obs/certs/localhost.crt
    /usr/bin/openssl x509 -req -days 3650 -in /srv/obs/certs/$HOSTNAME_FQDM.csr -signkey /srv/obs/certs/server.key -out /srv/obs/certs/$HOSTNAME_FQDM.crt
    cp -f /srv/obs/certs/$HOSTNAME_FQDM.crt /srv/obs/certs/server.crt
    cat /srv/obs/certs/server.key /srv/obs/certs/localhost.crt /srv/obs/certs/$HOSTNAME_FQDM.crt > /srv/obs/certs/server.pem
    cp -f /srv/obs/certs/server.pem /etc/ssl/certs/obs-server.pem
    c_rehash /etc/ssl/certs/
    #
    chmod 700 /srv/obs/gnupg
    
    echo "Generate package signing keys"
    
    export GNUPGHOME=/srv/obs/gnupg
    /usr/bin/gpg --homedir /srv/obs/gnupg --batch --gen-key << EOF
%echo Generating a default key
Key-Type: default
Subkey-Type: default
Name-Real: root
Name-Comment: OpenSuSE
Name-Email: root@localhost
Expire-Date: 0
Passphrase: opensuse
# Do a commit here, so that we can later print "done" :-)
%commit
%echo done
EOF
    /usr/bin/gpg --homedir /srv/obs/gnupg --no-default-keyring --list-secret-keys
    echo "opensuse" > /srv/obs/gnupg/phrases/root@localhost
    chmod 700 /srv/obs/gnupg/phrases
    chmod 600 /srv/obs/gnupg/phrases/root@localhost
    /usr/bin/gpg --homedir /srv/obs/gnupg --armor --export "<root@localhost>" > /srv/obs/server.asc

    echo "Done"

else
    echo "Keys already generated"
fi

#
#   Start the build service
#
obs start
