The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 
grafana/pkg/build/gpg/gpg.go

73 lines
2.1 KiB

package gpg
import (
"encoding/base64"
"fmt"
"log"
"os"
"github.com/grafana/grafana/pkg/build/config"
"github.com/grafana/grafana/pkg/build/fsutil"
)
// LoadGPGKeys loads GPG key pair and password from the environment and writes them to corresponding files.
//
// The passed config's GPG fields also get updated. Make sure to call RemoveGPGFiles at application exit.
func LoadGPGKeys(cfg *config.Config) error {
var err error
cfg.GPGPrivateKey, err = fsutil.CreateTempFile("priv.key")
if err != nil {
return err
}
cfg.GPGPublicKey, err = fsutil.CreateTempFile("pub.key")
if err != nil {
return err
}
cfg.GPGPassPath, err = fsutil.CreateTempFile("")
if err != nil {
return err
}
gpgPrivKey := os.Getenv("GPG_PRIV_KEY")
if gpgPrivKey == "" {
return fmt.Errorf("$GPG_PRIV_KEY must be defined")
}
gpgPubKey := os.Getenv("GPG_PUB_KEY")
if gpgPubKey == "" {
return fmt.Errorf("$GPG_PUB_KEY must be defined")
}
gpgPass := os.Getenv("GPG_KEY_PASSWORD")
if gpgPass == "" {
return fmt.Errorf("$GPG_KEY_PASSWORD must be defined")
}
gpgPrivKeyB, err := base64.StdEncoding.DecodeString(gpgPrivKey)
if err != nil {
return fmt.Errorf("couldn't decode $GPG_PRIV_KEY: %w", err)
}
gpgPubKeyB, err := base64.StdEncoding.DecodeString(gpgPubKey)
if err != nil {
return fmt.Errorf("couldn't decode $GPG_PUB_KEY: %w", err)
}
if err := os.WriteFile(cfg.GPGPrivateKey, append(gpgPrivKeyB, '\n'), 0400); err != nil {
return fmt.Errorf("failed to write GPG private key file: %w", err)
}
if err := os.WriteFile(cfg.GPGPublicKey, append(gpgPubKeyB, '\n'), 0400); err != nil {
return fmt.Errorf("failed to write GPG public key file: %w", err)
}
if err := os.WriteFile(cfg.GPGPassPath, []byte(gpgPass+"\n"), 0400); err != nil {
return fmt.Errorf("failed to write GPG password file: %w", err)
}
return nil
}
// RemoveGPGFiles removes configured GPG files.
func RemoveGPGFiles(cfg config.Config) {
for _, fpath := range []string{cfg.GPGPrivateKey, cfg.GPGPublicKey, cfg.GPGPassPath} {
if err := os.Remove(fpath); err != nil {
log.Printf("failed to remove %q", fpath)
}
}
}