yum-repo

#!/bin/bash

set -e
err_report() {
    echo "errexit on line $(caller)" >&2
}
trap err_report ERR
CURL_FLAGS="-LSsf"

SOURCES_DIR=/etc/yum.repos.d
GPGKEY_DIR=/etc/pki/rpm-gpg
BASENAME=$(basename $0)

usage() {
  cat <<EOF
Usage: $BASENAME add REPO_NAME REPO_URL GPGKEY_URL
       $BASENAME remove REPO_NAME

A utility to safely add a yum repository with a GPG signing key.

REPO_NAME is a unique local identifier for the repo.

REPO_URL is the URL of the repo.

GPGKEY_URL is a URL from which to download the signing key of the repo.
EOF
}

if [[ ! $2 ]]; then
  usage
  exit 1
fi

if ! which curl >&/dev/null; then
    echo "This utility requires curl"
    exit 1
fi

REPO_NAME="$2"
SOURCES_FILE="$SOURCES_DIR/$REPO_NAME".repo
GPGKEY_FILE="$GPGKEY_DIR/RPM-GPG-KEY-$REPO_NAME".gpg

case "$1" in

"add")

  if [[ ! $4 || $5 ]]; then
    usage
    exit 1
  fi

  REPO_URL="$3"
  GPGKEY_URL="$4"

  if [[ -f $SOURCES_FILE || -f $GPGKEY_FILE ]]; then
    echo "Unable to create files; repo already configured!"
    exit 2
  fi

  DIST=$(yum repolist | awk '/^!?base/ {print $2}')
  cat <<EOF >$SOURCES_FILE

# Created by $0 with: $BASENAME add $2 "$3" $4
# To clean up use: $BASENAME remove $2
[${REPO_NAME}]
name=${REPO_NAME} for ${DIST}
baseurl=${REPO_URL}
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file://${GPGKEY_FILE}
EOF

  TMPFILE=$(mktemp)
  curl $CURL_FLAGS -o $TMPFILE $GPGKEY_URL
  gpg --no-default-keyring --keyring=$GPGKEY_FILE --import $TMPFILE
  # This might leave a backup file; clean it up
  rm "$GPGKEY_FILE~" || true
  rm $TMPFILE

  # fix permissions
  chown root:root $GPGKEY_FILE $SOURCES_FILE
  chmod 644 $GPGKEY_FILE $SOURCES_FILE

  ;;

"remove")

  if [[ ! $4 || $5 ]]; then
    usage
    exit 1
  fi

  if [[ ! -f $SOURCES_FILE && ! -f $GPGKEY_FILE ]]; then
    echo "Unable to delete files; repo not configured!"
    exit 2
  fi

  rm $SOURCES_FILE $GPGKEY_FILE || true

  ;;

* )

  usage
  exit 2
  ;;

esac