From e08346aa3018fcd50a650b48cafd2c4a1e834659 Mon Sep 17 00:00:00 2001
From: Fredrik Thulin <fredrik@thulin.net>
Date: Fri, 3 Feb 2023 15:39:49 +0100
Subject: [PATCH] cleanup, use stamp-file, only run on old OS versions

---
 global/pre-tasks.d/040hiera-gpg | 23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/global/pre-tasks.d/040hiera-gpg b/global/pre-tasks.d/040hiera-gpg
index 3aa3037..bc1da35 100755
--- a/global/pre-tasks.d/040hiera-gpg
+++ b/global/pre-tasks.d/040hiera-gpg
@@ -9,12 +9,21 @@ set -e
 GNUPGHOME=/etc/hiera/gpg
 export GNUPGHOME
 
+vendor=$(lsb_release -is)
+version=$(lsb_release -rs)
+# If the OS is Ubuntu 18.04 or newer, or Debian 10 or newer, we don't need to do anything (those use eyaml instead)
+test "${vendor}" = "Ubuntu" && dpkg --compare-versions "${version}" "ge" "18.04" && exit 0
+test "${vendor}" = "Debian" && dpkg --compare-versions "${version}" "ge" "10" && exit 0
+
+stamp="$COSMOS_BASE/stamps/hiera-gpg-v01.stamp"
+
+test -f "$stamp" && exit 0
+
 if [ ! -f /usr/lib/ruby/vendor_ruby/gpgme.rb ]; then
     apt-get update
     apt-get -y install ruby-gpgme
 fi
 
-
 if [ ! -s $GNUPGHOME/secring.gpg ]; then
 
     if [ "x$1" != "x--force" ]; then
@@ -35,19 +44,21 @@ if [ ! -s $GNUPGHOME/secring.gpg ]; then
     chmod 700 $GNUPGHOME
 
     TMPFILE=$(mktemp /tmp/hiera-gpg.XXXXXX)
-    cat > $TMPFILE <<EOF
+    cat > "$TMPFILE" <<EOF
 %echo Generating a default key
 Key-Type: default
 Subkey-Type: default
 Name-Real: Cosmos Puppet
 Name-Comment: Hiera GPG key
-Name-Email: root@`hostname --fqdn`
+Name-Email: root@$(hostname --fqdn)
 Expire-Date: 0
 # Do a commit here, so that we can later print "done" :-)
-%no-protection
 %commit
 %echo done
 EOF
-    gpg2 --batch --gen-key $TMPFILE
-    rm -f $TMPFILE
+    gpg2 --batch --gen-key "$TMPFILE"
+    rm -f "$TMPFILE"
 fi
+
+mkdir -p "$(dirname "${stamp}")"
+touch "$stamp"