abuild/abuild-sign.in

103 lines
2.1 KiB
Plaintext
Raw Normal View History

#!/bin/sh
# abuild-sign - sign indexes
# Copyright (c) 2009 Natanael Copa <ncopa@alpinelinux.org>
#
# Distributed under GPL-2
#
abuild_ver=@VERSION@
datadir=@datadir@
if ! [ -f "$datadir/functions.sh" ]; then
echo "$datadir/functions.sh: not found" >&2
exit 1
fi
. "$datadir/functions.sh"
2013-07-05 04:21:15 +00:00
do_sign() {
2013-07-05 04:21:22 +00:00
local f i keyname repo
2013-07-05 04:21:15 +00:00
# we are actually only interested in the name, not the file itself
keyname=${pubkey##*/}
for f; do
i=$(readlink -f $f)
[ -d "$i" ] && i="$i/APKINDEX.tar.gz"
repo="${i%/*}"
(
set -e
cd "$repo"
2013-07-05 04:21:15 +00:00
sig=".SIGN.RSA.$keyname"
openssl dgst -sha1 -sign "$privkey" -out "$sig" "$i"
2013-07-05 04:21:15 +00:00
tmptargz=$(mktemp)
tar -c "$sig" | abuild-tar --cut | gzip -9 > "$tmptargz"
tmpsigned=$(mktemp)
cat "$tmptargz" "$i" > "$tmpsigned"
rm -f "$tmptargz" "$sig"
2013-07-05 04:21:24 +00:00
chmod 644 "$tmpsigned"
2013-07-05 04:21:15 +00:00
mv "$tmpsigned" "$i"
msg "Signed $i"
) || die "failed to sign $i"
2013-07-05 04:21:15 +00:00
done
}
usage() {
cat >&2 <<__EOF__
$prog $abuild_ver - sign indexes
Usage: $prog [-k PRIVKEY] [-p PUBKEY] INDEXFILE...
Options:
-k, --private KEY The private key to use for signing
-p, --public KEY The name of public key. apk add will look for /etc/apk/keys/KEY
-q, --quiet
-h, --help Show this help
__EOF__
}
privkey="$PACKAGER_PRIVKEY"
pubkey=
quiet=
args=`getopt -o k:p:qh --long private:,public:,quiet,help -n "$prog" -- "$@"`
if [ $? -ne 0 ]; then
usage
exit 2
fi
eval set -- "$args"
while true; do
case $1 in
-k|--private) privkey=$2; shift;;
-p|--public) pubkey=$2; shift;;
-q|--quiet) quiet=1;; # suppresses msg
-h|--help) usage; exit;;
--) shift; break;;
*) exit 1;; # getopt error
esac
shift
done
if [ $# -eq 0 ]; then
usage
exit 2
fi
if [ -z "$privkey" ]; then
2013-07-05 04:21:21 +00:00
cat >&2 << __EOF__
No private key found. Use 'abuild-keygen' to generate the keys.
Then you can either:
* set the PACKAGER_PRIVKEY in $abuild_userconf
('abuild-keygen -a' does this for you)
* set the PACKAGER_PRIVKEY in $abuild_conf
* specify the key with the -k option to $prog
__EOF__
exit 1
fi
if [ -z "$pubkey" ]; then
pubkey=${PACKAGER_PUBKEY:-"${privkey}.pub"}
fi
2013-07-05 04:21:15 +00:00
do_sign "$@"
exit 0