2009-07-22 15:02:38 +00:00
|
|
|
#!/bin/sh
|
|
|
|
|
2013-07-05 04:21:13 +00:00
|
|
|
# abuild-sign - sign indexes
|
2009-07-22 15:02:38 +00:00
|
|
|
# Copyright (c) 2009 Natanael Copa <ncopa@alpinelinux.org>
|
|
|
|
#
|
|
|
|
# Distributed under GPL-2
|
|
|
|
#
|
|
|
|
|
|
|
|
abuild_ver=@VERSION@
|
2013-07-05 04:21:16 +00:00
|
|
|
datadir=@datadir@
|
2009-07-22 15:02:38 +00:00
|
|
|
|
2013-07-05 04:21:16 +00:00
|
|
|
if ! [ -f "$datadir/functions.sh" ]; then
|
|
|
|
echo "$datadir/functions.sh: not found" >&2
|
2009-07-22 15:02:38 +00:00
|
|
|
exit 1
|
2013-07-05 04:21:16 +00:00
|
|
|
fi
|
|
|
|
. "$datadir/functions.sh"
|
2009-07-22 15:02:38 +00:00
|
|
|
|
2013-07-05 04:21:15 +00:00
|
|
|
do_sign() {
|
|
|
|
# we are actually only interested in the name, not the file itself
|
|
|
|
keyname=${pubkey##*/}
|
|
|
|
|
|
|
|
for f; do
|
|
|
|
i=$(readlink -f $f)
|
|
|
|
[ -d "$i" ] && i="$i/APKINDEX.tar.gz"
|
|
|
|
repo="${i%/*}"
|
|
|
|
cd "$repo" || die "Failed to sign $i"
|
|
|
|
sig=".SIGN.RSA.$keyname"
|
|
|
|
openssl dgst -sha1 -sign "$privkey" -out "$sig" "$i" || die "Failed to sign $i"
|
|
|
|
tmptargz=$(mktemp)
|
|
|
|
tar -c "$sig" | abuild-tar --cut | gzip -9 > "$tmptargz"
|
|
|
|
tmpsigned=$(mktemp)
|
|
|
|
cat "$tmptargz" "$i" > "$tmpsigned"
|
|
|
|
rm -f "$tmptargz" "$sig"
|
|
|
|
mv "$tmpsigned" "$i"
|
|
|
|
chmod 644 "$i"
|
|
|
|
if [ -z "$quiet" ]; then
|
|
|
|
echo "Signed $i"
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
}
|
|
|
|
|
2009-07-22 15:02:38 +00:00
|
|
|
usage() {
|
|
|
|
echo "abuild-sign $abuild_ver"
|
2009-07-23 08:42:34 +00:00
|
|
|
echo "usage: abuild-sign [-hq] [-k PRIVKEY] [-p PUBKEY] INDEXFILE..."
|
2009-07-22 15:02:38 +00:00
|
|
|
echo "options:"
|
2009-07-23 08:42:34 +00:00
|
|
|
echo " -h Show this help"
|
|
|
|
echo " -k The private key to use for signing"
|
|
|
|
echo " -p The name of public key. apk add will look for /etc/apk/keys/PUBKEY"
|
2009-07-22 15:02:38 +00:00
|
|
|
exit 1
|
|
|
|
}
|
|
|
|
|
|
|
|
privkey="$PACKAGER_PRIVKEY"
|
|
|
|
|
2009-07-23 08:42:34 +00:00
|
|
|
while getopts "hk:p:q" opt; do
|
2009-07-22 15:02:38 +00:00
|
|
|
case $opt in
|
|
|
|
h) usage;;
|
|
|
|
k) privkey=$OPTARG;;
|
|
|
|
p) pubkey=$OPTARG;;
|
2009-07-23 08:42:34 +00:00
|
|
|
q) quiet=yes;;
|
2009-07-22 15:02:38 +00:00
|
|
|
esac
|
|
|
|
done
|
|
|
|
shift $(( $OPTIND - 1))
|
|
|
|
|
|
|
|
if [ -z "$privkey" ]; then
|
|
|
|
echo "No private key found. Use 'abuild-keygen' to generate the keys"
|
|
|
|
echo "Then you can either:"
|
|
|
|
echo " 1. set the PACKAGER_PRIVKEY in $abuild_userconf"
|
2009-07-23 08:42:34 +00:00
|
|
|
echo " (Note that 'abuild-keygen -a' does this for you)"
|
2009-07-22 15:02:38 +00:00
|
|
|
echo " 2. set the PACKAGER_PRIVKEY in $abuild_conf"
|
|
|
|
echo " 3. specify the key with the -k option"
|
|
|
|
echo ""
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ -z "$pubkey" ]; then
|
|
|
|
pubkey=${PACKAGER_PUBKEY:-"${privkey}.pub"}
|
|
|
|
fi
|
|
|
|
|
2013-07-05 04:21:15 +00:00
|
|
|
do_sign "$@"
|
2009-07-23 08:42:34 +00:00
|
|
|
exit 0
|