abuild/abuild-sign.in

#!/bin/sh

# abuild-sign - sign indexes
# Copyright (c) 2009 Natanael Copa <ncopa@alpinelinux.org>
#
# Distributed under GPL-2.0-only
#

program_version=@VERSION@
sharedir=${ABUILD_SHAREDIR:-@sharedir@}

if ! [ -f "$sharedir/functions.sh" ]; then
	echo "$sharedir/functions.sh: not found" >&2
	exit 1
fi
. "$sharedir/functions.sh"

gzip=$(command -v pigz || echo gzip)

do_sign() {
	local f i keyname repo
	local openssl=$(command -v openssl || echo libressl)

	# we are actually only interested in the name, not the file itself
	keyname=${pubkey##*/}

	for f; do
		i=$(readlink -f $f)
		[ -d "$i" ] && i="$i/APKINDEX.tar.gz"
		repo="${i%/*}"
		trap 'die "failed to sign $i"' EXIT
		set -e
		cd "$repo"
		sig=".SIGN.RSA.$keyname"
		$openssl dgst -sha1 -sign "$privkey" -out "$sig" "$i"

		if [ -n "$SOURCE_DATE_EPOCH" ]; then
			touch -h -d "@$SOURCE_DATE_EPOCH" "$sig"
		fi

		tmptargz=$(mktemp)
		tar --owner=0 --group=0 --numeric-owner -f - -c "$sig" | abuild-tar --cut | $gzip -n -9 > "$tmptargz"
		tmpsigned=$(mktemp)
		cat "$tmptargz" "$i" > "$tmpsigned"
		rm -f "$tmptargz" "$sig"
		chmod 644 "$tmpsigned"
		mv "$tmpsigned" "$i"
		msg "Signed $i"
		set +e
		trap - EXIT
	done
}

usage() {
	cat <<-__EOF__
		$program $program_version - sign indexes
		Usage: $program [-k PRIVKEY] [-p PUBKEY] INDEXFILE...
		       $program -e
		Options:
		  -e, --installed    Check only of there exist a private key for signing
		  -k, --private KEY  The private key to use for signing
		  -p, --public KEY   The name of public key. apk add will look for
		                     /etc/apk/keys/KEY
		  -q, --quiet
		  -h, --help         Show this help

	__EOF__
}

check_installed=false
privkey="$PACKAGER_PRIVKEY"
pubkey=
quiet=

args=$(getopt -o ek:p:qh --long installed,private:,public:,quiet,help -n "$program" -- "$@")
if [ $? -ne 0 ]; then
	usage >&2
	exit 2
fi
eval set -- "$args"
while true; do
	case $1 in
		-e|--installed) check_installed=true;;
		-k|--private) privkey=$2; shift;;
		-p|--public) pubkey=$2; shift;;
		-q|--quiet) quiet=1;; # suppresses msg
		-h|--help) usage; exit;;
		--) shift; break;;
		*) exit 1;; # getopt error
	esac
	shift
done
if [ $# -eq 0 ] && ! $check_installed; then
	usage >&2
	exit 2
fi

if [ -z "$privkey" ]; then
	cat >&2 <<-__EOF__
		No private key found. Use 'abuild-keygen' to generate the keys.
		Then you can either:
		  * set the PACKAGER_PRIVKEY in $ABUILD_USERCONF
		    ('abuild-keygen -a' does this for you)
		  * set the PACKAGER_PRIVKEY in $ABUILD_CONF
		  * specify the key with the -k option to $program

	__EOF__
	exit 1
fi

if [ -z "$pubkey" ]; then
	pubkey=${PACKAGER_PUBKEY:-"${privkey}.pub"}
fi

if $check_installed; then
	if ! [ -e "$privkey" ]; then
		echo "$program: $privkey: File not found" >&2
		exit 1
	fi
	if ! [ -e "$pubkey" ]; then
		echo "$program: $pubkey: File not found" >&2
		exit 1
	fi
else
	do_sign "$@"
fi
abuild-sign: initial commit we can only sign indexes so far 2009-07-22 15:02:38 +00:00			`#!/bin/sh`

various: tweak opening comments, whitespace Also remove incomplete efforts at listing "Depends on: ..." 2013-07-05 04:21:13 +00:00			`# abuild-sign - sign indexes`
abuild-sign: initial commit we can only sign indexes so far 2009-07-22 15:02:38 +00:00			`# Copyright (c) 2009 Natanael Copa <ncopa@alpinelinux.org>`
			`#`
*: say we are using GPL-2.0-only 2020-10-23 14:39:18 +00:00			`# Distributed under GPL-2.0-only`
abuild-sign: initial commit we can only sign indexes so far 2009-07-22 15:02:38 +00:00			`#`

functions: rename abuild_ver to program_version 2013-10-25 07:26:05 +00:00			`program_version=@VERSION@`
allow override sharedir for testing Aloow overrid sharedir with global ABUILD_SHAREDIR so we test the local functions.sh instead of a system installed functions.sh 2019-11-07 11:28:37 +00:00			`sharedir=${ABUILD_SHAREDIR:-@sharedir@}`
abuild-sign: initial commit we can only sign indexes so far 2009-07-22 15:02:38 +00:00
rename datadir -> sharedir abuild uses datadir as local variable in various functions. Rename the global datadir to sharedir to avoid confusion. 2019-11-07 11:21:32 +00:00			`if ! [ -f "$sharedir/functions.sh" ]; then`
			`echo "$sharedir/functions.sh: not found" >&2`
abuild-sign: initial commit we can only sign indexes so far 2009-07-22 15:02:38 +00:00			`exit 1`
various: move conf-loading and i/o to functions 2013-07-05 04:21:16 +00:00			`fi`
rename datadir -> sharedir abuild uses datadir as local variable in various functions. Rename the global datadir to sharedir to avoid confusion. 2019-11-07 11:21:32 +00:00			`. "$sharedir/functions.sh"`
abuild-sign: initial commit we can only sign indexes so far 2009-07-22 15:02:38 +00:00
abuild-sign: use pigz if available This is similar to what we do in abuild. It improves performance on multicore machines. 2019-11-07 13:21:45 +00:00			`gzip=$(command -v pigz \|\| echo gzip)`

abuild-sign: refactor 2013-07-05 04:21:15 +00:00			`do_sign() {`
abuild-sign: make vars local 2013-07-05 04:21:22 +00:00			`local f i keyname repo`
abuild-sign: fall back to libressl if openssl is missing openssl binary may be missing while migrating system from libressl to openssl. Make sure we can always sign the backage if either is there. 2018-11-08 11:43:47 +00:00			`local openssl=$(command -v openssl \|\| echo libressl)`
abuild-sign: make vars local 2013-07-05 04:21:22 +00:00
abuild-sign: refactor 2013-07-05 04:21:15 +00:00			`# we are actually only interested in the name, not the file itself`
			`keyname=${pubkey##*/}`

			`for f; do`
			`i=$(readlink -f $f)`
			`[ -d "$i" ] && i="$i/APKINDEX.tar.gz"`
			`repo="${i%/*}"`
abuild-sign: actually catch errors while signing 2019-01-17 10:04:26 +00:00			`trap 'die "failed to sign $i"' EXIT`
abuild-sign: wrap cd in a subshell, use set -e 2013-07-05 04:21:23 +00:00			`set -e`
			`cd "$repo"`
abuild-sign: refactor 2013-07-05 04:21:15 +00:00			`sig=".SIGN.RSA.$keyname"`
abuild-sign: fall back to libressl if openssl is missing openssl binary may be missing while migrating system from libressl to openssl. Make sure we can always sign the backage if either is there. 2018-11-08 11:43:47 +00:00			`$openssl dgst -sha1 -sign "$privkey" -out "$sig" "$i"`
abuild: add SOURCE_DATE_EPOCH support 2019-06-08 19:42:21 +00:00
			`if [ -n "$SOURCE_DATE_EPOCH" ]; then`
			`touch -h -d "@$SOURCE_DATE_EPOCH" "$sig"`
			`fi`

abuild-sign: refactor 2013-07-05 04:21:15 +00:00			`tmptargz=$(mktemp)`
abuild-sign: Do not record uid and user name in index 2021-07-01 16:31:55 +00:00			`tar --owner=0 --group=0 --numeric-owner -f - -c "$sig" \| abuild-tar --cut \| $gzip -n -9 > "$tmptargz"`
abuild-sign: refactor 2013-07-05 04:21:15 +00:00			`tmpsigned=$(mktemp)`
			`cat "$tmptargz" "$i" > "$tmpsigned"`
			`rm -f "$tmptargz" "$sig"`
abuild-sign: fix a race condition 2013-07-05 04:21:24 +00:00			`chmod 644 "$tmpsigned"`
abuild-sign: refactor 2013-07-05 04:21:15 +00:00			`mv "$tmpsigned" "$i"`
various: s/echo/msg/, s/echo/error/, tweak error messages 2013-07-05 04:21:37 +00:00			`msg "Signed $i"`
abuild-sign: actually catch errors while signing 2019-01-17 10:04:26 +00:00			`set +e`
			`trap - EXIT`
abuild-sign: refactor 2013-07-05 04:21:15 +00:00			`done`
			`}`

abuild-sign: initial commit we can only sign indexes so far 2009-07-22 15:02:38 +00:00			`usage() {`
abuild-sign: send help text to stderr on error 2022-06-15 10:17:46 +00:00			`cat <<-__EOF__`
indent heredocs when possible 2016-08-20 13:16:48 +00:00			`$program $program_version - sign indexes`
			`Usage: $program [-k PRIVKEY] [-p PUBKEY] INDEXFILE...`
			`$program -e`
			`Options:`
			`-e, --installed Check only of there exist a private key for signing`
			`-k, --private KEY The private key to use for signing`
			`-p, --public KEY The name of public key. apk add will look for`
			`/etc/apk/keys/KEY`
			`-q, --quiet`
			`-h, --help Show this help`

			`__EOF__`
abuild-sign: initial commit we can only sign indexes so far 2009-07-22 15:02:38 +00:00			`}`

abuild-sign: add -e/--installed option This is supposed to be used in abuild only to make it possible to exit with error early, before package is built, in case the signing key is missing. 2013-10-25 07:57:35 +00:00			`check_installed=false`
abuild-sign: initial commit we can only sign indexes so far 2009-07-22 15:02:38 +00:00			`privkey="$PACKAGER_PRIVKEY"`
various: use long options, rework usages 2013-07-05 04:21:19 +00:00			`pubkey=`
			`quiet=`
abuild-sign: initial commit we can only sign indexes so far 2009-07-22 15:02:38 +00:00
replace deprecated `...` syntax with $(...) in shell scripts 2016-08-20 14:11:44 +00:00			`args=$(getopt -o ek:p:qh --long installed,private:,public:,quiet,help -n "$program" -- "$@")`
various: use long options, rework usages 2013-07-05 04:21:19 +00:00			`if [ $? -ne 0 ]; then`
abuild-sign: send help text to stderr on error 2022-06-15 10:17:46 +00:00			`usage >&2`
various: use long options, rework usages 2013-07-05 04:21:19 +00:00			`exit 2`
			`fi`
			`eval set -- "$args"`
			`while true; do`
			`case $1 in`
abuild-sign: add -e/--installed option This is supposed to be used in abuild only to make it possible to exit with error early, before package is built, in case the signing key is missing. 2013-10-25 07:57:35 +00:00			`-e\|--installed) check_installed=true;;`
various: use long options, rework usages 2013-07-05 04:21:19 +00:00			`-k\|--private) privkey=$2; shift;;`
			`-p\|--public) pubkey=$2; shift;;`
			`-q\|--quiet) quiet=1;; # suppresses msg`
			`-h\|--help) usage; exit;;`
			`--) shift; break;;`
			`*) exit 1;; # getopt error`
abuild-sign: initial commit we can only sign indexes so far 2009-07-22 15:02:38 +00:00			`esac`
various: use long options, rework usages 2013-07-05 04:21:19 +00:00			`shift`
abuild-sign: initial commit we can only sign indexes so far 2009-07-22 15:02:38 +00:00			`done`
abuild-sign: add -e/--installed option This is supposed to be used in abuild only to make it possible to exit with error early, before package is built, in case the signing key is missing. 2013-10-25 07:57:35 +00:00			`if [ $# -eq 0 ] && ! $check_installed; then`
abuild-sign: send help text to stderr on error 2022-06-15 10:17:46 +00:00			`usage >&2`
various: use long options, rework usages 2013-07-05 04:21:19 +00:00			`exit 2`
			`fi`
abuild-sign: initial commit we can only sign indexes so far 2009-07-22 15:02:38 +00:00
			`if [ -z "$privkey" ]; then`
abuild-sign: indent heredoc 2016-11-23 20:59:12 +00:00			`cat >&2 <<-__EOF__`
			`No private key found. Use 'abuild-keygen' to generate the keys.`
			`Then you can either:`
			`* set the PACKAGER_PRIVKEY in $ABUILD_USERCONF`
			`('abuild-keygen -a' does this for you)`
			`* set the PACKAGER_PRIVKEY in $ABUILD_CONF`
			`* specify the key with the -k option to $program`
abuild-sign: reformat error output 2013-07-05 04:21:21 +00:00
abuild-sign: indent heredoc 2016-11-23 20:59:12 +00:00			`__EOF__`
abuild-sign: initial commit we can only sign indexes so far 2009-07-22 15:02:38 +00:00			`exit 1`
			`fi`

			`if [ -z "$pubkey" ]; then`
			`pubkey=${PACKAGER_PUBKEY:-"${privkey}.pub"}`
			`fi`

abuild-sign: fix --installed to detect missing keys 2022-06-15 10:18:32 +00:00			`if $check_installed; then`
			`if ! [ -e "$privkey" ]; then`
			`echo "$program: $privkey: File not found" >&2`
			`exit 1`
			`fi`
			`if ! [ -e "$pubkey" ]; then`
			`echo "$program: $pubkey: File not found" >&2`
			`exit 1`
			`fi`
			`else`
abuild-sign: add -e/--installed option This is supposed to be used in abuild only to make it possible to exit with error early, before package is built, in case the signing key is missing. 2013-10-25 07:57:35 +00:00			`do_sign "$@"`
			`fi`