abuild-sign: initial commit

we can only sign indexes so far

abuild-sign.in

@@ -0,0 +1,80 @@
+#!/bin/sh
+
+# sign indexes
+# Copyright (c) 2009 Natanael Copa <ncopa@alpinelinux.org>
+#
+# Distributed under GPL-2
+#
+# Depends on: busybox utilities, fakeroot, 
+#
+
+abuild_ver=@VERSION@
+sysconfdir=@sysconfdir@
+
+abuild_conf=${ABUILD_CONF:-"$sysconfdir/abuild.conf"}
+abuild_home=${ABUILD_USERDIR:-"$HOME/.abuild"}
+abuild_userconf=${ABUILD_USERCONF:-"$abuild_home/abuild.conf"}
+
+die() {
+	echo "$@" >&2
+	exit 1
+}
+
+usage() {
+	echo "abuild-sign $abuild_ver"
+	echo "usage: abuild-sign [-h] [-k PRIVKEY] [-p PUBKEY] INDEXFILE..."
+	echo "options:"
+	echo " -h Show this help"
+	echo " -k The private key to use for signing"
+	echo " -p The name of public key. apk add will look for /etc/apk/keys/PUBKEY"
+	exit 1
+}
+
+# read config
+[ -f "$abuild_conf" ] && . "$abuild_conf"
+
+# read user config if exists
+[ -f "$abuild_userconf" ] && . "$abuild_userconf"
+
+privkey="$PACKAGER_PRIVKEY"
+
+while getopts "hk:p:" opt; do
+	case $opt in
+	h) usage;;
+	k) privkey=$OPTARG;;
+	p) pubkey=$OPTARG;;
+	esac
+done
+shift $(( $OPTIND - 1))
+
+if [ -z "$privkey" ]; then
+	echo "No private key found. Use 'abuild-keygen' to generate the keys"
+	echo "Then you can either:"
+	echo " 1. set the PACKAGER_PRIVKEY in $abuild_userconf"
+	echo " 2. set the PACKAGER_PRIVKEY in $abuild_conf"
+	echo " 3. specify the key with the -k option"
+	echo ""
+	exit 1
+fi
+
+if [ -z "$pubkey" ]; then
+	pubkey=${PACKAGER_PUBKEY:-"${privkey}.pub"}
+fi
+
+# we are actually only interested in the name, not the file itself
+keyname=${pubkey##*/}
+
+for f in "$@"; do
+	i=$(readlink -f $f)
+	[ -d "$i" ] && i="$i/APKINDEX.tar.gz"
+	repo="${i%/*}"
+	cd "$repo" || die "Failed to sign $i"
+	sig=".SIGN.RSA.$keyname"
+	openssl dgst -sha1 -sign "$privkey" -out "$sig" "$i" || die "Failed to sign $i"
+	cd "$repo"
+	tar -c "$sig" | abuild-tar --cut | gzip -9 > signature.tar.gz
+	cat signature.tar.gz "$i" > "$i.new"
+	mv "$i.new" "$i"
+	echo "Signed $i"
+done
+