RepoMirrors/abuild
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/abuild.git synced 2024-12-27 17:32:11 +00:00
Code Issues Projects Releases Wiki Activity
90899669c2
abuild/abuild-sign.in
Natanael Copa b53d4ad7de abuild-sign: add -e/--installed option 
This is supposed to be used in abuild only to make it possible to exit
with error early, before package is built, in case the signing key is
missing.
2013-10-25 07:57:35 +00:00

109 lines
2.3 KiB
Bash
Raw Blame History

#!/bin/sh
# abuild-sign - sign indexes
# Copyright (c) 2009 Natanael Copa <ncopa@alpinelinux.org>
#
# Distributed under GPL-2
#
program_version=@VERSION@
datadir=@datadir@
if ! [ -f "$datadir/functions.sh" ]; then
echo "$datadir/functions.sh: not found" >&2
exit 1
fi
. "$datadir/functions.sh"
do_sign() {
local f i keyname repo
# we are actually only interested in the name, not the file itself
keyname=${pubkey##*/}
for f; do
i=$(readlink -f $f)
[ -d "$i" ] && i="$i/APKINDEX.tar.gz"
repo="${i%/*}"
(
set -e
cd "$repo"
sig=".SIGN.RSA.$keyname"
openssl dgst -sha1 -sign "$privkey" -out "$sig" "$i"
tmptargz=$(mktemp)
tar -c "$sig" | abuild-tar --cut | gzip -9 > "$tmptargz"
tmpsigned=$(mktemp)
cat "$tmptargz" "$i" > "$tmpsigned"
rm -f "$tmptargz" "$sig"
chmod 644 "$tmpsigned"
mv "$tmpsigned" "$i"
msg "Signed $i"
) || die "failed to sign $i"
done
}
usage() {
cat >&2 <<__EOF__
$program $program_version - sign indexes
Usage: $program [-k PRIVKEY] [-p PUBKEY] INDEXFILE...
$program -e
Options:
-e, --installed Check only of there exist a private key for signing
-k, --private KEY The private key to use for signing
-p, --public KEY The name of public key. apk add will look for
/etc/apk/keys/KEY
-q, --quiet
-h, --help Show this help
__EOF__
}
check_installed=false
privkey="$PACKAGER_PRIVKEY"
pubkey=
quiet=
args=`getopt -o ek:p:qh --long installed,private:,public:,quiet,help -n "$program" -- "$@"`
if [ $? -ne 0 ]; then
usage
exit 2
fi
eval set -- "$args"
while true; do
case $1 in
-e|--installed) check_installed=true;;
-k|--private) privkey=$2; shift;;
-p|--public) pubkey=$2; shift;;
-q|--quiet) quiet=1;; # suppresses msg
-h|--help) usage; exit;;
--) shift; break;;
*) exit 1;; # getopt error
esac
shift
done
if [ $# -eq 0 ] && ! $check_installed; then
usage
exit 2
fi
if [ -z "$privkey" ]; then
cat >&2 << __EOF__
No private key found. Use 'abuild-keygen' to generate the keys.
Then you can either:
* set the PACKAGER_PRIVKEY in $ABUILD_USERCONF
('abuild-keygen -a' does this for you)
* set the PACKAGER_PRIVKEY in $ABUILD_CONF
* specify the key with the -k option to $program
__EOF__
exit 1
fi
if [ -z "$pubkey" ]; then
pubkey=${PACKAGER_PUBKEY:-"${privkey}.pub"}
fi
if ! $check_installed; then
do_sign "$@"
fi
Reference in New Issue View Git Blame Copy Permalink