abuild-sign.in 2.01 KB
Newer Older
Natanael Copa's avatar
Natanael Copa committed
1 2
#!/bin/sh

3
# abuild-sign - sign indexes
Natanael Copa's avatar
Natanael Copa committed
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
# Copyright (c) 2009 Natanael Copa <ncopa@alpinelinux.org>
#
# Distributed under GPL-2
#

abuild_ver=@VERSION@
sysconfdir=@sysconfdir@

abuild_conf=${ABUILD_CONF:-"$sysconfdir/abuild.conf"}
abuild_home=${ABUILD_USERDIR:-"$HOME/.abuild"}
abuild_userconf=${ABUILD_USERCONF:-"$abuild_home/abuild.conf"}

die() {
	echo "$@" >&2
	exit 1
}

Dubiousjim's avatar
Dubiousjim committed
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44
do_sign() {
	# we are actually only interested in the name, not the file itself
	keyname=${pubkey##*/}

	for f; do
		i=$(readlink -f $f)
		[ -d "$i" ] && i="$i/APKINDEX.tar.gz"
		repo="${i%/*}"
		cd "$repo" || die "Failed to sign $i"
		sig=".SIGN.RSA.$keyname"
		openssl dgst -sha1 -sign "$privkey" -out "$sig" "$i" || die "Failed to sign $i"
		tmptargz=$(mktemp)
		tar -c "$sig" | abuild-tar --cut | gzip -9 > "$tmptargz"
		tmpsigned=$(mktemp)
		cat "$tmptargz" "$i" > "$tmpsigned"
		rm -f "$tmptargz" "$sig"
		mv "$tmpsigned" "$i"
		chmod 644 "$i"
		if [ -z "$quiet" ]; then
			echo "Signed $i"
		fi
	done
}

Natanael Copa's avatar
Natanael Copa committed
45 46
usage() {
	echo "abuild-sign $abuild_ver"
47
	echo "usage: abuild-sign [-hq] [-k PRIVKEY] [-p PUBKEY] INDEXFILE..."
Natanael Copa's avatar
Natanael Copa committed
48
	echo "options:"
49 50 51
	echo " -h  Show this help"
	echo " -k  The private key to use for signing"
	echo " -p  The name of public key. apk add will look for /etc/apk/keys/PUBKEY"
Natanael Copa's avatar
Natanael Copa committed
52 53 54 55 56 57 58 59 60 61 62
	exit 1
}

# read config
[ -f "$abuild_conf" ] && . "$abuild_conf"

# read user config if exists
[ -f "$abuild_userconf" ] && . "$abuild_userconf"

privkey="$PACKAGER_PRIVKEY"

63
while getopts "hk:p:q" opt; do
Natanael Copa's avatar
Natanael Copa committed
64 65 66 67
	case $opt in
	h) usage;;
	k) privkey=$OPTARG;;
	p) pubkey=$OPTARG;;
68
	q) quiet=yes;;
Natanael Copa's avatar
Natanael Copa committed
69 70 71 72 73 74 75 76
	esac
done
shift $(( $OPTIND - 1))

if [ -z "$privkey" ]; then
	echo "No private key found. Use 'abuild-keygen' to generate the keys"
	echo "Then you can either:"
	echo " 1. set the PACKAGER_PRIVKEY in $abuild_userconf"
77
	echo "    (Note that 'abuild-keygen -a' does this for you)"
Natanael Copa's avatar
Natanael Copa committed
78 79 80 81 82 83 84 85 86 87
	echo " 2. set the PACKAGER_PRIVKEY in $abuild_conf"
	echo " 3. specify the key with the -k option"
	echo ""
	exit 1
fi

if [ -z "$pubkey" ]; then
	pubkey=${PACKAGER_PUBKEY:-"${privkey}.pub"}
fi

Dubiousjim's avatar
Dubiousjim committed
88
do_sign "$@"
89
exit 0