abuild-sign.in 1.8 KB
Newer Older
Natanael Copa's avatar
Natanael Copa committed
1 2
#!/bin/sh

3
# abuild-sign - sign indexes
Natanael Copa's avatar
Natanael Copa committed
4 5 6 7 8 9
# Copyright (c) 2009 Natanael Copa <ncopa@alpinelinux.org>
#
# Distributed under GPL-2
#

abuild_ver=@VERSION@
10
datadir=@datadir@
Natanael Copa's avatar
Natanael Copa committed
11

12 13
if ! [ -f "$datadir/functions.sh" ]; then
	echo "$datadir/functions.sh: not found" >&2
Natanael Copa's avatar
Natanael Copa committed
14
	exit 1
15 16
fi
. "$datadir/functions.sh"
Natanael Copa's avatar
Natanael Copa committed
17

Dubiousjim's avatar
Dubiousjim committed
18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41
do_sign() {
	# we are actually only interested in the name, not the file itself
	keyname=${pubkey##*/}

	for f; do
		i=$(readlink -f $f)
		[ -d "$i" ] && i="$i/APKINDEX.tar.gz"
		repo="${i%/*}"
		cd "$repo" || die "Failed to sign $i"
		sig=".SIGN.RSA.$keyname"
		openssl dgst -sha1 -sign "$privkey" -out "$sig" "$i" || die "Failed to sign $i"
		tmptargz=$(mktemp)
		tar -c "$sig" | abuild-tar --cut | gzip -9 > "$tmptargz"
		tmpsigned=$(mktemp)
		cat "$tmptargz" "$i" > "$tmpsigned"
		rm -f "$tmptargz" "$sig"
		mv "$tmpsigned" "$i"
		chmod 644 "$i"
		if [ -z "$quiet" ]; then
			echo "Signed $i"
		fi
	done
}

Natanael Copa's avatar
Natanael Copa committed
42 43
usage() {
	echo "abuild-sign $abuild_ver"
44
	echo "usage: abuild-sign [-hq] [-k PRIVKEY] [-p PUBKEY] INDEXFILE..."
Natanael Copa's avatar
Natanael Copa committed
45
	echo "options:"
46 47 48
	echo " -h  Show this help"
	echo " -k  The private key to use for signing"
	echo " -p  The name of public key. apk add will look for /etc/apk/keys/PUBKEY"
Natanael Copa's avatar
Natanael Copa committed
49 50 51 52 53
	exit 1
}

privkey="$PACKAGER_PRIVKEY"

54
while getopts "hk:p:q" opt; do
Natanael Copa's avatar
Natanael Copa committed
55 56 57 58
	case $opt in
	h) usage;;
	k) privkey=$OPTARG;;
	p) pubkey=$OPTARG;;
59
	q) quiet=yes;;
Natanael Copa's avatar
Natanael Copa committed
60 61 62 63 64 65 66 67
	esac
done
shift $(( $OPTIND - 1))

if [ -z "$privkey" ]; then
	echo "No private key found. Use 'abuild-keygen' to generate the keys"
	echo "Then you can either:"
	echo " 1. set the PACKAGER_PRIVKEY in $abuild_userconf"
68
	echo "    (Note that 'abuild-keygen -a' does this for you)"
Natanael Copa's avatar
Natanael Copa committed
69 70 71 72 73 74 75 76 77 78
	echo " 2. set the PACKAGER_PRIVKEY in $abuild_conf"
	echo " 3. specify the key with the -k option"
	echo ""
	exit 1
fi

if [ -z "$pubkey" ]; then
	pubkey=${PACKAGER_PUBKEY:-"${privkey}.pub"}
fi

Dubiousjim's avatar
Dubiousjim committed
79
do_sign "$@"
80
exit 0