abuild-sign.in 2.07 KB
Newer Older
Natanael Copa's avatar
Natanael Copa committed
1 2
#!/bin/sh

3
# abuild-sign - sign indexes
Natanael Copa's avatar
Natanael Copa committed
4 5 6 7 8 9
# Copyright (c) 2009 Natanael Copa <ncopa@alpinelinux.org>
#
# Distributed under GPL-2
#

abuild_ver=@VERSION@
10
datadir=@datadir@
Natanael Copa's avatar
Natanael Copa committed
11

12 13
if ! [ -f "$datadir/functions.sh" ]; then
	echo "$datadir/functions.sh: not found" >&2
Natanael Copa's avatar
Natanael Copa committed
14
	exit 1
15 16
fi
. "$datadir/functions.sh"
Natanael Copa's avatar
Natanael Copa committed
17

Dubiousjim's avatar
Dubiousjim committed
18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41
do_sign() {
	# we are actually only interested in the name, not the file itself
	keyname=${pubkey##*/}

	for f; do
		i=$(readlink -f $f)
		[ -d "$i" ] && i="$i/APKINDEX.tar.gz"
		repo="${i%/*}"
		cd "$repo" || die "Failed to sign $i"
		sig=".SIGN.RSA.$keyname"
		openssl dgst -sha1 -sign "$privkey" -out "$sig" "$i" || die "Failed to sign $i"
		tmptargz=$(mktemp)
		tar -c "$sig" | abuild-tar --cut | gzip -9 > "$tmptargz"
		tmpsigned=$(mktemp)
		cat "$tmptargz" "$i" > "$tmpsigned"
		rm -f "$tmptargz" "$sig"
		mv "$tmpsigned" "$i"
		chmod 644 "$i"
		if [ -z "$quiet" ]; then
			echo "Signed $i"
		fi
	done
}

Natanael Copa's avatar
Natanael Copa committed
42
usage() {
43 44 45 46 47 48 49 50 51 52
	cat >&2 <<__EOF__
$prog $abuild_ver - sign indexes
Usage: $prog [-k PRIVKEY] [-p PUBKEY] INDEXFILE...
Options:
  -k, --private KEY  The private key to use for signing
  -p, --public KEY   The name of public key. apk add will look for /etc/apk/keys/KEY
  -q, --quiet
  -h, --help         Show this help

__EOF__
Natanael Copa's avatar
Natanael Copa committed
53 54 55
}

privkey="$PACKAGER_PRIVKEY"
56 57
pubkey=
quiet=
Natanael Copa's avatar
Natanael Copa committed
58

59 60 61 62 63 64 65 66 67 68 69 70 71 72
args=`getopt -o k:p:qh --long private:,public:,quiet,help -n "$prog" -- "$@"`
if [ $? -ne 0 ]; then
	usage
	exit 2
fi
eval set -- "$args"
while true; do
	case $1 in
		-k|--private) privkey=$2; shift;;
		-p|--public) pubkey=$2; shift;;
		-q|--quiet) quiet=1;; # suppresses msg
		-h|--help) usage; exit;;
		--) shift; break;;
		*) exit 1;; # getopt error
Natanael Copa's avatar
Natanael Copa committed
73
	esac
74
	shift
Natanael Copa's avatar
Natanael Copa committed
75
done
76 77 78 79
if [ $# -eq 0 ]; then
	usage
	exit 2
fi
Natanael Copa's avatar
Natanael Copa committed
80 81

if [ -z "$privkey" ]; then
82 83 84 85 86 87 88 89 90
	cat >&2 << __EOF__
No private key found. Use 'abuild-keygen' to generate the keys.
Then you can either:
  * set the PACKAGER_PRIVKEY in $abuild_userconf
    ('abuild-keygen -a' does this for you)
  * set the PACKAGER_PRIVKEY in $abuild_conf
  * specify the key with the -k option to $prog

__EOF__
Natanael Copa's avatar
Natanael Copa committed
91 92 93 94 95 96 97
	exit 1
fi

if [ -z "$pubkey" ]; then
	pubkey=${PACKAGER_PUBKEY:-"${privkey}.pub"}
fi

Dubiousjim's avatar
Dubiousjim committed
98
do_sign "$@"
99
exit 0