Commit 144ee3f1 authored by Dubiousjim's avatar Dubiousjim Committed by Natanael Copa

abuild-sign: refactor

parent 42b0e019
......@@ -18,6 +18,30 @@ die() {
exit 1
}
do_sign() {
# we are actually only interested in the name, not the file itself
keyname=${pubkey##*/}
for f; do
i=$(readlink -f $f)
[ -d "$i" ] && i="$i/APKINDEX.tar.gz"
repo="${i%/*}"
cd "$repo" || die "Failed to sign $i"
sig=".SIGN.RSA.$keyname"
openssl dgst -sha1 -sign "$privkey" -out "$sig" "$i" || die "Failed to sign $i"
tmptargz=$(mktemp)
tar -c "$sig" | abuild-tar --cut | gzip -9 > "$tmptargz"
tmpsigned=$(mktemp)
cat "$tmptargz" "$i" > "$tmpsigned"
rm -f "$tmptargz" "$sig"
mv "$tmpsigned" "$i"
chmod 644 "$i"
if [ -z "$quiet" ]; then
echo "Signed $i"
fi
done
}
usage() {
echo "abuild-sign $abuild_ver"
echo "usage: abuild-sign [-hq] [-k PRIVKEY] [-p PUBKEY] INDEXFILE..."
......@@ -61,26 +85,5 @@ if [ -z "$pubkey" ]; then
pubkey=${PACKAGER_PUBKEY:-"${privkey}.pub"}
fi
# we are actually only interested in the name, not the file itself
keyname=${pubkey##*/}
for f in "$@"; do
i=$(readlink -f $f)
[ -d "$i" ] && i="$i/APKINDEX.tar.gz"
repo="${i%/*}"
cd "$repo" || die "Failed to sign $i"
sig=".SIGN.RSA.$keyname"
openssl dgst -sha1 -sign "$privkey" -out "$sig" "$i" || die "Failed to sign $i"
tmptargz=$(mktemp)
tar -c "$sig" | abuild-tar --cut | gzip -9 > "$tmptargz"
tmpsigned=$(mktemp)
cat "$tmptargz" "$i" > "$tmpsigned"
rm -f "$tmptargz" "$sig"
mv "$tmpsigned" "$i"
chmod 644 "$i"
if [ -z "$quiet" ]; then
echo "Signed $i"
fi
done
do_sign "$@"
exit 0
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment