Commit 17c6ce7a authored by Natanael Copa's avatar Natanael Copa

abuild-sign: use mktemp for temp files. add -q option for quiet

parent c6bb16a9
...@@ -22,11 +22,11 @@ die() { ...@@ -22,11 +22,11 @@ die() {
usage() { usage() {
echo "abuild-sign $abuild_ver" echo "abuild-sign $abuild_ver"
echo "usage: abuild-sign [-h] [-k PRIVKEY] [-p PUBKEY] INDEXFILE..." echo "usage: abuild-sign [-hq] [-k PRIVKEY] [-p PUBKEY] INDEXFILE..."
echo "options:" echo "options:"
echo " -h Show this help" echo " -h Show this help"
echo " -k The private key to use for signing" echo " -k The private key to use for signing"
echo " -p The name of public key. apk add will look for /etc/apk/keys/PUBKEY" echo " -p The name of public key. apk add will look for /etc/apk/keys/PUBKEY"
exit 1 exit 1
} }
...@@ -38,11 +38,12 @@ usage() { ...@@ -38,11 +38,12 @@ usage() {
privkey="$PACKAGER_PRIVKEY" privkey="$PACKAGER_PRIVKEY"
while getopts "hk:p:" opt; do while getopts "hk:p:q" opt; do
case $opt in case $opt in
h) usage;; h) usage;;
k) privkey=$OPTARG;; k) privkey=$OPTARG;;
p) pubkey=$OPTARG;; p) pubkey=$OPTARG;;
q) quiet=yes;;
esac esac
done done
shift $(( $OPTIND - 1)) shift $(( $OPTIND - 1))
...@@ -51,6 +52,7 @@ if [ -z "$privkey" ]; then ...@@ -51,6 +52,7 @@ if [ -z "$privkey" ]; then
echo "No private key found. Use 'abuild-keygen' to generate the keys" echo "No private key found. Use 'abuild-keygen' to generate the keys"
echo "Then you can either:" echo "Then you can either:"
echo " 1. set the PACKAGER_PRIVKEY in $abuild_userconf" echo " 1. set the PACKAGER_PRIVKEY in $abuild_userconf"
echo " (Note that 'abuild-keygen -a' does this for you)"
echo " 2. set the PACKAGER_PRIVKEY in $abuild_conf" echo " 2. set the PACKAGER_PRIVKEY in $abuild_conf"
echo " 3. specify the key with the -k option" echo " 3. specify the key with the -k option"
echo "" echo ""
...@@ -72,9 +74,15 @@ for f in "$@"; do ...@@ -72,9 +74,15 @@ for f in "$@"; do
sig=".SIGN.RSA.$keyname" sig=".SIGN.RSA.$keyname"
openssl dgst -sha1 -sign "$privkey" -out "$sig" "$i" || die "Failed to sign $i" openssl dgst -sha1 -sign "$privkey" -out "$sig" "$i" || die "Failed to sign $i"
cd "$repo" cd "$repo"
tar -c "$sig" | abuild-tar --cut | gzip -9 > signature.tar.gz tmptargz=$(mktemp)
cat signature.tar.gz "$i" > "$i.new" tar -c "$sig" | abuild-tar --cut | gzip -9 > "$tmptargz"
mv "$i.new" "$i" tmpsigned=$(mktemp)
echo "Signed $i" cat "$tmptargz" "$i" > "$tmpsigned"
rm -f "$tmptargz"
mv "$tmpsigned" "$i"
if [ -z "$quiet" ]; then
echo "Signed $i"
fi
done done
exit 0
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment