summaryrefslogblamecommitdiff
path: root/abuild-sign.in
blob: b5250aff9e8cf8a81f56fea7c34accd0d41a0b4b (plain) (tree) 
571e056 ^


811a215 ^

571e056 ^




571e056 ^


db1314a ^

571e056 ^

db1314a ^


571e056 ^

db1314a ^


571e056 ^

144ee3f ^
























571e056 ^

ef9fb52 ^










571e056 ^


571e056 ^

ef9fb52 ^


571e056 ^

ef9fb52 ^














571e056 ^

ef9fb52 ^

571e056 ^

ef9fb52 ^




571e056 ^





17c6ce7 ^

571e056 ^










144ee3f ^

17c6ce7 ^

1
2

3

4
5
6
7

8
9

10

11

12
13

14

15
16

17

18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41

42

43
44
45
46
47
48
49
50
51
52

53
54

55

56
57

58

59
60
61
62
63
64
65
66
67
68
69
70
71
72

73

74

75

76
77
78
79

80
81
82
83
84

85

86
87
88
89
90
91
92
93
94
95

96

97


         
                            



                                                          

                    
                 
 

                                                   
              

                         
 























                                                                                               
         









                                                                                    

 
                           

       
 













                                                                             
            
             
    



                     




                                                                             
                                                                   









                                                           
            
      
#!/bin/sh

# abuild-sign - sign indexes
# Copyright (c) 2009 Natanael Copa <ncopa@alpinelinux.org>
#
# Distributed under GPL-2
#

abuild_ver=@VERSION@
datadir=@datadir@

if ! [ -f "$datadir/functions.sh" ]; then
	echo "$datadir/functions.sh: not found" >&2
	exit 1
fi
. "$datadir/functions.sh"

do_sign() {
	# we are actually only interested in the name, not the file itself
	keyname=${pubkey##*/}

	for f; do
		i=$(readlink -f $f)
		[ -d "$i" ] && i="$i/APKINDEX.tar.gz"
		repo="${i%/*}"
		cd "$repo" || die "Failed to sign $i"
		sig=".SIGN.RSA.$keyname"
		openssl dgst -sha1 -sign "$privkey" -out "$sig" "$i" || die "Failed to sign $i"
		tmptargz=$(mktemp)
		tar -c "$sig" | abuild-tar --cut | gzip -9 > "$tmptargz"
		tmpsigned=$(mktemp)
		cat "$tmptargz" "$i" > "$tmpsigned"
		rm -f "$tmptargz" "$sig"
		mv "$tmpsigned" "$i"
		chmod 644 "$i"
		if [ -z "$quiet" ]; then
			echo "Signed $i"
		fi
	done
}

usage() {
	cat >&2 <<__EOF__
$prog $abuild_ver - sign indexes
Usage: $prog [-k PRIVKEY] [-p PUBKEY] INDEXFILE...
Options:
  -k, --private KEY  The private key to use for signing
  -p, --public KEY   The name of public key. apk add will look for /etc/apk/keys/KEY
  -q, --quiet
  -h, --help         Show this help

__EOF__
}

privkey="$PACKAGER_PRIVKEY"
pubkey=
quiet=

args=`getopt -o k:p:qh --long private:,public:,quiet,help -n "$prog" -- "$@"`
if [ $? -ne 0 ]; then
	usage
	exit 2
fi
eval set -- "$args"
while true; do
	case $1 in
		-k|--private) privkey=$2; shift;;
		-p|--public) pubkey=$2; shift;;
		-q|--quiet) quiet=1;; # suppresses msg
		-h|--help) usage; exit;;
		--) shift; break;;
		*) exit 1;; # getopt error
	esac
	shift
done
if [ $# -eq 0 ]; then
	usage
	exit 2
fi

if [ -z "$privkey" ]; then
	echo "No private key found. Use 'abuild-keygen' to generate the keys"
	echo "Then you can either:"
	echo " 1. set the PACKAGER_PRIVKEY in $abuild_userconf"
	echo "    (Note that 'abuild-keygen -a' does this for you)"
	echo " 2. set the PACKAGER_PRIVKEY in $abuild_conf"
	echo " 3. specify the key with the -k option"
	echo ""
	exit 1
fi

if [ -z "$pubkey" ]; then
	pubkey=${PACKAGER_PUBKEY:-"${privkey}.pub"}
fi

do_sign "$@"
exit 0
generated by cgit v1.2.3-60-g2f50 (git 2.42.0) at 2024-06-18 13:44:48 +0000