summaryrefslogblamecommitdiff
path: root/abuild-sign.in
blob: aea651f5d81a084443c2c813500d8f2740adfa6e (plain) (tree) 
571e056 ^
























17c6ce7 ^

571e056 ^

17c6ce7 ^



571e056 ^











17c6ce7 ^

571e056 ^




17c6ce7 ^

571e056 ^








17c6ce7 ^

571e056 ^




















17c6ce7 ^




b35b569 ^

17c6ce7 ^

64baa7c ^

17c6ce7 ^



571e056 ^


17c6ce7 ^

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

25

26

27
28
29

30
31
32
33
34
35
36
37
38
39
40

41

42
43
44
45

46

47
48
49
50
51
52
53
54

55

56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75

76
77
78
79

80

81

82

83
84
85

86
87

88
























                                                              
                                                                             
                       


                                                                                      










                                                 
                              



                            
                      







                                                                             
                                                                   



















                                                                                       



                                                                
                                
                            
                      


                                

    
      
#!/bin/sh

# sign indexes
# Copyright (c) 2009 Natanael Copa <ncopa@alpinelinux.org>
#
# Distributed under GPL-2
#
# Depends on: busybox utilities, fakeroot, 
#

abuild_ver=@VERSION@
sysconfdir=@sysconfdir@

abuild_conf=${ABUILD_CONF:-"$sysconfdir/abuild.conf"}
abuild_home=${ABUILD_USERDIR:-"$HOME/.abuild"}
abuild_userconf=${ABUILD_USERCONF:-"$abuild_home/abuild.conf"}

die() {
	echo "$@" >&2
	exit 1
}

usage() {
	echo "abuild-sign $abuild_ver"
	echo "usage: abuild-sign [-hq] [-k PRIVKEY] [-p PUBKEY] INDEXFILE..."
	echo "options:"
	echo " -h  Show this help"
	echo " -k  The private key to use for signing"
	echo " -p  The name of public key. apk add will look for /etc/apk/keys/PUBKEY"
	exit 1
}

# read config
[ -f "$abuild_conf" ] && . "$abuild_conf"

# read user config if exists
[ -f "$abuild_userconf" ] && . "$abuild_userconf"

privkey="$PACKAGER_PRIVKEY"

while getopts "hk:p:q" opt; do
	case $opt in
	h) usage;;
	k) privkey=$OPTARG;;
	p) pubkey=$OPTARG;;
	q) quiet=yes;;
	esac
done
shift $(( $OPTIND - 1))

if [ -z "$privkey" ]; then
	echo "No private key found. Use 'abuild-keygen' to generate the keys"
	echo "Then you can either:"
	echo " 1. set the PACKAGER_PRIVKEY in $abuild_userconf"
	echo "    (Note that 'abuild-keygen -a' does this for you)"
	echo " 2. set the PACKAGER_PRIVKEY in $abuild_conf"
	echo " 3. specify the key with the -k option"
	echo ""
	exit 1
fi

if [ -z "$pubkey" ]; then
	pubkey=${PACKAGER_PUBKEY:-"${privkey}.pub"}
fi

# we are actually only interested in the name, not the file itself
keyname=${pubkey##*/}

for f in "$@"; do
	i=$(readlink -f $f)
	[ -d "$i" ] && i="$i/APKINDEX.tar.gz"
	repo="${i%/*}"
	cd "$repo" || die "Failed to sign $i"
	sig=".SIGN.RSA.$keyname"
	openssl dgst -sha1 -sign "$privkey" -out "$sig" "$i" || die "Failed to sign $i"
	tmptargz=$(mktemp)
	tar -c "$sig" | abuild-tar --cut | gzip -9 > "$tmptargz"
	tmpsigned=$(mktemp)
	cat "$tmptargz" "$i" > "$tmpsigned"
	rm -f "$tmptargz" "$sig"
	mv "$tmpsigned" "$i"
	chmod 644 "$i"
	if [ -z "$quiet" ]; then
		echo "Signed $i"
	fi
done

exit 0
generated by cgit v1.2.3-60-g2f50 (git 2.42.0) at 2024-06-18 13:47:49 +0000