diff options
author | Max Rees <maxcrees@me.com> | 2019-08-08 14:25:25 -0500 |
---|---|---|
committer | Max Rees <maxcrees@me.com> | 2020-03-07 17:37:23 -0600 |
commit | 9affed74a1fdb95a81cbbe47106a155b27520326 (patch) | |
tree | 7f40715858181150378f45e94c895efda0caada0 /resignapk.in | |
parent | 9f703d3222a6a8d52ac560035fb1a988d2f9bff7 (diff) | |
download | abuild-9affed74a1fdb95a81cbbe47106a155b27520326.tar.gz abuild-9affed74a1fdb95a81cbbe47106a155b27520326.tar.bz2 abuild-9affed74a1fdb95a81cbbe47106a155b27520326.tar.xz abuild-9affed74a1fdb95a81cbbe47106a155b27520326.zip |
resignapk: new script
Diffstat (limited to 'resignapk.in')
-rwxr-xr-x | resignapk.in | 131 |
1 files changed, 131 insertions, 0 deletions
diff --git a/resignapk.in b/resignapk.in new file mode 100755 index 0000000..43491c4 --- /dev/null +++ b/resignapk.in @@ -0,0 +1,131 @@ +#!/bin/sh -e +# SPDX-License-Identifier: GPL-2.0-only +# Copyright (c) 2019 Max Rees +program_version=@VERSION@ +datadir=@datadir@ + +if ! [ -f "$datadir/functions.sh" ]; then + echo "$datadir/functions.sh: not found" >&2 + exit 1 +fi +. "$datadir/functions.sh" + +msg() { + [ -n "$quiet" ] && return 0 + local prompt="$GREEN>>>${NORMAL}" + local fake="${FAKEROOTKEY:+${BLUE}*${NORMAL}}" + local name="${STRONG}${apk_basename}${NORMAL}" + printf "${prompt} ${name}${fake}: %s\n" "$1" >&2 +} + +warning() { + local prompt="${YELLOW}>>> WARNING:${NORMAL}" + local fake="${FAKEROOTKEY:+${BLUE}*${NORMAL}}" + local name="${STRONG}${apk_basename}${NORMAL}" + printf "${prompt} ${name}${fake}: %s\n" "$1" >&2 +} + +error() { + local prompt="${RED}>>> ERROR:${NORMAL}" + local fake="${FAKEROOTKEY:+${BLUE}*${NORMAL}}" + local name="${STRONG}${apk_basename}${NORMAL}" + printf "${prompt} ${name}${fake}: %s\n" "$1" >&2 +} + +usage() { + cat <<-EOF + usage: ${0##*/} [options] APK [APK ...] + + Options: + -i Re-sign APKs in-place + -k KEY The private key to use for signing + -n Update packager name + -p KEY The filename to use for the key (to match /etc/apk/keys) + -q Quiet + -h Show this help and exit + EOF +} + +list_sigs() { + [ -n "$quiet" ] && return 0 + tarball="$1" + # (msg2) >>> + tar -tf "$tarball" | grep '^\.SIGN\.' | sed 's/^/ /' >&2 +} + +privkey="$PACKAGER_PRIVKEY" +pubkey="$PACKAGER_PUBKEY" + +while getopts ik:np:qh opt; do + case "$opt" in + i) inplace=1;; + k) privkey="$OPTARG";; + n) packager=1;; + p) pubkey="$OPTARG";; + q) quiet=1;; + *) usage + [ "$opt" = "h" ] && exit 0 + exit 1;; + esac +done +shift $((OPTIND - 1)) + +if [ -z "$*" ]; then + usage + exit 1 +fi + +if [ -z "$privkey" ]; then + abuild-sign --installed +fi + +pubkey="${pubkey:-"${privkey}.pub"}" +sig_new=".SIGN.RSA.${pubkey##*/}" + +if [ -z "$FAKEROOTKEY" ]; then + warning 'Without fakeroot, your username/group will be leaked' +fi + +startpwd="$PWD" +cleanup() { + cd "$startpwd" + rm -rf "$tmpdir" +} +trap cleanup INT EXIT + +for apk in "$@"; do + case "$apk" in + /*) ;; + *) apk="$PWD/$apk";; + esac + apk_basename="${apk##*/}" + + msg 'Splitting .apk...' + tmpdir="$(mktemp -d resignapk.XXXXXX)" + cd "$tmpdir" + abuild-gzsplit < "$apk" + + if [ -n "$packager" ]; then + msg 'Updating control.tar.gz' + tar -xf control.tar.gz + ctrl_files="$(tar -tf control.tar.gz)" + sed -i -e "s#^packager = .*#packager = ${PACKAGER:-"Unknown"}#" \ + .PKGINFO + tar --format pax -f - -c $ctrl_files \ + | abuild-tar --cut \ + | gzip -9 > control.tar.gz + fi + + abuild-sign -k "$privkey" -p "$pubkey" -q control.tar.gz + + msg 'Old signatures:' + list_sigs signatures.tar.gz + msg 'New signatures:' + list_sigs control.tar.gz + + [ -n "$inplace" ] && msg 'Updating apk' || msg 'Creating apk.new' + [ -n "$inplace" ] || apk="$apk.new" + + cat control.tar.gz data.tar.gz > "$apk" + cleanup +done |