summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--abuild-sign.in80
1 files changed, 80 insertions, 0 deletions
diff --git a/abuild-sign.in b/abuild-sign.in
new file mode 100644
index 0000000..5067a74
--- /dev/null
+++ b/abuild-sign.in
@@ -0,0 +1,80 @@
+#!/bin/sh
+
+# sign indexes
+# Copyright (c) 2009 Natanael Copa <ncopa@alpinelinux.org>
+#
+# Distributed under GPL-2
+#
+# Depends on: busybox utilities, fakeroot,
+#
+
+abuild_ver=@VERSION@
+sysconfdir=@sysconfdir@
+
+abuild_conf=${ABUILD_CONF:-"$sysconfdir/abuild.conf"}
+abuild_home=${ABUILD_USERDIR:-"$HOME/.abuild"}
+abuild_userconf=${ABUILD_USERCONF:-"$abuild_home/abuild.conf"}
+
+die() {
+ echo "$@" >&2
+ exit 1
+}
+
+usage() {
+ echo "abuild-sign $abuild_ver"
+ echo "usage: abuild-sign [-h] [-k PRIVKEY] [-p PUBKEY] INDEXFILE..."
+ echo "options:"
+ echo " -h Show this help"
+ echo " -k The private key to use for signing"
+ echo " -p The name of public key. apk add will look for /etc/apk/keys/PUBKEY"
+ exit 1
+}
+
+# read config
+[ -f "$abuild_conf" ] && . "$abuild_conf"
+
+# read user config if exists
+[ -f "$abuild_userconf" ] && . "$abuild_userconf"
+
+privkey="$PACKAGER_PRIVKEY"
+
+while getopts "hk:p:" opt; do
+ case $opt in
+ h) usage;;
+ k) privkey=$OPTARG;;
+ p) pubkey=$OPTARG;;
+ esac
+done
+shift $(( $OPTIND - 1))
+
+if [ -z "$privkey" ]; then
+ echo "No private key found. Use 'abuild-keygen' to generate the keys"
+ echo "Then you can either:"
+ echo " 1. set the PACKAGER_PRIVKEY in $abuild_userconf"
+ echo " 2. set the PACKAGER_PRIVKEY in $abuild_conf"
+ echo " 3. specify the key with the -k option"
+ echo ""
+ exit 1
+fi
+
+if [ -z "$pubkey" ]; then
+ pubkey=${PACKAGER_PUBKEY:-"${privkey}.pub"}
+fi
+
+# we are actually only interested in the name, not the file itself
+keyname=${pubkey##*/}
+
+for f in "$@"; do
+ i=$(readlink -f $f)
+ [ -d "$i" ] && i="$i/APKINDEX.tar.gz"
+ repo="${i%/*}"
+ cd "$repo" || die "Failed to sign $i"
+ sig=".SIGN.RSA.$keyname"
+ openssl dgst -sha1 -sign "$privkey" -out "$sig" "$i" || die "Failed to sign $i"
+ cd "$repo"
+ tar -c "$sig" | abuild-tar --cut | gzip -9 > signature.tar.gz
+ cat signature.tar.gz "$i" > "$i.new"
+ mv "$i.new" "$i"
+ echo "Signed $i"
+done
+