diff options
| -rw-r--r-- | abuild-sign.in | 47 |
1 files changed, 25 insertions, 22 deletions
diff --git a/abuild-sign.in b/abuild-sign.in index 3ff32e0..73aabc7 100644 --- a/abuild-sign.in +++ b/abuild-sign.in @@ -18,6 +18,30 @@ die() { exit 1 } +do_sign() { + # we are actually only interested in the name, not the file itself + keyname=${pubkey##*/} + + for f; do + i=$(readlink -f $f) + [ -d "$i" ] && i="$i/APKINDEX.tar.gz" + repo="${i%/*}" + cd "$repo" || die "Failed to sign $i" + sig=".SIGN.RSA.$keyname" + openssl dgst -sha1 -sign "$privkey" -out "$sig" "$i" || die "Failed to sign $i" + tmptargz=$(mktemp) + tar -c "$sig" | abuild-tar --cut | gzip -9 > "$tmptargz" + tmpsigned=$(mktemp) + cat "$tmptargz" "$i" > "$tmpsigned" + rm -f "$tmptargz" "$sig" + mv "$tmpsigned" "$i" + chmod 644 "$i" + if [ -z "$quiet" ]; then + echo "Signed $i" + fi + done +} + usage() { echo "abuild-sign $abuild_ver" echo "usage: abuild-sign [-hq] [-k PRIVKEY] [-p PUBKEY] INDEXFILE..." @@ -61,26 +85,5 @@ if [ -z "$pubkey" ]; then pubkey=${PACKAGER_PUBKEY:-"${privkey}.pub"} fi -# we are actually only interested in the name, not the file itself -keyname=${pubkey##*/} - -for f in "$@"; do - i=$(readlink -f $f) - [ -d "$i" ] && i="$i/APKINDEX.tar.gz" - repo="${i%/*}" - cd "$repo" || die "Failed to sign $i" - sig=".SIGN.RSA.$keyname" - openssl dgst -sha1 -sign "$privkey" -out "$sig" "$i" || die "Failed to sign $i" - tmptargz=$(mktemp) - tar -c "$sig" | abuild-tar --cut | gzip -9 > "$tmptargz" - tmpsigned=$(mktemp) - cat "$tmptargz" "$i" > "$tmpsigned" - rm -f "$tmptargz" "$sig" - mv "$tmpsigned" "$i" - chmod 644 "$i" - if [ -z "$quiet" ]; then - echo "Signed $i" - fi -done - +do_sign "$@" exit 0 |