From 571e0567110dcc5737898a6ff5721ae6c10bfbb4 Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Wed, 22 Jul 2009 15:02:38 +0000
Subject: abuild-sign: initial commit

we can only sign indexes so far
---
 abuild-sign.in | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 80 insertions(+)
 create mode 100644 abuild-sign.in

(limited to 'abuild-sign.in')

diff --git a/abuild-sign.in b/abuild-sign.in
new file mode 100644
index 0000000..5067a74
--- /dev/null
+++ b/abuild-sign.in
@@ -0,0 +1,80 @@
+#!/bin/sh
+
+# sign indexes
+# Copyright (c) 2009 Natanael Copa <ncopa@alpinelinux.org>
+#
+# Distributed under GPL-2
+#
+# Depends on: busybox utilities, fakeroot, 
+#
+
+abuild_ver=@VERSION@
+sysconfdir=@sysconfdir@
+
+abuild_conf=${ABUILD_CONF:-"$sysconfdir/abuild.conf"}
+abuild_home=${ABUILD_USERDIR:-"$HOME/.abuild"}
+abuild_userconf=${ABUILD_USERCONF:-"$abuild_home/abuild.conf"}
+
+die() {
+	echo "$@" >&2
+	exit 1
+}
+
+usage() {
+	echo "abuild-sign $abuild_ver"
+	echo "usage: abuild-sign [-h] [-k PRIVKEY] [-p PUBKEY] INDEXFILE..."
+	echo "options:"
+	echo " -h Show this help"
+	echo " -k The private key to use for signing"
+	echo " -p The name of public key. apk add will look for /etc/apk/keys/PUBKEY"
+	exit 1
+}
+
+# read config
+[ -f "$abuild_conf" ] && . "$abuild_conf"
+
+# read user config if exists
+[ -f "$abuild_userconf" ] && . "$abuild_userconf"
+
+privkey="$PACKAGER_PRIVKEY"
+
+while getopts "hk:p:" opt; do
+	case $opt in
+	h) usage;;
+	k) privkey=$OPTARG;;
+	p) pubkey=$OPTARG;;
+	esac
+done
+shift $(( $OPTIND - 1))
+
+if [ -z "$privkey" ]; then
+	echo "No private key found. Use 'abuild-keygen' to generate the keys"
+	echo "Then you can either:"
+	echo " 1. set the PACKAGER_PRIVKEY in $abuild_userconf"
+	echo " 2. set the PACKAGER_PRIVKEY in $abuild_conf"
+	echo " 3. specify the key with the -k option"
+	echo ""
+	exit 1
+fi
+
+if [ -z "$pubkey" ]; then
+	pubkey=${PACKAGER_PUBKEY:-"${privkey}.pub"}
+fi
+
+# we are actually only interested in the name, not the file itself
+keyname=${pubkey##*/}
+
+for f in "$@"; do
+	i=$(readlink -f $f)
+	[ -d "$i" ] && i="$i/APKINDEX.tar.gz"
+	repo="${i%/*}"
+	cd "$repo" || die "Failed to sign $i"
+	sig=".SIGN.RSA.$keyname"
+	openssl dgst -sha1 -sign "$privkey" -out "$sig" "$i" || die "Failed to sign $i"
+	cd "$repo"
+	tar -c "$sig" | abuild-tar --cut | gzip -9 > signature.tar.gz
+	cat signature.tar.gz "$i" > "$i.new"
+	mv "$i.new" "$i"
+	echo "Signed $i"
+done
+
-- 
cgit v1.2.3