gluon/contrib/sign.sh

#!/bin/sh

set -e

if [ $# -eq 0 -o $# -gt 2 -o "-h" = "$1" -o "--help" = "$1" -o ! -r "$1" -o \( $# -eq 2 -a ! -r "$2" \) ]; then
	cat <<EOHELP
Usage: $0 [<secret>] <manifest>

sign.sh adds lines to a manifest to indicate the approval
of the integrity of the firmware as required for automated
updates. The first optional argument <secret> references a
file harboring the private key of a public-private key pair
of a developer that referenced by its public key in the site
configuration. If this parameter is missing, you will be
asked to type in secret key. The script may be performed
multiple times to the same document to indicate an approval
by multiple developers.

See also
 * edcsautils on https://github.com/tcatm/ecdsautils

EOHELP
	exit 1
fi

if [ $# -eq 1 ]; then
	stty -echo
	read -p "Type in secret key: " secret
	stty echo
	echo
	manifest="$1"
else
	secret="$1"
	manifest="$2"
fi

upper="$(mktemp)"
lower="$(mktemp)"

trap 'rm -f "$upper" "$lower"' EXIT

awk 'BEGIN    { sep=0 }
     /^---$/ { sep=1; next }
              { if(sep==0) print > "'"$upper"'";
                else       print > "'"$lower"'"}' \
    "$manifest"

if [ $# -eq 1 ]; then
	echo "$secret" | ecdsasign "$upper" >> "$lower"
else
	ecdsasign "$upper" < "$secret" >> "$lower"
fi

(
	cat  "$upper"
	echo ---
	cat  "$lower"
) > "$manifest"
contrib: add sign.sh 2014-03-10 21:26:51 +00:00			`#!/bin/sh`

contrib/sign.sh: various cleanups, exit with 1 on error 2015-11-23 00:14:54 +00:00			`set -e`

Add option to insert secret via keyboard input to prevent storing privat key on server. This did not break current behaviour and makes secret file optional. Also write variable "secret" in lowercase just like any other variable. 2016-01-23 15:43:19 +00:00			`if [ $# -eq 0 -o $# -gt 2 -o "-h" = "$1" -o "--help" = "$1" -o ! -r "$1" -o \( $# -eq 2 -a ! -r "$2" \) ]; then`
contrib: add sign.sh 2014-03-10 21:26:51 +00:00			`cat <<EOHELP`
Add option to insert secret via keyboard input to prevent storing privat key on server. This did not break current behaviour and makes secret file optional. Also write variable "secret" in lowercase just like any other variable. 2016-01-23 15:43:19 +00:00			`Usage: $0 [<secret>] <manifest>`
contrib/sign.sh - a bit more help 2014-12-30 04:37:39 +00:00
			`sign.sh adds lines to a manifest to indicate the approval`
			`of the integrity of the firmware as required for automated`
Add option to insert secret via keyboard input to prevent storing privat key on server. This did not break current behaviour and makes secret file optional. Also write variable "secret" in lowercase just like any other variable. 2016-01-23 15:43:19 +00:00			`updates. The first optional argument <secret> references a`
			`file harboring the private key of a public-private key pair`
			`of a developer that referenced by its public key in the site`
			`configuration. If this parameter is missing, you will be`
			`asked to type in secret key. The script may be performed`
			`multiple times to the same document to indicate an approval`
			`by multiple developers.`
contrib/sign.sh - a bit more help 2014-12-30 04:37:39 +00:00
			`See also`
			`* edcsautils on https://github.com/tcatm/ecdsautils`

contrib: add sign.sh 2014-03-10 21:26:51 +00:00			`EOHELP`
			`exit 1`
			`fi`
contrib/sign.sh: fix handling of filenames with spaces 2015-03-26 19:59:27 +00:00
Add option to insert secret via keyboard input to prevent storing privat key on server. This did not break current behaviour and makes secret file optional. Also write variable "secret" in lowercase just like any other variable. 2016-01-23 15:43:19 +00:00			`if [ $# -eq 1 ]; then`
			`stty -echo`
			`read -p "Type in secret key: " secret`
			`stty echo`
			`echo`
			`manifest="$1"`
			`else`
			`secret="$1"`
			`manifest="$2"`
			`fi`
contrib/sign.sh: fix handling of filenames with spaces 2015-03-26 19:59:27 +00:00
			`upper="$(mktemp)"`
			`lower="$(mktemp)"`

contrib/sign.sh: remove debug echo command 2015-11-23 20:09:23 +00:00			`trap 'rm -f "$upper" "$lower"' EXIT`
contrib/sign.sh: various cleanups, exit with 1 on error 2015-11-23 00:14:54 +00:00
			`awk 'BEGIN { sep=0 }`
			`/^---$/ { sep=1; next }`
			`{ if(sep==0) print > "'"$upper"'";`
			`else print > "'"$lower"'"}' \`
contrib/sign.sh: fix handling of filenames with spaces 2015-03-26 19:59:27 +00:00			`"$manifest"`

Add option to insert secret via keyboard input to prevent storing privat key on server. This did not break current behaviour and makes secret file optional. Also write variable "secret" in lowercase just like any other variable. 2016-01-23 15:43:19 +00:00			`if [ $# -eq 1 ]; then`
			`echo "$secret" \| ecdsasign "$upper" >> "$lower"`
			`else`
			`ecdsasign "$upper" < "$secret" >> "$lower"`
			`fi`
contrib/sign.sh: fix handling of filenames with spaces 2015-03-26 19:59:27 +00:00
contrib/sign.sh: various cleanups, exit with 1 on error 2015-11-23 00:14:54 +00:00			`(`
			`cat "$upper"`
			`echo ---`
			`cat "$lower"`
			`) > "$manifest"`