2014-03-10 21:26:51 +00:00
|
|
|
#!/bin/sh
|
|
|
|
|
|
|
|
if [ $# -eq 0 -o "-h" = "$1" -o "-help" = "$1" -o "--help" = "$1" ]; then
|
|
|
|
cat <<EOHELP
|
|
|
|
Usage: $0 <secret> <manifest>
|
2014-12-30 04:37:39 +00:00
|
|
|
|
|
|
|
sign.sh adds lines to a manifest to indicate the approval
|
|
|
|
of the integrity of the firmware as required for automated
|
|
|
|
updates. The first argument <secret> references a file harboring
|
|
|
|
the private key of a public-private key pair of a developer
|
|
|
|
that referenced by its public key in the site configuration.
|
|
|
|
The script may be performed multiple times to the same document
|
|
|
|
to indicate an approval by multiple developers.
|
|
|
|
|
|
|
|
See also
|
|
|
|
* edcsautils on https://github.com/tcatm/ecdsautils
|
|
|
|
|
2014-03-10 21:26:51 +00:00
|
|
|
EOHELP
|
|
|
|
exit 1
|
|
|
|
fi
|
2015-03-26 19:59:27 +00:00
|
|
|
|
|
|
|
SECRET="$1"
|
|
|
|
|
|
|
|
manifest="$2"
|
|
|
|
upper="$(mktemp)"
|
|
|
|
lower="$(mktemp)"
|
|
|
|
|
2014-03-10 21:26:51 +00:00
|
|
|
awk "BEGIN { sep=0 }
|
|
|
|
/^---\$/ { sep=1; next }
|
|
|
|
{ if(sep==0) print > \"$upper\";
|
|
|
|
else print > \"$lower\"}" \
|
2015-03-26 19:59:27 +00:00
|
|
|
"$manifest"
|
|
|
|
|
|
|
|
ecdsasign "$upper" < "$SECRET" >> "$lower"
|
|
|
|
|
|
|
|
cat "$upper" > "$manifest"
|
|
|
|
echo --- >> "$manifest"
|
|
|
|
cat "$lower" >> "$manifest"
|
|
|
|
|
|
|
|
rm -f "$upper" "$lower"
|