gluon/contrib/sign.sh

45 lines
1.0 KiB
Bash
Raw Permalink Normal View History

2014-03-10 21:26:51 +00:00
#!/bin/sh
set -e
2019-09-30 19:38:40 +00:00
if [ $# -ne 2 ] || [ "-h" = "$1" ] || [ "--help" = "$1" ] || [ ! -r "$1" ] || [ ! -r "$2" ]; then
2014-03-10 21:26:51 +00:00
cat <<EOHELP
Usage: $0 <secret> <manifest>
2014-12-30 04:37:39 +00:00
sign.sh adds lines to a manifest to indicate the approval
of the integrity of the firmware as required for automated
updates. The first argument <secret> references a file harboring
the private key of a public-private key pair of a developer
that referenced by its public key in the site configuration.
The script may be performed multiple times to the same document
to indicate an approval by multiple developers.
See also
2019-02-16 13:15:55 +00:00
* ecdsautils on https://github.com/freifunk-gluon/ecdsautils
2014-12-30 04:37:39 +00:00
2014-03-10 21:26:51 +00:00
EOHELP
exit 1
fi
SECRET="$1"
manifest="$2"
upper="$(mktemp)"
lower="$(mktemp)"
trap 'rm -f "$upper" "$lower"' EXIT
awk 'BEGIN { sep=0 }
/^---$/ { sep=1; next }
{ if(sep==0) print > "'"$upper"'";
else print > "'"$lower"'"}' \
"$manifest"
ecdsasign "$upper" < "$SECRET" >> "$lower"
(
cat "$upper"
echo ---
cat "$lower"
) > "$manifest"