Add option to insert secret via keyboard input to prevent storing privat key on server. This did not break current behaviour and makes secret file optional. Also write variable "secret" in lowercase just like any other variable.
This commit is contained in:
parent
4ed5b85668
commit
cafd3fe011
@ -2,17 +2,19 @@
|
||||
|
||||
set -e
|
||||
|
||||
if [ $# -ne 2 -o "-h" = "$1" -o "--help" = "$1" -o ! -r "$1" -o ! -r "$2" ]; then
|
||||
if [ $# -eq 0 -o $# -gt 2 -o "-h" = "$1" -o "--help" = "$1" -o ! -r "$1" -o \( $# -eq 2 -a ! -r "$2" \) ]; then
|
||||
cat <<EOHELP
|
||||
Usage: $0 <secret> <manifest>
|
||||
Usage: $0 [<secret>] <manifest>
|
||||
|
||||
sign.sh adds lines to a manifest to indicate the approval
|
||||
of the integrity of the firmware as required for automated
|
||||
updates. The first argument <secret> references a file harboring
|
||||
the private key of a public-private key pair of a developer
|
||||
that referenced by its public key in the site configuration.
|
||||
The script may be performed multiple times to the same document
|
||||
to indicate an approval by multiple developers.
|
||||
updates. The first optional argument <secret> references a
|
||||
file harboring the private key of a public-private key pair
|
||||
of a developer that referenced by its public key in the site
|
||||
configuration. If this parameter is missing, you will be
|
||||
asked to type in secret key. The script may be performed
|
||||
multiple times to the same document to indicate an approval
|
||||
by multiple developers.
|
||||
|
||||
See also
|
||||
* edcsautils on https://github.com/tcatm/ecdsautils
|
||||
@ -21,9 +23,17 @@ EOHELP
|
||||
exit 1
|
||||
fi
|
||||
|
||||
SECRET="$1"
|
||||
|
||||
if [ $# -eq 1 ]; then
|
||||
stty -echo
|
||||
read -p "Type in secret key: " secret
|
||||
stty echo
|
||||
echo
|
||||
manifest="$1"
|
||||
else
|
||||
secret="$1"
|
||||
manifest="$2"
|
||||
fi
|
||||
|
||||
upper="$(mktemp)"
|
||||
lower="$(mktemp)"
|
||||
|
||||
@ -35,7 +45,11 @@ awk 'BEGIN { sep=0 }
|
||||
else print > "'"$lower"'"}' \
|
||||
"$manifest"
|
||||
|
||||
ecdsasign "$upper" < "$SECRET" >> "$lower"
|
||||
if [ $# -eq 1 ]; then
|
||||
echo "$secret" | ecdsasign "$upper" >> "$lower"
|
||||
else
|
||||
ecdsasign "$upper" < "$secret" >> "$lower"
|
||||
fi
|
||||
|
||||
(
|
||||
cat "$upper"
|
||||
|
Loading…
Reference in New Issue
Block a user