59 lines
1.3 KiB
Bash
Executable File
59 lines
1.3 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
set -e
|
|
|
|
if [ $# -eq 0 -o $# -gt 2 -o "-h" = "$1" -o "--help" = "$1" -o ! -r "$1" -o \( $# -eq 2 -a ! -r "$2" \) ]; then
|
|
cat <<EOHELP
|
|
Usage: $0 [<secret>] <manifest>
|
|
|
|
sign.sh adds lines to a manifest to indicate the approval
|
|
of the integrity of the firmware as required for automated
|
|
updates. The first optional argument <secret> references a
|
|
file harboring the private key of a public-private key pair
|
|
of a developer that referenced by its public key in the site
|
|
configuration. If this parameter is missing, you will be
|
|
asked to type in secret key. The script may be performed
|
|
multiple times to the same document to indicate an approval
|
|
by multiple developers.
|
|
|
|
See also
|
|
* edcsautils on https://github.com/tcatm/ecdsautils
|
|
|
|
EOHELP
|
|
exit 1
|
|
fi
|
|
|
|
if [ $# -eq 1 ]; then
|
|
stty -echo
|
|
read -p "Type in secret key: " secret
|
|
stty echo
|
|
echo
|
|
manifest="$1"
|
|
else
|
|
secret="$1"
|
|
manifest="$2"
|
|
fi
|
|
|
|
upper="$(mktemp)"
|
|
lower="$(mktemp)"
|
|
|
|
trap 'rm -f "$upper" "$lower"' EXIT
|
|
|
|
awk 'BEGIN { sep=0 }
|
|
/^---$/ { sep=1; next }
|
|
{ if(sep==0) print > "'"$upper"'";
|
|
else print > "'"$lower"'"}' \
|
|
"$manifest"
|
|
|
|
if [ $# -eq 1 ]; then
|
|
echo "$secret" | ecdsasign "$upper" >> "$lower"
|
|
else
|
|
ecdsasign "$upper" < "$secret" >> "$lower"
|
|
fi
|
|
|
|
(
|
|
cat "$upper"
|
|
echo ---
|
|
cat "$lower"
|
|
) > "$manifest"
|