sign.sh 1.0 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344
  1. #!/bin/sh
  2. set -e
  3. if [ $# -ne 2 -o "-h" = "$1" -o "--help" = "$1" -o ! -r "$1" -o ! -r "$2" ]; then
  4. cat <<EOHELP
  5. Usage: $0 <secret> <manifest>
  6. sign.sh adds lines to a manifest to indicate the approval
  7. of the integrity of the firmware as required for automated
  8. updates. The first argument <secret> references a file harboring
  9. the private key of a public-private key pair of a developer
  10. that referenced by its public key in the site configuration.
  11. The script may be performed multiple times to the same document
  12. to indicate an approval by multiple developers.
  13. See also
  14. * edcsautils on https://github.com/tcatm/ecdsautils
  15. EOHELP
  16. exit 1
  17. fi
  18. SECRET="$1"
  19. manifest="$2"
  20. upper="$(mktemp)"
  21. lower="$(mktemp)"
  22. trap 'echo rm -f "$upper" "$lower"; rm -f "$upper" "$lower"' EXIT
  23. awk 'BEGIN { sep=0 }
  24. /^---$/ { sep=1; next }
  25. { if(sep==0) print > "'"$upper"'";
  26. else print > "'"$lower"'"}' \
  27. "$manifest"
  28. ecdsasign "$upper" < "$SECRET" >> "$lower"
  29. (
  30. cat "$upper"
  31. echo ---
  32. cat "$lower"
  33. ) > "$manifest"