sign.sh 1016 B

12345678910111213141516171819202122232425262728293031323334353637383940
  1. #!/bin/sh
  2. if [ $# -eq 0 -o "-h" = "$1" -o "-help" = "$1" -o "--help" = "$1" ]; then
  3. cat <<EOHELP
  4. Usage: $0 <secret> <manifest>
  5. sign.sh adds lines to a manifest to indicate the approval
  6. of the integrity of the firmware as required for automated
  7. updates. The first argument <secret> references a file harboring
  8. the private key of a public-private key pair of a developer
  9. that referenced by its public key in the site configuration.
  10. The script may be performed multiple times to the same document
  11. to indicate an approval by multiple developers.
  12. See also
  13. * edcsautils on https://github.com/tcatm/ecdsautils
  14. EOHELP
  15. exit 1
  16. fi
  17. SECRET="$1"
  18. manifest="$2"
  19. upper="$(mktemp)"
  20. lower="$(mktemp)"
  21. awk "BEGIN { sep=0 }
  22. /^---\$/ { sep=1; next }
  23. { if(sep==0) print > \"$upper\";
  24. else print > \"$lower\"}" \
  25. "$manifest"
  26. ecdsasign "$upper" < "$SECRET" >> "$lower"
  27. cat "$upper" > "$manifest"
  28. echo --- >> "$manifest"
  29. cat "$lower" >> "$manifest"
  30. rm -f "$upper" "$lower"