From 915f76b70b954a9f20537f41a46700fcf8e67522 Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Sun, 30 Jun 2019 18:13:26 +0200 Subject: [PATCH] scripts: signall.sh: add using support Signed-off-by: Jo-Philipp Wich --- scripts/signall.sh | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/scripts/signall.sh b/scripts/signall.sh index c2575c5..1e40ead 100755 --- a/scripts/signall.sh +++ b/scripts/signall.sh @@ -12,7 +12,8 @@ finish() { rm -rf "$tmpdir"; exit $1; } trap "finish 255" HUP INT TERM if [ ! -f "$tarball" ]; then - echo "Usage: [GNUPGHOME=... [PASSFILE=...]] $0 [ []]" + echo "Usage: [GNUPGHOME=... [PASSFILE=...]] [USIGNKEY=... [USIGNCOMMENT=...]] \\" + echo " $0 [ []]" finish 1 fi @@ -27,7 +28,7 @@ case "$(gpg --version | head -n1)" in *\ 2.*) loopback=1 ;; esac -find "$tmpdir/" -type f -not -name "*.asc" -exec gpg \ +find "$tmpdir/" -type f -not -name "*.asc" -and -not -name "*.sig" -exec gpg \ --no-version --batch --yes -a -b \ ${loopback:+--pinentry-mode loopback --no-tty --passphrase-fd 0} \ ${keyid:+-u "$keyid"} \ @@ -36,6 +37,14 @@ find "$tmpdir/" -type f -not -name "*.asc" -exec gpg \ ${PASSFILE:+--passphrase-file "$PASSFILE"} \ -o "{}.asc" "{}" \; || finish 4 -tar -C "$tmpdir/" -czf "$tarball" . || finish 5 +export USIGNID="$(echo "$USIGNKEY" | base64 -d -i | dd bs=1 skip=32 count=8 2>/dev/null | od -v -t x1 | sed -rne 's/^0+ //p' | tr -d ' ')" + +if echo "$USIGNID" | grep -qxE "[0-9a-f]{16}"; then + find "$tmpdir/" -type f -not -name "*.asc" -and -not -name "*.sig" -exec sh -c \ + 'printf "untrusted comment: %s\n%s\n" "${USIGNCOMMENT:-key ID $USIGNID}" "$USIGNKEY" | \ + signify-openbsd -S -s - -m "{}"' \; || finish 5 +fi + +tar -C "$tmpdir/" -czf "$tarball" . || finish 6 finish 0 -- 2.30.2