diff --git a/.gitignore b/.gitignore index d0d2250..54df527 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,4 @@ result inputs base* *.qcow2 +sigs diff --git a/bin/gsign b/bin/gsign new file mode 100755 index 0000000..dd6887c --- /dev/null +++ b/bin/gsign @@ -0,0 +1,77 @@ +#!/usr/bin/ruby + +require 'optparse' +require 'yaml' +require 'fileutils' +require 'pathname' + +@options = {} + +def system!(cmd) + system(cmd) or raise "failed to run #{cmd}" +end + +def sanitize(str, where) + raise "unsanitary string in #{where}" if (str =~ /[^\w.-]/) + str +end + +def sanitize_path(str, where) + raise "unsanitary string in #{where}" if (str =~ /[^\w\/.-]/) + str +end + +def info(str) + puts str unless @options[:quiet] +end + +################################ + +OptionParser.new do |opts| + opts.banner = "Usage: build [options] .yml" + + opts.on("-q", "--quiet", "be quiet") do |v| + @options[:quiet] = v + end + + opts.on("-s SIGNER", "--signer SIGNER", "identity to sign as") do |v| + @options[:signer] = v + end + + opts.on("-r REL", "--release REL", "release name") do |v| + @options[:release] = v + end + + opts.on("-d DEST", "--destination DEST", "directory to place signature in") do |v| + @options[:destination] = v + end +end.parse! + +base_dir = Pathname.new(__FILE__).expand_path.dirname.parent + +build_desc_file = ARGV.shift or raise "must supply YAML build description file" + +build_desc = YAML.load_file(build_desc_file) + +in_sums = [] + +result_dir = 'result' + +package_name = build_desc["name"] or raise "must supply name" +package_name = sanitize(package_name, "package name") + +result_file = "#{package_name}-res.yml" +result_path = File.join(result_dir, result_file) +File.exists?(result_path) or raise "#{result_path} does not exist" + +destination = @options[:destination] || File.join(base_dir, "sigs", package_name) +release = @options[:release] || "current" +release = sanitize(release, "release") +signer = @options[:signer] or raise "must supply signer with --signer" + +FileUtils.mkdir_p(destination) + +release_path = File.join(destination, release, signer) +FileUtils.mkdir_p(release_path) +FileUtils.cp(result_path, release_path) +system!("gpg --detach-sign -u #{signer} -o #{release_path}/signature.pgp #{result_path}")