7 tarball
="$(readlink -f "$tarball")"
9 finish
() { rm -rf "$tmpdir"; exit $1; }
12 local file="$1" section
="$2" option
="$3"
15 /\['"$section"'\]/,$ {
16 /^[ \t]*'"$option"'[ \t]*=[ \t]*/ {
26 ' "$file" |
sed -e :a
-e '/^\n*$/{$d;N;ba' -e '}'
29 trap "finish 255" HUP INT TERM
31 if [ ! -f "$tarball" ] ||
[ ! -f "${CONFIG_INI:-config.ini}" ]; then
32 echo "Usage: [CONFIG_INI=...] $0 <tarball>" >&2
36 [ ! -e "$tmpdir" ] ||
{
37 echo "Temporary directory $tmpdir already exists!" >&2
42 mkdir
"$tmpdir" "$tmpdir/tar" "$tmpdir/gpg" "$tmpdir/gpg/private-keys-v1.d" || finish
2
45 chmod 0755 "$tmpdir/tar"
46 tar -C "$tmpdir/tar/" -xzf "$tarball" || finish
3
50 case "$(gpg --version | head -n1)" in
54 if [ -z "$branch" ]; then
55 GPGKEY
="$(iniget "${CONFIG_INI:-config.ini}" gpg key)"
56 GPGPASS
="$(iniget "${CONFIG_INI:-config.ini}" gpg passphrase)"
57 GPGCOMMENT
="$(iniget "${CONFIG_INI:-config.ini}" gpg comment)"
59 USIGNKEY
="$(iniget "${CONFIG_INI:-config.ini}" usign key)"
60 USIGNCOMMENT
="$(iniget "${CONFIG_INI:-config.ini}" usign comment)"
62 GPGKEY
="$(iniget "${CONFIG_INI:-config.ini}" "branch
$branch" "gpg_key
")"
63 GPGPASS
="$(iniget "${CONFIG_INI:-config.ini}" "branch
$branch" "gpg_passphrase
")"
64 GPGCOMMENT
="$(iniget "${CONFIG_INI:-config.ini}" "branch
$branch" "gpg_comment
")"
66 USIGNKEY
="$(iniget "${CONFIG_INI:-config.ini}" "branch
$branch" "usign_key
")"
67 USIGNCOMMENT
="$(iniget "${CONFIG_INI:-config.ini}" "branch
$branch" "usign_comment
")"
70 if echo "$GPGKEY" |
grep -q "BEGIN PGP PRIVATE KEY BLOCK"; then
72 echo "$GPGPASS" > "$tmpdir/gpg.pass"
73 echo "$GPGKEY" | gpg
--batch --homedir "$tmpdir/gpg" \
74 ${loopback:+--pinentry-mode loopback --no-tty --passphrase-fd 0} \
75 ${GPGPASS:+--passphrase-file "$tmpdir/gpg.pass"} \
76 --import - || finish
4
79 find "$tmpdir/tar/" -type f
-not -name "*.asc" -and -not -name "*.sig" -exec \
80 gpg
--no-version --batch --yes -a -b \
81 --homedir "$(readlink -f "$tmpdir/gpg
")" \
82 ${loopback:+--pinentry-mode loopback --no-tty --passphrase-fd 0} \
83 ${GPGPASS:+--passphrase-file "$(readlink -f "$tmpdir/gpg.pass")"} \
84 ${GPGCOMMENT:+--comment="$GPGCOMMENT"} \
85 -o "{}.asc" "{}" \
; || finish
4
88 if [ -n "$USIGNKEY" ]; then
89 USIGNID
="$(echo "$USIGNKEY" | base64 -d -i | dd bs=1 skip=32 count=8 2>/dev/null | od -v -t x1 | sed -rne 's/^0+ //p' | tr -d ' ')"
91 if ! echo "$USIGNID" |
grep -qxE "[0-9a-f]{16}"; then
92 echo "Invalid usign key specified" >&2
97 printf "untrusted comment: %s\n%s\n" "${USIGNCOMMENT:-key ID $USIGNID}" "$USIGNKEY" > "$tmpdir/usign.sec"
100 find "$tmpdir/tar/" -type f
-not -name "*.asc" -and -not -name "*.sig" -exec \
101 signify-openbsd
-S -s "$(readlink -f "$tmpdir/usign.sec
")" -m "{}" \
; || finish
5
104 tar -C "$tmpdir/tar/" -czf "$tarball" . || finish
6