From fa874cc611eb09ae5b6ec3598a23f72de858ad0a Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Sun, 25 Aug 2024 18:56:41 +0200 Subject: Linux: Add script to sign generated rpms --- src/Build/sign_rpm.sh | 54 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 src/Build/sign_rpm.sh (limited to 'src') diff --git a/src/Build/sign_rpm.sh b/src/Build/sign_rpm.sh new file mode 100644 index 00000000..9abc041e --- /dev/null +++ b/src/Build/sign_rpm.sh @@ -0,0 +1,54 @@ +#!/bin/bash + +# Function to display usage information +usage() { + echo "Usage: $0 " + exit 1 +} + +# Check if a directory was provided as an argument +if [ $# -ne 1 ]; then + usage +fi + +DIRECTORY="$1" + +# Check if the specified directory exists +if [ ! -d "$DIRECTORY" ]; then + echo "Error: Directory '$DIRECTORY' does not exist." + exit 1 +fi + +# Check if there are any RPM files in the directory +shopt -s nullglob # Make the glob return an empty array if no match +rpm_files=("$DIRECTORY"/*.rpm) + +if [ ${#rpm_files[@]} -eq 0 ]; then + echo "No RPM files found in directory '$DIRECTORY'." + exit 0 +fi + +# Iterate over each RPM file in the directory +for rpm_file in "${rpm_files[@]}"; do + echo "Processing $rpm_file..." + + # Remove the existing signature if any + echo "Removing existing signature from $rpm_file (if any)..." + rpmsign --delsign "$rpm_file" || { + echo "Failed to remove signature from $rpm_file." + exit 1 + } + + # Sign the RPM file + echo "Signing $rpm_file..." + rpmsign --define "_gpg_name veracrypt@idrix.fr" \ + --define "_gpg_digest_algo sha512" \ + --define "_source_filedigest_algorithm 10" \ + --define "_binary_filedigest_algorithm 10" \ + --addsign "$rpm_file" || { + echo "Failed to sign $rpm_file. Aborting." + exit 1 + } + + echo "Successfully signed $rpm_file." +done -- cgit v1.2.3