2018-06-01 14:45:16 +00:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
# This script makes a request to the signing server to sign a .iso with the
|
|
|
|
# formal key. It will only work for users authorized to access the signing
|
|
|
|
# server. The detached signature is placed in the same path as the .iso as
|
|
|
|
# the file bootimage.sig
|
|
|
|
#
|
|
|
|
# Script written to be quite simple
|
|
|
|
|
|
|
|
if [ "x$1" == "x" ]; then
|
|
|
|
echo "You must specify an ISO file to sign"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
ISO_FILE_PATH=$1
|
|
|
|
ISO_FILE_NAME=$(basename ${ISO_FILE_PATH})
|
|
|
|
ISO_FILE_ROOT=$(dirname ${ISO_FILE_PATH})
|
|
|
|
ISO_FILE_NOEXT="${ISO_FILE_NAME%.*}"
|
|
|
|
GET_UPLOAD_PATH="sudo /opt/signing/sign.sh -r"
|
|
|
|
REQUEST_SIGN="sudo /opt/signing/sign_iso.sh"
|
|
|
|
SIGNATURE_FILE="$ISO_FILE_NOEXT.sig"
|
|
|
|
|
|
|
|
# Make a request for an upload path
|
|
|
|
# Output is a path where we can upload stuff, of the form
|
|
|
|
# "Upload: /tmp/sign_upload.5jR11pS0"
|
2018-09-07 17:09:07 +00:00
|
|
|
UPLOAD_PATH=`ssh ${SIGNING_USER}@${SIGNING_SERVER} ${GET_UPLOAD_PATH}`
|
2018-06-01 14:45:16 +00:00
|
|
|
if [ $? -ne 0 ]; then
|
|
|
|
echo "Could not get upload path. Do you have permissions on the signing server?"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
UPLOAD_PATH=`echo ${UPLOAD_PATH} | cut -d ' ' -f 2`
|
|
|
|
|
|
|
|
echo "Uploading file"
|
2018-09-07 17:09:07 +00:00
|
|
|
scp -q ${ISO_FILE_PATH} ${SIGNING_USER}@${SIGNING_SERVER}:${UPLOAD_PATH}
|
2018-06-01 14:45:16 +00:00
|
|
|
if [ $? -ne 0 ]; then
|
|
|
|
echo "Could not upload ISO"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
echo "File uploaded to signing server -- signing"
|
|
|
|
|
|
|
|
# Make the signing request.
|
|
|
|
# Output is path of detached signature
|
2018-09-07 17:09:07 +00:00
|
|
|
RESULT=`ssh ${SIGNING_USER}@${SIGNING_SERVER} ${REQUEST_SIGN} ${UPLOAD_PATH}/${ISO_FILE_NAME}`
|
2018-06-01 14:45:16 +00:00
|
|
|
if [ $? -ne 0 ]; then
|
|
|
|
echo "Could not perform signing -- output $RESULT"
|
2018-09-07 17:09:07 +00:00
|
|
|
ssh ${SIGNING_USER}@${SIGNING_SERVER} rm -f ${UPLOAD_PATH}/${ISO_FILE_NAME}
|
2018-06-01 14:45:16 +00:00
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
echo "Signing complete. Downloading detached signature"
|
2018-09-07 17:09:07 +00:00
|
|
|
scp -q ${SIGNING_USER}@${SIGNING_SERVER}:${RESULT} ${ISO_FILE_ROOT}/${SIGNATURE_FILE}
|
2018-06-01 14:45:16 +00:00
|
|
|
if [ $? -ne 0 ]; then
|
|
|
|
echo "Could not download newly signed file"
|
2018-09-07 17:09:07 +00:00
|
|
|
ssh ${SIGNING_USER}@${SIGNING_SERVER} rm -f ${UPLOAD_PATH}/${ISO_FILE_NAME}
|
2018-06-01 14:45:16 +00:00
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
# Clean up (ISOs are big)
|
2018-09-07 17:09:07 +00:00
|
|
|
ssh ${SIGNING_USER}@${SIGNING_SERVER} rm -f ${UPLOAD_PATH}/${ISO_FILE_NAME}
|
2018-06-01 14:45:16 +00:00
|
|
|
|
|
|
|
echo "${ISO_FILE_ROOT}/${SIGNATURE_FILE} detached signature"
|