root/build-tools/sign_patch_formal.sh
Paul-Emile Element 2f9d9a5672 cleanup signing scripts
the scripts contained hardcoded references to resources
that are not visible outside of the environment
where the scripts were originally created and used

The scripts sign-rpms was also updated with the original version
that was intended to be submitted. The initial submission contained
the wrong version.

Closes-Bug: #1791343

Change-Id: I8ce5884ad75156d3730cf30a451051d32445e136
Signed-off-by: Paul-Emile Element <Paul-Emile.Element@windriver.com>
2018-09-07 14:44:37 -04:00

51 lines
1.5 KiB
Bash
Executable File

#!/bin/bash
# This script makes a request to the signing server to sign a .patch with the
# formal key. It will only work for users authorized to access the signing
# server.
#
# Script written to be quite simple
if [ "x$1" == "x" ]; then
echo "You must specify a patch file to sign"
exit 1
fi
PATCH_FILE_PATH=$1
PATCH_FILE_NAME=$(basename ${PATCH_FILE_PATH})
GET_UPLOAD_PATH="sudo /opt/signing/sign.sh -r"
REQUEST_SIGN="sudo /opt/signing/sign_patch.sh"
# Make a request for an upload path
# Output is a path where we can upload stuff, of the form
# "Upload: /tmp/sign_upload.5jR11pS0"
UPLOAD_PATH=`ssh ${SIGNING_USER}@${SIGNING_SERVER} ${GET_UPLOAD_PATH}`
if [ $? -ne 0 ]; then
echo "Could not get upload path. Do you have permissions on the signing server?"
exit 1
fi
UPLOAD_PATH=`echo ${UPLOAD_PATH} | cut -d ' ' -f 2`
scp -q ${PATCH_FILE_PATH} ${SIGNING_USER}@${SIGNING_SERVER}:${UPLOAD_PATH}
if [ $? -ne 0 ]; then
echo "Could upload patch"
exit 1
fi
echo "File uploaded to signing server"
# Make the signing request.
# Output is path of newly signed file
RESULT=`ssh ${SIGNING_USER}@${SIGNING_SERVER} ${REQUEST_SIGN} ${UPLOAD_PATH}/${PATCH_FILE_NAME}`
if [ $? -ne 0 ]; then
echo "Could not perform signing -- output $RESULT"
exit 1
fi
echo "Signing complete. Downloading"
scp -q ${SIGNING_USER}@${SIGNING_SERVER}:${RESULT} ${PATCH_FILE_PATH}
if [ $? -ne 0 ]; then
echo "Could not download newly signed file"
exit 1
fi
echo "${PATCH_FILE_PATH} now signed with formal key"