From 8bfafadf27cc1e7a3c01f1565d66e8a56bb09a9b Mon Sep 17 00:00:00 2001 From: Aditya Kulkarni Date: Mon, 25 Mar 2019 16:26:58 -0700 Subject: [PATCH 1/2] Signatures to zip file --- src/scripts/signbinaries.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/scripts/signbinaries.sh b/src/scripts/signbinaries.sh index 3a17e21..679b279 100755 --- a/src/scripts/signbinaries.sh +++ b/src/scripts/signbinaries.sh @@ -44,6 +44,7 @@ mv sha256sum-v$APP_VERSION.txt ../release/signatures/ cp ../res/SIGNATURES_README ../release/signatures/README cd ../release/signatures -tar -czf signatures-v$APP_VERSION.tar.gz * -mv signatures-v$APP_VERSION.tar.gz ../../artifacts +#tar -czf signatures-v$APP_VERSION.tar.gz * +zip signatures-v$APP_VERSION.zip * +mv signatures-v$APP_VERSION.zip ../../artifacts From 5b5fc6ee2231d482fe653cf2369b34a413fa14cc Mon Sep 17 00:00:00 2001 From: Aditya Kulkarni Date: Thu, 28 Mar 2019 15:39:07 -0700 Subject: [PATCH 2/2] Add codesigning --- src/scripts/codesign.sh | 116 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 116 insertions(+) create mode 100755 src/scripts/codesign.sh diff --git a/src/scripts/codesign.sh b/src/scripts/codesign.sh new file mode 100755 index 0000000..208c158 --- /dev/null +++ b/src/scripts/codesign.sh @@ -0,0 +1,116 @@ +#!/bin/bash + +# Setup +bold=$(tput bold) +normal=$(tput sgr0) + +# Print the usage and exit +do_help() { + echo "codesign.sh v0.1"; + echo ""; + echo "Sign release binaries with gpg keysigning" + echo ""; + echo "Usage:" + echo "codesign.sh --version [version_id] file [file ...]"; + echo "" + exit 1; +} + +# Print the usage for the version parameter and exit +do_version_missing() { + echo "No release version identifier specified"; + echo "Please specify a release version with ${bold}--version${normal}" + echo + echo "Example:" + echo "./codesign.sh --version 1.4 filename.msi" + exit 1; +} + +# Print the instructions for how to install dependencies +do_missing_command() { + echo "Error: ${bold}$1${normal} was not installed" + echo "" + echo "One or more dependencies are missing. Please install all dependencies by running:" + echo "${bold}brew install gsha256sum gnupg${normal}" + exit 1; +} + +# Print error message for missing private key +do_missing_gpg_key() { + echo "Error: Couldn't find a local private key to sign with." + echo + echo "The command ${bold}gpg -K${normal} didn't return any keys. Did you forget to install the private keys on this machine?" + exit 1; +} + +# Accept the variables as command line arguments as well +POSITIONAL=() +while [[ $# -gt 0 ]] +do +key="$1" + +case $key in + -h|--help) + do_help + ;; + -v|--version) + APP_VERSION="$2" + shift # past argument + shift # past value + ;; + *) # unknown option + POSITIONAL+=("$1") # save it in an array for later + shift # past argument + ;; +esac +done +set -- "${POSITIONAL[@]}" # restore positional parameters + +if [ -z $APP_VERSION ]; then + do_version_missing +fi + +# Check for existance of the gpg and sha256sum commands +hash gsha256sum 2>/dev/null || { + do_missing_command gsha256sum + exit 1; +} + +hash gpg 2>/dev/null || { + do_missing_command gpg + exit 1; +} + +hash zip 2>/dev/null || { + do_missing_command zip + exit 1; +} + +# Check to see that we have a private key installed on this machine +if [[ -z $(gpg -K) ]]; then + do_missing_gpg_key +fi + +PackageContents=() + +# Calculate the sha256sum for all input files +gsha256sum $@ > sha256sum.txt +PackageContents+=("sha256sum.txt") + +# Sign all the files +for var in "$@" +do + rm -f $var.sig + echo "Signing" $var + gpg --batch --output $var.sig --detach-sig $var + PackageContents+=("$var.sig") +done + +# Zip up everything into a neat package +ZipName=signatures-v$APP_VERSION.zip +echo "Zipping files into $ZipName" +rm -f $ZipName +zip $ZipName ${PackageContents[@]} 2>&1 >/dev/null + +# Clean up intermediate files +rm ${PackageContents[@]} \ No newline at end of file