#!/bin/bash
DIR_BIN=$1
DIR_SIGNED=$2
TMP_DIR=$DIR_SIGNED/tmp$$
SIGN_LOG=sign.log
GPG_VER=`gpg --version | head -n 1 | sed -e 's/gpg (GnuPG) //'`
if [ -z $DIR_BIN ] ; then
echo "Specify original directory as first argument."
exit 1
fi
if [ -z $DIR_SIGNED ] ; then
echo "Specify destination directory as second argument."
exit 1
fi
if [ ! -e $DIR_BIN ] ; then
echo "Original directory $DIR_BIN doesn't exist."
exit 1
fi
list_of_packages=`find $DIR_BIN -type f -name "*.deb"`
list_of_udebs=`find $DIR_BIN -type f -name "*.udeb"`
#echo $list_of_packages
for i in $list_of_packages ; do
pack_name=`echo $i | awk '{sub(/^.+\//,"",$0) ; a=$0; print a}'`
mkdir -p $TMP_DIR/{control,data}
cp $i $TMP_DIR
pushd $TMP_DIR
ar x $pack_name
# Definig archives type
data_arch_type=`ls data.tar* | cut -d'.' -f3`
control_arch_type=`ls control.tar* | cut -d'.' -f3`
popd
# Unpack data archive
pushd $TMP_DIR/data
case $data_arch_type in
xz)
tar --same-permissions --same-owner -xJf ../data.tar.xz
;;
gz)
tar --same-permissions --same-owner -xzf ../data.tar.gz
;;
bz2)
tar --same-permissions --same-owner -xjf ../data.tar.bz2
;;
lzma)
tar --same-permissions --same-owner --lzma -xf ../data.tar.lzma
;;
esac
popd
# Unpack control archive
pushd $TMP_DIR/control
case $control_arch_type in
xz)
tar --same-permissions --same-owner -xJf ../control.tar.xz
;;
gz)
tar --same-permissions --same-owner -xzf ../control.tar.gz
;;
bz2)
tar --same-permissions --same-owner -xjf ../control.tar.bz2
;;
lzma)
tar --same-permissions --same-owner --lzma -xf ../control.tar.lzma
;;
esac
popd
# Sign files
pushd $TMP_DIR/data
for file in `find . -type f` ; do
if [ -x $file ] || [ "`echo $file | sed -e 's/^.*\.so.*$/so/g'`" = "so" ] ; then
if [ ! -L $file ]; then
oldstat=`stat -c %a $file`
GPG2OPTS=
if [ "$GPGVER" = "2.1.18" ] || [ ! "$GPGVER" = "1.4.18" ]; then
GPG2OPTS="--batch --pinentry-mode=loopback"
fi
bsign -N -s --pgoptions="--default-key 12345678 $GPG2OPTS --passphrase-file ./key_password.txt" $file
bsign -V $file | grep -v "not ELF64"
bsign -w $file | grep -v "not ELF64"
newstat=`stat -c %a $file`
[ $newstat != $oldstat ] && echo "BSIGN_CHMOD_ERROR in $file" >> ${SIGN_LOG} 2>&1
fi
fi
done
popd
# Counting md5sums
pushd $TMP_DIR/control
if [ -e ./md5sums ] ; then
filenames=`cat md5sums | awk -F' ' '{print $2}'`
popd
pushd $TMP_DIR/data
for j in $filenames
do
echo `md5sum $j` >> $TMP_DIR/control/md5sums.new
done
sed -e 's/\ /\ \ /g' $TMP_DIR/control/md5sums.new > $TMP_DIR/control/md5sums.new_mod
popd
mv -f $TMP_DIR/control/md5sums.new_mod $TMP_DIR/control/md5sums
rm -f $TMP_DIR/control/md5sums.new
fi
# Packing back in deb
pushd $TMP_DIR/data
case $data_arch_type in
xz)
tar --same-permissions --same-owner -cJf ../data.tar.xz .
;;
gz)
tar --same-permissions --same-owner -czf ../data.tar.gz .
;;
bz2)
tar --same-permissions --same-owner -cjf ../data.tar.bz2 .
;;
lzma)
tar --same-permissions --same-owner --lzma -cf ../data.tar.lzma .
;;
esac
popd
pushd $TMP_DIR/control
case $control_arch_type in
xz)
tar --same-permissions --same-owner -cJvf ../control.tar.xz .
;;
gz)
tar --same-permissions --same-owner -czvf ../control.tar.gz .
;;
bz2)
tar --same-permissions --same-owner -cjvf ../control.tar.bz2 .
;;
lzma)
tar --same-permissions --same-owner --lzma -cvf ../control.tar.lzma .
;;
esac
popd
pushd $TMP_DIR
ar rcs $TMP_DIR/$pack_name debian-binary control.tar.$control_arch_type data.tar.$data_arch_type
cp $pack_name $DIR_SIGNED/
popd
rm -rf $TMP_DIR
done
for j in $list_of_udebs ; do
cp $j $DIR_SIGNED
done
echo "Sign done"
|