From 8356ad58ab95e3f695af34f65975510f2f5200ed Mon Sep 17 00:00:00 2001
From: Ruben Pollan <meskio@sindominio.net>
Date: Wed, 22 Jan 2020 18:56:46 -0600
Subject: Add cross signature support for apple

With sign.sh it can be created signatures for OSX packages from linux.
---
 apple/sign.sh | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100755 apple/sign.sh

(limited to 'apple/sign.sh')

diff --git a/apple/sign.sh b/apple/sign.sh
new file mode 100755
index 0000000..3523b6f
--- /dev/null
+++ b/apple/sign.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+# From: http://users.wfu.edu/cottrell/productsign/productsign_linux.html
+
+PKG=$1
+
+mkdir tmp
+# extract the private key from certs.p12 (requires passphrase)
+openssl pkcs12 -in leap-developer-id-installer.key.p12 -nodes | openssl rsa -out tmp/key.pem
+
+# determine the size of the signature
+: | openssl dgst -sign tmp/key.pem -binary | wc -c > tmp/siglen.txt
+
+# prepare data for signing -- may have to adjust depending
+# on the contents of the certs subdir in your case
+xar --sign -f $PKG --digestinfo-to-sign tmp/digestinfo.dat \
+    --sig-size `cat tmp/siglen.txt` \
+    --cert-loc certs/cert00 \
+    --cert-loc certs/cert01 \
+    --cert-loc certs/cert02
+
+# create the signature
+openssl rsautl -sign -inkey tmp/key.pem -in tmp/digestinfo.dat \
+	 -out tmp/signature.dat
+
+# stuff it into the archive 
+xar --inject-sig tmp/signature.dat -f $PKG
+
+# and clean up
+rm -rf tmp
+
-- 
cgit v1.2.3