blob: 3523b6f9a45d11b3ebcf05622a0635bec4664956 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
#!/bin/sh
# From: http://users.wfu.edu/cottrell/productsign/productsign_linux.html
PKG=$1
mkdir tmp
# extract the private key from certs.p12 (requires passphrase)
openssl pkcs12 -in leap-developer-id-installer.key.p12 -nodes | openssl rsa -out tmp/key.pem
# determine the size of the signature
: | openssl dgst -sign tmp/key.pem -binary | wc -c > tmp/siglen.txt
# prepare data for signing -- may have to adjust depending
# on the contents of the certs subdir in your case
xar --sign -f $PKG --digestinfo-to-sign tmp/digestinfo.dat \
--sig-size `cat tmp/siglen.txt` \
--cert-loc certs/cert00 \
--cert-loc certs/cert01 \
--cert-loc certs/cert02
# create the signature
openssl rsautl -sign -inkey tmp/key.pem -in tmp/digestinfo.dat \
-out tmp/signature.dat
# stuff it into the archive
xar --inject-sig tmp/signature.dat -f $PKG
# and clean up
rm -rf tmp
|
