File indexing completed on 2024-11-10 04:05:17
0001 #!/usr/bin/env bash 0002 # 0003 # SPDX-License-Identifier: GPL-3.0-or-later 0004 # 0005 0006 set -x 0007 set -e 0008 0009 APPIMAGE_PATH="${1}" 0010 GPG_KEY="${2}" 0011 0012 if [ -z $APPIMAGE_PATH ]; then 0013 echo "path to appimage (arg1) is not set" 0014 exit 1 0015 fi 0016 0017 if [ -z $GPG_KEY ]; then 0018 echo "gpg key id (arg3) is not set" 0019 exit 1 0020 fi 0021 0022 tempdir="$(mktemp sign_appimage.XXXXXX -d -p /tmp)" 0023 0024 destination=$(basename $APPIMAGE_PATH) 0025 0026 ascfile="${tempdir}/${destination}.digest.asc" 0027 digestfile="${tempdir}/${destination}.digest" 0028 sigkeyfile="${tempdir}/sig_pubkey" 0029 0030 if [ -f $digestfile ]; then rm $digestfile; fi 0031 if [ -f $ascfile ]; then rm $ascfile; fi 0032 if [ -f $sigkeyfile ]; then rm $sigkeyfile; fi 0033 0034 # get offsets and lengths of .sha256_sig and .sig_key sections of the AppImage 0035 SIG_OFFSET=$(objdump -h "${APPIMAGE_PATH}" | grep .sha256_sig | awk '{print $6}') 0036 SIG_LENGTH=$(objdump -h "${APPIMAGE_PATH}" | grep .sha256_sig | awk '{print $3}') 0037 0038 KEY_OFFSET=$(objdump -h "${APPIMAGE_PATH}" | grep .sig_key | awk '{print $6}') 0039 KEY_LENGTH=$(objdump -h "${APPIMAGE_PATH}" | grep .sig_key | awk '{print $3}') 0040 0041 # Null the sections 0042 dd if=/dev/zero bs=1 seek=$(($(echo 0x$SIG_OFFSET))) count=$(($(echo 0x$SIG_LENGTH))) of="${APPIMAGE_PATH}" conv=notrunc 0043 dd if=/dev/zero bs=1 seek=$(($(echo 0x$KEY_OFFSET))) count=$(($(echo 0x$KEY_LENGTH))) of="${APPIMAGE_PATH}" conv=notrunc 0044 0045 # generate sha256sum 0046 # BEWARE THE NEWLINE! if it is not stripped, AppImageUpdate validation will fail 0047 sha256sum $APPIMAGE_PATH | cut -d " " -f 1 | tr -d '\n' > $digestfile 0048 0049 #sign the sha256sum 0050 gpg2 --detach-sign --armor -u $GPG_KEY -o $ascfile $digestfile 0051 gpg2 --export --armor $GPG_KEY > $sigkeyfile 0052 0053 # Embed the signature 0054 dd if=${ascfile} bs=1 seek=$(($(echo 0x$SIG_OFFSET))) count=$(($(echo 0x$SIG_LENGTH))) of="${APPIMAGE_PATH}" conv=notrunc 0055 # Embed the public part of the signing key 0056 dd if=${sigkeyfile} bs=1 seek=$(($(echo 0x$KEY_OFFSET))) count=$(($(echo 0x$KEY_LENGTH))) of="${APPIMAGE_PATH}" conv=notrunc 0057 0058 # cleanup 0059 rm -rf $tempdir