diff options
author | Sebastien Delafond <seb@debian.org> | 2016-08-26 03:40:43 +0000 |
---|---|---|
committer | Sebastien Delafond <seb@debian.org> | 2016-08-26 03:40:43 +0000 |
commit | 4e914bac11c7e1edd3f71525d4adb7911c9aa30d (patch) | |
tree | db23d1598ea83e950d04880faa2f1964b099da68 /bin/sign-advisory.sh | |
parent | 4afd96a47b25e64c5a2e403086dbd984e48971a9 (diff) |
[bin/sign-advisory.sh] New helper script for signing DSAs
Sign a DSA generated by gen-D{L,S}A
This allows for any number of headers below the regular 3 that
gen-DSA generates (From, To, Subject).
This can be useful if the advisory contains non-ASCII characters,
like in first and last names for credits, and we need to send it as
UTF-8. In that case, the signature will still be OK, and all the
headers retained, even if we manually added those two to the DSA:
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@44153 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'bin/sign-advisory.sh')
-rwxr-xr-x | bin/sign-advisory.sh | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/bin/sign-advisory.sh b/bin/sign-advisory.sh new file mode 100755 index 0000000000..5808b98984 --- /dev/null +++ b/bin/sign-advisory.sh @@ -0,0 +1,40 @@ +#! /bin/bash + +# Sign a DSA generated by gen-D{L,S}A +# +# This allows for any number of headers below the regular 3 that +# gen-DSA generates (From, To, Subject). +# +# This can be useful if the advisory contains non-ASCII characters, +# like in first and last names for credits, and we need to send it as +# UTF-8. In that case, the signature will still be OK, and all the +# headers retained, even if we manually added those two to the DSA: +# +# Content-Transfer-Encoding: 8bit +# Content-type: text/plain; charset=UTF-8 +# +# Copyright (C) 2016 Sebastien Delafond <seb@debian.org> + +set -e + +usage() { + echo "Usage: $0 </path/to/DSA-nnnn-m>" + echo " this will create /path/to/DSA-nnnn-m.signed" +} + +if [[ $# != 1 ]] ; then + usage + exit 1 +elif [[ $1 == "-h" ]] || [[ $1 == "--help" ]] ; then + usage + exit 0 +fi + +dsa=$1 +signed_dsa=${dsa}.signed + +# figure out the offset for actual DSA text, after headers +n=$(awk '/^-+/ {print NR ; exit}' $dsa) + +# keep headers, and sign the content +{ head -n $(($n - 1)) $dsa ; tail -n +$n $dsa | gpg --clearsign ; } >| $signed_dsa |