Skip to content

Commit 1a1e7a4

Browse files
guidfortguidfort
committed
release: 4.4: update scripts files
1 parent ee88116 commit 1a1e7a4

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

46 files changed

+675
-397
lines changed

scripts/app-signing-tool.sh

Lines changed: 25 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -5,51 +5,51 @@ SIGNING_KEY=$2
55
DIR_SNAPS_INPUT=$3
66
DIR_APPS_OUTPUT=$"${4:-$DIR_SNAPS_INPUT}"
77

8-
rm -rf $DIR_SNAPS_INPUT/signing_temp && mkdir -p $DIR_SNAPS_INPUT/signing_temp
8+
rm -rf "$DIR_SNAPS_INPUT"/signing_temp && mkdir -p "$DIR_SNAPS_INPUT"/signing_temp
99

1010
# get publisher certificate
11-
openssl x509 -in $OEM_CERT -outform DER | base64 > $DIR_SNAPS_INPUT/signing_temp/cert.der.base64
12-
publisher=$(openssl x509 -noout -subject -nameopt multiline -in $OEM_CERT | grep commonName | awk '{print $3}')
13-
organization=$(openssl x509 -noout -subject -nameopt multiline -in $OEM_CERT | grep organizationName | awk '{print $3}')
11+
openssl x509 -in "$OEM_CERT" -outform DER | base64 > "$DIR_SNAPS_INPUT"/signing_temp/cert.der.base64
12+
publisher=$(openssl x509 -noout -subject -nameopt multiline -in "$OEM_CERT" | grep commonName | awk '{print $3}')
13+
organization=$(openssl x509 -noout -subject -nameopt multiline -in "$OEM_CERT" | grep organizationName | awk '{print $3}')
1414

15-
for snap_file in $DIR_SNAPS_INPUT/*.snap; do
16-
SIGNING_DIR=$DIR_SNAPS_INPUT/signing_temp/sign_$(basename $snap_file) && mkdir -p "$SIGNING_DIR"
15+
for snap_file in "$DIR_SNAPS_INPUT"/*.snap; do
16+
SIGNING_DIR="$DIR_SNAPS_INPUT"/signing_temp/sign_$(basename "$snap_file") && mkdir -p "$SIGNING_DIR"
1717

1818
# Expected snap nameing scheme: <APPNAME>_<VERSION>_<ARCHITECTURE>.snap
19-
snapfilename=$(basename $snap_file)
19+
snapfilename=$(basename "$snap_file")
2020
snapfilebase=${snapfilename%_*}
2121
app_name=${snapfilebase%_*}
2222
appFileName=$(basename "${snapfilename%_*}.app")
23-
arch=$(echo $snapfilename | cut -d'_' -f3 | cut -d'.' -f1)
23+
arch=$(echo "$snapfilename" | cut -d'_' -f3 | cut -d'.' -f1)
2424

2525
# generate digest of snap
26-
snap_digest=$(sha384sum $snap_file | awk '{ print $1 }')
26+
snap_digest=$(sha384sum "$snap_file" | awk '{ print $1 }')
2727

2828
echo "+----< Singing snap file: $snapfilename"
2929
echo -e "| arch: $arch \n| digest: $snap_digest \n| destination: $DIR_APPS_OUTPUT/$appFileName\n"
3030

3131
# create signature file
3232
export SIGNING_DIR snap_digest app_name publisher organization timestamp=$(date -u +"%Y-%m-%dT%H:%M:%S.%6NZ")
33-
mkdir -p $SIGNING_DIR/public/snaps/$arch/release
33+
mkdir -p "$SIGNING_DIR"/public/snaps/"$arch"/release
3434
( echo "cat <<EOF >$SIGNING_DIR/public/snaps/$arch/release/$snapfilebase.signature";
35-
echo 'type: app-revision';
36-
echo 'app-name: ${app_name}';
37-
echo 'publisher: ${publisher}';
38-
echo 'organization: ${organization}';
39-
echo 'timestamp: ${timestamp}';
40-
echo 'snap-digest: ${snap_digest}';
41-
) >$SIGNING_DIR/temp.yml && source $SIGNING_DIR/temp.yml 2> /dev/null
35+
echo "type: app-revision";
36+
echo "app-name: ${app_name}";
37+
echo "publisher: ${publisher}";
38+
echo "organization: ${organization}";
39+
echo "timestamp: ${timestamp}";
40+
echo "snap-digest: ${snap_digest}";
41+
) >"$SIGNING_DIR"/temp.yml && source "$SIGNING_DIR"/temp.yml 2> /dev/null
4242

4343
# generate signature of assertion
44-
SIG=$(openssl dgst -sha384 -sign $SIGNING_KEY $SIGNING_DIR/public/snaps/$arch/release/$snapfilebase.signature | openssl base64)
45-
echo -e "\n$SIG" >> $SIGNING_DIR/public/snaps/$arch/release/$snapfilebase.signature
44+
SIG=$(openssl dgst -sha384 -sign "$SIGNING_KEY" "$SIGNING_DIR"/public/snaps/"$arch"/release/"$snapfilebase".signature | openssl base64)
45+
echo -e "\n$SIG" >> "$SIGNING_DIR"/public/snaps/"$arch"/release/"$snapfilebase".signature
4646

4747
# repack
48-
cp $snap_file $SIGNING_DIR/public/snaps/$arch/release/$snapfilebase.snap
49-
tar --append --file=$DIR_SNAPS_INPUT/signing_temp/$appFileName --directory=$SIGNING_DIR public/
50-
rm -r $SIGNING_DIR
48+
cp "$snap_file" "$SIGNING_DIR"/public/snaps/"$arch"/release/"$snapfilebase".snap
49+
tar --append --file="$DIR_SNAPS_INPUT"/signing_temp/"$appFileName" --directory="$SIGNING_DIR" public/
50+
rm -r "$SIGNING_DIR"
5151
done
52-
for appfile in $DIR_SNAPS_INPUT/signing_temp/*.app; do
53-
mv $appfile $DIR_APPS_OUTPUT && echo -e "-> Signed app: $DIR_APPS_OUTPUT/$(basename $appfile)"
52+
for appfile in "$DIR_SNAPS_INPUT"/signing_temp/*.app; do
53+
mv "$appfile" "$DIR_APPS_OUTPUT" && echo -e "-> Signed app: $DIR_APPS_OUTPUT/$(basename "$appfile")"
5454
done
55-
rm -r $DIR_SNAPS_INPUT/signing_temp
55+
rm -r "$DIR_SNAPS_INPUT"/signing_temp

scripts/build-snap-amd64.sh

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
11
#!/usr/bin/env bash
22
set -e
3-
sudo snapcraft clean
4-
sudo snapcraft --build-for=amd64 --verbosity=verbose
3+
snapcraft clean
4+
snapcraft pack --build-for=amd64 --verbosity=verbose

scripts/build-snap-arm64.sh

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
11
#!/usr/bin/env bash
22
set -e
3-
sudo snapcraft clean
4-
sudo snapcraft --build-for=arm64 --verbosity=verbose
3+
snapcraft clean
4+
snapcraft pack --build-for=arm64 --verbosity=verbose

0 commit comments

Comments
 (0)