mirror of
https://github.com/lineageos4microg/docker-lineage-cicd
synced 2024-06-10 22:56:19 +02:00
Revert "Merge pull request #212 from CyberShadow/pull-20210814-073027"
This reverts commit1d05824958
, reversing changes made to95d75b6613
.
This commit is contained in:
parent
1a3ad5a03e
commit
a1255785de
|
@ -1,14 +0,0 @@
|
||||||
on: [ push, pull_request ]
|
|
||||||
|
|
||||||
name: ShellCheck
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
shellcheck:
|
|
||||||
name: Shellcheck
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v2
|
|
||||||
- name: Run ShellCheck
|
|
||||||
uses: ludeeus/action-shellcheck@94e0aab03ca135d11a35e5bfc14e6746dc56e7e9
|
|
||||||
with:
|
|
||||||
additional_files: src/make_key
|
|
65
src/build.sh
65
src/build.sh
|
@ -17,12 +17,10 @@
|
||||||
# You should have received a copy of the GNU General Public License
|
# You should have received a copy of the GNU General Public License
|
||||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
set -eEuo pipefail
|
|
||||||
|
|
||||||
repo_log="$LOGS_DIR/repo-$(date +%Y%m%d).log"
|
repo_log="$LOGS_DIR/repo-$(date +%Y%m%d).log"
|
||||||
|
|
||||||
# cd to working directory
|
# cd to working directory
|
||||||
cd "$SRC_DIR"
|
cd "$SRC_DIR" || exit
|
||||||
|
|
||||||
if [ -f /root/userscripts/begin.sh ]; then
|
if [ -f /root/userscripts/begin.sh ]; then
|
||||||
echo ">> [$(date)] Running begin.sh"
|
echo ">> [$(date)] Running begin.sh"
|
||||||
|
@ -38,9 +36,9 @@ fi
|
||||||
# Treat DEVICE_LIST as DEVICE_LIST_<first_branch>
|
# Treat DEVICE_LIST as DEVICE_LIST_<first_branch>
|
||||||
first_branch=$(cut -d ',' -f 1 <<< "$BRANCH_NAME")
|
first_branch=$(cut -d ',' -f 1 <<< "$BRANCH_NAME")
|
||||||
if [ -n "$DEVICE_LIST" ]; then
|
if [ -n "$DEVICE_LIST" ]; then
|
||||||
device_list_first_branch="DEVICE_LIST_${first_branch//[^[:alnum:]]/_}"
|
device_list_first_branch="DEVICE_LIST_$(sed 's/[^[:alnum:]]/_/g' <<< "$first_branch")"
|
||||||
device_list_first_branch=${device_list_first_branch^^}
|
device_list_first_branch=${device_list_first_branch^^}
|
||||||
read -r "${device_list_first_branch?}" <<< "$DEVICE_LIST,${!device_list_first_branch:-}"
|
read "$device_list_first_branch" <<< "$DEVICE_LIST,${!device_list_first_branch}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# If needed, migrate from the old SRC_DIR structure
|
# If needed, migrate from the old SRC_DIR structure
|
||||||
|
@ -57,11 +55,11 @@ fi
|
||||||
|
|
||||||
if [ "$LOCAL_MIRROR" = true ]; then
|
if [ "$LOCAL_MIRROR" = true ]; then
|
||||||
|
|
||||||
cd "$MIRROR_DIR"
|
cd "$MIRROR_DIR" || exit
|
||||||
|
|
||||||
if [ ! -d .repo ]; then
|
if [ ! -d .repo ]; then
|
||||||
echo ">> [$(date)] Initializing mirror repository" | tee -a "$repo_log"
|
echo ">> [$(date)] Initializing mirror repository" | tee -a "$repo_log"
|
||||||
( yes||: ) | repo init -u https://github.com/LineageOS/mirror --mirror --no-clone-bundle -p linux &>> "$repo_log"
|
yes | repo init -u https://github.com/LineageOS/mirror --mirror --no-clone-bundle -p linux &>> "$repo_log"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Copy local manifests to the appropriate folder in order take them into consideration
|
# Copy local manifests to the appropriate folder in order take them into consideration
|
||||||
|
@ -81,7 +79,7 @@ if [ "$LOCAL_MIRROR" = true ]; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
for branch in ${BRANCH_NAME//,/ }; do
|
for branch in ${BRANCH_NAME//,/ }; do
|
||||||
branch_dir=${branch//[^[:alnum:]]/_}
|
branch_dir=$(sed 's/[^[:alnum:]]/_/g' <<< "$branch")
|
||||||
branch_dir=${branch_dir^^}
|
branch_dir=${branch_dir^^}
|
||||||
device_list_cur_branch="DEVICE_LIST_$branch_dir"
|
device_list_cur_branch="DEVICE_LIST_$branch_dir"
|
||||||
devices=${!device_list_cur_branch}
|
devices=${!device_list_cur_branch}
|
||||||
|
@ -126,7 +124,7 @@ for branch in ${BRANCH_NAME//,/ }; do
|
||||||
android_version_major=$(cut -d '.' -f 1 <<< $android_version)
|
android_version_major=$(cut -d '.' -f 1 <<< $android_version)
|
||||||
|
|
||||||
mkdir -p "$SRC_DIR/$branch_dir"
|
mkdir -p "$SRC_DIR/$branch_dir"
|
||||||
cd "$SRC_DIR/$branch_dir"
|
cd "$SRC_DIR/$branch_dir" || exit
|
||||||
|
|
||||||
echo ">> [$(date)] Branch: $branch"
|
echo ">> [$(date)] Branch: $branch"
|
||||||
echo ">> [$(date)] Devices: $devices"
|
echo ">> [$(date)] Devices: $devices"
|
||||||
|
@ -134,18 +132,18 @@ for branch in ${BRANCH_NAME//,/ }; do
|
||||||
# Remove previous changes of vendor/cm, vendor/lineage and frameworks/base (if they exist)
|
# Remove previous changes of vendor/cm, vendor/lineage and frameworks/base (if they exist)
|
||||||
for path in "vendor/cm" "vendor/lineage" "frameworks/base" "packages/apps/PermissionController"; do
|
for path in "vendor/cm" "vendor/lineage" "frameworks/base" "packages/apps/PermissionController"; do
|
||||||
if [ -d "$path" ]; then
|
if [ -d "$path" ]; then
|
||||||
cd "$path"
|
cd "$path" || exit
|
||||||
git reset -q --hard
|
git reset -q --hard
|
||||||
git clean -q -fd
|
git clean -q -fd
|
||||||
cd "$SRC_DIR/$branch_dir"
|
cd "$SRC_DIR/$branch_dir" || exit
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
echo ">> [$(date)] (Re)initializing branch repository" | tee -a "$repo_log"
|
echo ">> [$(date)] (Re)initializing branch repository" | tee -a "$repo_log"
|
||||||
if [ "$LOCAL_MIRROR" = true ]; then
|
if [ "$LOCAL_MIRROR" = true ]; then
|
||||||
( yes||: ) | repo init -u https://github.com/LineageOS/android.git --reference "$MIRROR_DIR" -b "$branch" &>> "$repo_log"
|
yes | repo init -u https://github.com/LineageOS/android.git --reference "$MIRROR_DIR" -b "$branch" &>> "$repo_log"
|
||||||
else
|
else
|
||||||
( yes||: ) | repo init -u https://github.com/LineageOS/android.git -b "$branch" &>> "$repo_log"
|
yes | repo init -u https://github.com/LineageOS/android.git -b "$branch" &>> "$repo_log"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Copy local manifests to the appropriate folder in order take them into consideration
|
# Copy local manifests to the appropriate folder in order take them into consideration
|
||||||
|
@ -180,7 +178,7 @@ for branch in ${BRANCH_NAME//,/ }; do
|
||||||
# If needed, apply the microG's signature spoofing patch
|
# If needed, apply the microG's signature spoofing patch
|
||||||
if [ "$SIGNATURE_SPOOFING" = "yes" ] || [ "$SIGNATURE_SPOOFING" = "restricted" ]; then
|
if [ "$SIGNATURE_SPOOFING" = "yes" ] || [ "$SIGNATURE_SPOOFING" = "restricted" ]; then
|
||||||
# Determine which patch should be applied to the current Android source tree
|
# Determine which patch should be applied to the current Android source tree
|
||||||
cd frameworks/base
|
cd frameworks/base || exit
|
||||||
if [ "$SIGNATURE_SPOOFING" = "yes" ]; then
|
if [ "$SIGNATURE_SPOOFING" = "yes" ]; then
|
||||||
echo ">> [$(date)] Applying the standard signature spoofing patch ($patch_name) to frameworks/base"
|
echo ">> [$(date)] Applying the standard signature spoofing patch ($patch_name) to frameworks/base"
|
||||||
echo ">> [$(date)] WARNING: the standard signature spoofing patch introduces a security threat"
|
echo ">> [$(date)] WARNING: the standard signature spoofing patch introduces a security threat"
|
||||||
|
@ -189,13 +187,21 @@ for branch in ${BRANCH_NAME//,/ }; do
|
||||||
echo ">> [$(date)] Applying the restricted signature spoofing patch (based on $patch_name) to frameworks/base"
|
echo ">> [$(date)] Applying the restricted signature spoofing patch (based on $patch_name) to frameworks/base"
|
||||||
sed 's/android:protectionLevel="dangerous"/android:protectionLevel="signature|privileged"/' "/root/signature_spoofing_patches/$patch_name" | patch --quiet --force -p1
|
sed 's/android:protectionLevel="dangerous"/android:protectionLevel="signature|privileged"/' "/root/signature_spoofing_patches/$patch_name" | patch --quiet --force -p1
|
||||||
fi
|
fi
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
echo ">> [$(date)] ERROR: failed to apply $patch_name"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
git clean -q -f
|
git clean -q -f
|
||||||
cd ../..
|
cd ../..
|
||||||
|
|
||||||
if [ -n "$permissioncontroller_patch" ] && [ "$SIGNATURE_SPOOFING" = "yes" ]; then
|
if [ -n "$permissioncontroller_patch" ] && [ "$SIGNATURE_SPOOFING" = "yes" ]; then
|
||||||
cd packages/apps/PermissionController
|
cd packages/apps/PermissionController || exit
|
||||||
echo ">> [$(date)] Applying the PermissionController patch ($permissioncontroller_patch) to packages/apps/PermissionController"
|
echo ">> [$(date)] Applying the PermissionController patch ($permissioncontroller_patch) to packages/apps/PermissionController"
|
||||||
patch --quiet --force -p1 -i "/root/signature_spoofing_patches/$permissioncontroller_patch"
|
patch --quiet --force -p1 -i "/root/signature_spoofing_patches/$permissioncontroller_patch"
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
echo ">> [$(date)] ERROR: failed to apply $permissioncontroller_patch"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
git clean -q -f
|
git clean -q -f
|
||||||
cd ../../..
|
cd ../../..
|
||||||
fi
|
fi
|
||||||
|
@ -247,10 +253,7 @@ for branch in ${BRANCH_NAME//,/ }; do
|
||||||
|
|
||||||
# Prepare the environment
|
# Prepare the environment
|
||||||
echo ">> [$(date)] Preparing build environment"
|
echo ">> [$(date)] Preparing build environment"
|
||||||
set +eu
|
|
||||||
# shellcheck source=/dev/null
|
|
||||||
source build/envsetup.sh > /dev/null
|
source build/envsetup.sh > /dev/null
|
||||||
set -eu
|
|
||||||
|
|
||||||
if [ -f /root/userscripts/before.sh ]; then
|
if [ -f /root/userscripts/before.sh ]; then
|
||||||
echo ">> [$(date)] Running before.sh"
|
echo ">> [$(date)] Running before.sh"
|
||||||
|
@ -267,27 +270,23 @@ for branch in ${BRANCH_NAME//,/ }; do
|
||||||
|
|
||||||
if [ "$LOCAL_MIRROR" = true ]; then
|
if [ "$LOCAL_MIRROR" = true ]; then
|
||||||
echo ">> [$(date)] Syncing mirror repository" | tee -a "$repo_log"
|
echo ">> [$(date)] Syncing mirror repository" | tee -a "$repo_log"
|
||||||
cd "$MIRROR_DIR"
|
cd "$MIRROR_DIR" || exit
|
||||||
repo sync --force-sync --no-clone-bundle &>> "$repo_log"
|
repo sync --force-sync --no-clone-bundle &>> "$repo_log"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo ">> [$(date)] Syncing branch repository" | tee -a "$repo_log"
|
echo ">> [$(date)] Syncing branch repository" | tee -a "$repo_log"
|
||||||
cd "$SRC_DIR/$branch_dir"
|
cd "$SRC_DIR/$branch_dir" || exit
|
||||||
repo sync -c --force-sync &>> "$repo_log"
|
repo sync -c --force-sync &>> "$repo_log"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$BUILD_OVERLAY" = true ]; then
|
if [ "$BUILD_OVERLAY" = true ]; then
|
||||||
lowerdir=$SRC_DIR/$branch_dir
|
mkdir -p "$TMP_DIR/device" "$TMP_DIR/workdir" "$TMP_DIR/merged"
|
||||||
upperdir=$TMP_DIR/device
|
mount -t overlay overlay -o lowerdir="$SRC_DIR/$branch_dir",upperdir="$TMP_DIR/device",workdir="$TMP_DIR/workdir" "$TMP_DIR/merged"
|
||||||
workdir=$TMP_DIR/workdir
|
|
||||||
merged=$TMP_DIR/merged
|
|
||||||
mkdir -p "$upperdir" "$workdir" "$merged"
|
|
||||||
mount -t overlay overlay -o lowerdir="$lowerdir",upperdir="$upperdir",workdir="$workdir" "$merged"
|
|
||||||
source_dir="$TMP_DIR/merged"
|
source_dir="$TMP_DIR/merged"
|
||||||
else
|
else
|
||||||
source_dir="$SRC_DIR/$branch_dir"
|
source_dir="$SRC_DIR/$branch_dir"
|
||||||
fi
|
fi
|
||||||
cd "$source_dir"
|
cd "$source_dir" || exit
|
||||||
|
|
||||||
if [ "$ZIP_SUBDIR" = true ]; then
|
if [ "$ZIP_SUBDIR" = true ]; then
|
||||||
zipsubdir=$codename
|
zipsubdir=$codename
|
||||||
|
@ -312,7 +311,7 @@ for branch in ${BRANCH_NAME//,/ }; do
|
||||||
# Start the build
|
# Start the build
|
||||||
echo ">> [$(date)] Starting build for $codename, $branch branch" | tee -a "$DEBUG_LOG"
|
echo ">> [$(date)] Starting build for $codename, $branch branch" | tee -a "$DEBUG_LOG"
|
||||||
build_successful=false
|
build_successful=false
|
||||||
if ( set +eu ; brunch "$codename" ) &>> "$DEBUG_LOG"; then
|
if brunch "$codename" &>> "$DEBUG_LOG"; then
|
||||||
currentdate=$(date +%Y%m%d)
|
currentdate=$(date +%Y%m%d)
|
||||||
if [ "$builddate" != "$currentdate" ]; then
|
if [ "$builddate" != "$currentdate" ]; then
|
||||||
find out/target/product/"$codename" -maxdepth 1 -name "lineage-*-$currentdate-*.zip*" -type f -exec sh /root/fix_build_date.sh {} "$currentdate" "$builddate" \; &>> "$DEBUG_LOG"
|
find out/target/product/"$codename" -maxdepth 1 -name "lineage-*-$currentdate-*.zip*" -type f -exec sh /root/fix_build_date.sh {} "$currentdate" "$builddate" \; &>> "$DEBUG_LOG"
|
||||||
|
@ -320,7 +319,7 @@ for branch in ${BRANCH_NAME//,/ }; do
|
||||||
|
|
||||||
# Move produced ZIP files to the main OUT directory
|
# Move produced ZIP files to the main OUT directory
|
||||||
echo ">> [$(date)] Moving build artifacts for $codename to '$ZIP_DIR/$zipsubdir'" | tee -a "$DEBUG_LOG"
|
echo ">> [$(date)] Moving build artifacts for $codename to '$ZIP_DIR/$zipsubdir'" | tee -a "$DEBUG_LOG"
|
||||||
cd out/target/product/"$codename"
|
cd out/target/product/"$codename" || exit
|
||||||
for build in lineage-*.zip; do
|
for build in lineage-*.zip; do
|
||||||
sha256sum "$build" > "$ZIP_DIR/$zipsubdir/$build.sha256sum"
|
sha256sum "$build" > "$ZIP_DIR/$zipsubdir/$build.sha256sum"
|
||||||
cp -v system/build.prop "$ZIP_DIR/$zipsubdir/$build.prop" &>> "$DEBUG_LOG"
|
cp -v system/build.prop "$ZIP_DIR/$zipsubdir/$build.prop" &>> "$DEBUG_LOG"
|
||||||
|
@ -333,7 +332,7 @@ for branch in ${BRANCH_NAME//,/ }; do
|
||||||
break
|
break
|
||||||
fi
|
fi
|
||||||
done &>> "$DEBUG_LOG"
|
done &>> "$DEBUG_LOG"
|
||||||
cd "$source_dir"
|
cd "$source_dir" || exit
|
||||||
build_successful=true
|
build_successful=true
|
||||||
else
|
else
|
||||||
echo ">> [$(date)] Failed build for $codename" | tee -a "$DEBUG_LOG"
|
echo ">> [$(date)] Failed build for $codename" | tee -a "$DEBUG_LOG"
|
||||||
|
@ -362,7 +361,7 @@ for branch in ${BRANCH_NAME//,/ }; do
|
||||||
|
|
||||||
if [ "$BUILD_OVERLAY" = true ]; then
|
if [ "$BUILD_OVERLAY" = true ]; then
|
||||||
# The Jack server must be stopped manually, as we want to unmount $TMP_DIR/merged
|
# The Jack server must be stopped manually, as we want to unmount $TMP_DIR/merged
|
||||||
cd "$TMP_DIR"
|
cd "$TMP_DIR" || exit
|
||||||
if [ -f "$TMP_DIR/merged/prebuilts/sdk/tools/jack-admin" ]; then
|
if [ -f "$TMP_DIR/merged/prebuilts/sdk/tools/jack-admin" ]; then
|
||||||
"$TMP_DIR/merged/prebuilts/sdk/tools/jack-admin kill-server" &> /dev/null || true
|
"$TMP_DIR/merged/prebuilts/sdk/tools/jack-admin kill-server" &> /dev/null || true
|
||||||
fi
|
fi
|
||||||
|
@ -378,10 +377,10 @@ for branch in ${BRANCH_NAME//,/ }; do
|
||||||
if [ "$CLEAN_AFTER_BUILD" = true ]; then
|
if [ "$CLEAN_AFTER_BUILD" = true ]; then
|
||||||
echo ">> [$(date)] Cleaning source dir for device $codename" | tee -a "$DEBUG_LOG"
|
echo ">> [$(date)] Cleaning source dir for device $codename" | tee -a "$DEBUG_LOG"
|
||||||
if [ "$BUILD_OVERLAY" = true ]; then
|
if [ "$BUILD_OVERLAY" = true ]; then
|
||||||
cd "$TMP_DIR"
|
cd "$TMP_DIR" || exit
|
||||||
rm -rf ./*
|
rm -rf ./*
|
||||||
else
|
else
|
||||||
cd "$source_dir"
|
cd "$source_dir" || exit
|
||||||
mka clean &>> "$DEBUG_LOG"
|
mka clean &>> "$DEBUG_LOG"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
mv "$1" "$(echo "$1" | sed "s|$2|$3|")"
|
mv "$1" $(echo "$1" | sed "s|$2|$3|")
|
||||||
|
|
|
@ -17,8 +17,6 @@
|
||||||
# You should have received a copy of the GNU General Public License
|
# You should have received a copy of the GNU General Public License
|
||||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
set -eEuo pipefail
|
|
||||||
|
|
||||||
# Copy the user scripts
|
# Copy the user scripts
|
||||||
mkdir -p /root/userscripts
|
mkdir -p /root/userscripts
|
||||||
cp -r "$USERSCRIPTS_DIR"/. /root/userscripts
|
cp -r "$USERSCRIPTS_DIR"/. /root/userscripts
|
||||||
|
@ -54,7 +52,7 @@ if [ "$SIGN_BUILDS" = true ]; then
|
||||||
|
|
||||||
for c in cyngn{-priv,}-app testkey; do
|
for c in cyngn{-priv,}-app testkey; do
|
||||||
for e in pk8 x509.pem; do
|
for e in pk8 x509.pem; do
|
||||||
ln -sf releasekey.$e "$KEYS_DIR/$c.$e" 2> /dev/null
|
ln -s releasekey.$e "$KEYS_DIR/$c.$e" 2> /dev/null
|
||||||
done
|
done
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
@ -66,7 +64,7 @@ else
|
||||||
cronFile=/tmp/buildcron
|
cronFile=/tmp/buildcron
|
||||||
printf "SHELL=/bin/bash\n" > $cronFile
|
printf "SHELL=/bin/bash\n" > $cronFile
|
||||||
printenv -0 | sed -e 's/=\x0/=""\n/g' | sed -e 's/\x0/\n/g' | sed -e "s/_=/PRINTENV=/g" >> $cronFile
|
printenv -0 | sed -e 's/=\x0/=""\n/g' | sed -e 's/\x0/\n/g' | sed -e "s/_=/PRINTENV=/g" >> $cronFile
|
||||||
printf '\n%s /usr/bin/flock -n /var/lock/build.lock /root/build.sh >> /var/log/docker.log 2>&1\n' "$CRONTAB_TIME" >> $cronFile
|
printf "\n$CRONTAB_TIME /usr/bin/flock -n /var/lock/build.lock /root/build.sh >> /var/log/docker.log 2>&1\n" >> $cronFile
|
||||||
crontab $cronFile
|
crontab $cronFile
|
||||||
rm $cronFile
|
rm $cronFile
|
||||||
|
|
||||||
|
|
28
src/make_key
28
src/make_key
|
@ -17,9 +17,7 @@
|
||||||
# Generates a public/private key pair suitable for use in signing
|
# Generates a public/private key pair suitable for use in signing
|
||||||
# android .apks and OTA update packages.
|
# android .apks and OTA update packages.
|
||||||
|
|
||||||
set -eEuo pipefail
|
if [ "$#" -lt 2 -o "$#" -gt 3 ]; then
|
||||||
|
|
||||||
if [[ "$#" -lt 2 || "$#" -gt 3 ]]; then
|
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
Usage: $0 <name> <subject> [<keytype>]
|
Usage: $0 <name> <subject> [<keytype>]
|
||||||
|
|
||||||
|
@ -29,7 +27,7 @@ EOF
|
||||||
exit 2
|
exit 2
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ -e "$1.pk8" || -e "$1.x509.pem" ]]; then
|
if [[ -e $1.pk8 || -e $1.x509.pem ]]; then
|
||||||
echo "$1.pk8 and/or $1.x509.pem already exist; please delete them first"
|
echo "$1.pk8 and/or $1.x509.pem already exist; please delete them first"
|
||||||
echo "if you want to replace them."
|
echo "if you want to replace them."
|
||||||
exit 1
|
exit 1
|
||||||
|
@ -40,38 +38,38 @@ fi
|
||||||
# touch the disk.
|
# touch the disk.
|
||||||
|
|
||||||
tmpdir=$(mktemp -d)
|
tmpdir=$(mktemp -d)
|
||||||
trap 'rm -rf ${tmpdir}' EXIT
|
trap 'rm -rf ${tmpdir}; echo; exit 1' EXIT INT QUIT
|
||||||
|
|
||||||
one=${tmpdir}/one
|
one=${tmpdir}/one
|
||||||
two=${tmpdir}/two
|
two=${tmpdir}/two
|
||||||
mknod "${one}" p
|
mknod ${one} p
|
||||||
mknod "${two}" p
|
mknod ${two} p
|
||||||
chmod 0600 "${one}" "${two}"
|
chmod 0600 ${one} ${two}
|
||||||
|
|
||||||
read -rp "Enter password for '$1' (blank for none; password will be visible): " \
|
read -p "Enter password for '$1' (blank for none; password will be visible): " \
|
||||||
password
|
password
|
||||||
|
|
||||||
if [[ "$#" -eq 2 || "${3}" = "rsa" ]]; then
|
if [ "${3}" = "rsa" -o "$#" -eq 2 ]; then
|
||||||
( openssl genrsa -f4 2048 | tee "${one}" > "${two}" ) &
|
( openssl genrsa -f4 2048 | tee ${one} > ${two} ) &
|
||||||
hash="-sha256"
|
hash="-sha256"
|
||||||
elif [ "${3}" = "ec" ]; then
|
elif [ "${3}" = "ec" ]; then
|
||||||
( openssl ecparam -name prime256v1 -genkey -noout | tee "${one}" > "${two}" ) &
|
( openssl ecparam -name prime256v1 -genkey -noout | tee ${one} > ${two} ) &
|
||||||
hash="-sha256"
|
hash="-sha256"
|
||||||
else
|
else
|
||||||
echo "Only accepts RSA or EC keytypes."
|
echo "Only accepts RSA or EC keytypes."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
openssl req -new -x509 ${hash} -key "${two}" -out "$1".x509.pem \
|
openssl req -new -x509 ${hash} -key ${two} -out $1.x509.pem \
|
||||||
-days 10000 -subj "$2" &
|
-days 10000 -subj "$2" &
|
||||||
|
|
||||||
if [ "${password}" == "" ]; then
|
if [ "${password}" == "" ]; then
|
||||||
echo "creating ${1}.pk8 with no password"
|
echo "creating ${1}.pk8 with no password"
|
||||||
openssl pkcs8 -in "${one}" -topk8 -outform DER -out "$1".pk8 -nocrypt
|
openssl pkcs8 -in ${one} -topk8 -outform DER -out $1.pk8 -nocrypt
|
||||||
else
|
else
|
||||||
echo "creating ${1}.pk8 with password [${password}]"
|
echo "creating ${1}.pk8 with password [${password}]"
|
||||||
export password
|
export password
|
||||||
openssl pkcs8 -in "${one}" -topk8 -outform DER -out "$1".pk8 \
|
openssl pkcs8 -in ${one} -topk8 -outform DER -out $1.pk8 \
|
||||||
-passout env:password
|
-passout env:password
|
||||||
unset password
|
unset password
|
||||||
fi
|
fi
|
||||||
|
|
Loading…
Reference in New Issue