50 lines
1.2 KiB
Bash
Executable File
50 lines
1.2 KiB
Bash
Executable File
#!/bin/sh
|
|
# sign-release.sh — sign a release binary with your Ed25519 private key
|
|
#
|
|
# Usage:
|
|
# sh scripts/sign-release.sh <developer-name> <binary-path>
|
|
#
|
|
# Output:
|
|
# <binary-path>.sig — raw 64-byte Ed25519 signature
|
|
#
|
|
# The .sig file must be uploaded alongside the binary to the Gitea release.
|
|
#
|
|
# Requirements: openssl 3.x
|
|
|
|
set -e
|
|
|
|
NAME="$1"
|
|
BINARY="$2"
|
|
|
|
if [ -z "$NAME" ] || [ -z "$BINARY" ]; then
|
|
echo "Usage: sh scripts/sign-release.sh <developer-name> <binary-path>" >&2
|
|
echo "Example: sh scripts/sign-release.sh mchusavitin dist/bee-audit-linux-amd64" >&2
|
|
exit 1
|
|
fi
|
|
|
|
PRIVATE_KEY_PATH="$HOME/.keys/${NAME}.key"
|
|
SIG_PATH="${BINARY}.sig"
|
|
|
|
if [ ! -f "$PRIVATE_KEY_PATH" ]; then
|
|
echo "Private key not found: $PRIVATE_KEY_PATH" >&2
|
|
echo "Run scripts/keygen.sh $NAME first." >&2
|
|
exit 1
|
|
fi
|
|
|
|
if [ ! -f "$BINARY" ]; then
|
|
echo "Binary not found: $BINARY" >&2
|
|
exit 1
|
|
fi
|
|
|
|
# Sign: produce raw 64-byte Ed25519 signature
|
|
openssl pkeyutl -sign \
|
|
-inkey "$PRIVATE_KEY_PATH" \
|
|
-rawin \
|
|
-in "$BINARY" \
|
|
-out "$SIG_PATH"
|
|
|
|
echo "Signed: $BINARY"
|
|
echo "Signature: $SIG_PATH"
|
|
echo ""
|
|
echo "Upload both files to the Gitea release as assets."
|