This repository has been archived on 2022-03-07. You can view files and clone it, but cannot push or open issues or pull requests.
hotpocket/scripts/polsign.sh

25 lines
925 B
Bash
Raw Permalink Normal View History

2022-02-20 09:43:11 -05:00
#!/usr/bin/env bash
set -u
KEY_ID="$1"
if [ -z "$KEY_ID" ]; then echo "polsign: A signing key id must be defined!" 1>&2; exit 255; fi
# echo "{}" | mkpolicy key_id
JSON="$(jq . < /dev/stdin)"
if [ "$?" != "0" ]; then echo "polsign: Unexpected exit code when loading JSON from stdin: $?" 1>&2; exit 255; fi
_JSON="$(echo "$JSON" | jq '{ rules: .rules, signature: null }' -c)"
if [ "$?" != "0" ]; then echo "polsign: Unexpected exit code when stripping JSON: $?" 1>&2; exit 255; fi
SIGNATURE="$(echo "$_JSON" | gpg --local-user "$KEY_ID" --sign --armor --detach-sig)"
if [ "$?" != "0" ]; then echo "polsign: Unexpected exit code when signing JSON: $?" 1>&2; exit 255; fi
SIGNED="$(jq --null-input \
--argjson event "$_JSON" \
--arg signature "$SIGNATURE" \
'$event * { signature: $signature }')"
if [ "$?" != "0" ]; then echo "polsign: Unexpected exit code when signing JSON: $?" 1>&2; exit 255; fi
echo "$SIGNED"