25 lines
925 B
Bash
Executable File
25 lines
925 B
Bash
Executable File
#!/usr/bin/env bash
|
|
set -u
|
|
KEY_ID="$1"
|
|
if [ -z "$KEY_ID" ]; then echo "polsign: A signing key id must be defined!" 1>&2; exit 255; fi
|
|
# echo "{}" | mkpolicy key_id
|
|
|
|
JSON="$(jq . < /dev/stdin)"
|
|
if [ "$?" != "0" ]; then echo "polsign: Unexpected exit code when loading JSON from stdin: $?" 1>&2; exit 255; fi
|
|
|
|
_JSON="$(echo "$JSON" | jq '{ rules: .rules, signature: null }' -c)"
|
|
if [ "$?" != "0" ]; then echo "polsign: Unexpected exit code when stripping JSON: $?" 1>&2; exit 255; fi
|
|
|
|
SIGNATURE="$(echo "$_JSON" | gpg --local-user "$KEY_ID" --sign --armor --detach-sig)"
|
|
if [ "$?" != "0" ]; then echo "polsign: Unexpected exit code when signing JSON: $?" 1>&2; exit 255; fi
|
|
|
|
SIGNED="$(jq --null-input \
|
|
--argjson event "$_JSON" \
|
|
--arg signature "$SIGNATURE" \
|
|
'$event * { signature: $signature }')"
|
|
if [ "$?" != "0" ]; then echo "polsign: Unexpected exit code when signing JSON: $?" 1>&2; exit 255; fi
|
|
|
|
echo "$SIGNED"
|
|
|
|
|