blob: c2002ae916ef47b61a39e83fff92e028e5e481ec (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
#!/bin/bash
set -euo pipefail
# sign-mirror.sh
# Generate detached PGP signature for stygian.failzero.net/mirror
MIRROR_PATH="/mnt/brimstone/mirror/signatures"
SIGNING_KEY="doc@filenotfound.org"
BASENAME="SHA256SUMS"
TS=$(date +"%Y%m%d-%H%M%S")
CHECKSUM_FILE="$MIRROR_PATH/${BASENAME}-$TS"
echo "[*] Generating $CHECKSUM_FILE..."
(
cd "$MIRROR_PATH"
find . -type f -not -xtype l ! -name "SHA256SUMS*" -exec sha256sum {} \;
) > "$CHECKSUM_FILE"
echo "[*] Signing with GPG key: $SIGNING_KEY"
gpg --batch --yes --default-key "$SIGNING_KEY" \
--armor --detach-sign "$CHECKSUM_FILE"
echo "[*] Verifying signature..."
gpg --verify "$CHECKSUM_FILE.asc" "$CHECKSUM_FILE"
# Rotate old files, keep last 3
echo "[*] Rotating old signatures (keeping last 3)..."
cd "$MIRROR_PATH"
(ls -1t ${BASENAME}-* 2>/dev/null || true) | tail -n +4 | xargs -r rm -f || true
(ls -1t ${BASENAME}-*.asc 2>/dev/null || true) | tail -n +4 | xargs -r rm -f || true
# Update symlinks to latest
echo "[*] Updating symlinks..."
LATEST=$(ls -1t ${BASENAME}-* | head -n1)
ln -sf "$LATEST" "${BASENAME}"
ln -sf "$LATEST.asc" "${BASENAME}.asc"
echo "[+] Done. Latest signature: ${LATEST}.asc"
|
