aboutsummaryrefslogtreecommitdiff
path: root/linux/makepkg/PKGBUILD
diff options
context:
space:
mode:
authorAqua-sama <aqua@iserlohn-fortress.net>2019-03-11 19:39:06 +0200
committerAqua-sama <aqua@iserlohn-fortress.net>2019-03-11 19:39:06 +0200
commit95d92e52ed6d71c21433b382f8a178a04b04954b (patch)
treef7fba616df7a94de37003be7180976bbcc5b87f2 /linux/makepkg/PKGBUILD
parentrepl: import python module (diff)
downloadsmolbote-95d92e52ed6d71c21433b382f8a178a04b04954b.tar.xz
Add PluginLoader class
- PluginLoader::verify can be used to check if the plugin has a valid (SHA512/RSA 4096) signature. - Uses nn OpenSSL public key that is embedded during the compile.
Diffstat (limited to 'linux/makepkg/PKGBUILD')
-rw-r--r--linux/makepkg/PKGBUILD27
1 files changed, 17 insertions, 10 deletions
diff --git a/linux/makepkg/PKGBUILD b/linux/makepkg/PKGBUILD
index 8c6bed3..3907ff8 100644
--- a/linux/makepkg/PKGBUILD
+++ b/linux/makepkg/PKGBUILD
@@ -14,10 +14,10 @@ license=('GPL3')
depends=('qt5-webengine>=5.11.0' 'boost-libs>=1.66.0')
optdepends=('firejail: launch a sandboxed instance')
-makedepends=('git' 'meson' 'pkg-config' 'python-kconfiglib' 'asciidoctor')
+makedepends=('git' 'meson' 'pkg-config' 'python-kconfiglib' 'asciidoctor' 'openssl')
# this is the central repository
-source=("git+https://neueland.iserlohn-fortress.net/gitea/aqua/smolbote.git"
+source=("git+https://neueland.iserlohn-fortress.net/gitea/aeon/smolbote.git"
"git+https://github.com/itay-grudev/SingleApplication.git")
sha512sums=('SKIP'
@@ -32,6 +32,17 @@ prepare() {
git submodule init
git config submodule.3rd-party/SingleApplication/SingleApplication.git.url $srcdir/SingleApplication
git submodule update 3rd-party/SingleApplication/SingleApplication.git
+
+ msg "Creating OpenSSL signing key"
+ mkdir $srcdir/signing
+ cd $srcdir/signing
+ # generate rsa keypair
+ openssl genrsa -out privateKey.pem 4096
+ msg2 "RSA/4096 key created in $srcdir/signing/privateKey.pem. Keep this key if you want to sign additional plugins."
+
+ openssl rsa -in privateKey.pem -pubout -out publicKey.pem
+ xxd -i publicKey.pem $srcdir/smolbote/src/plugin/publicKey.h
+ msg2 "Public key exported, and will be embedded into the resulting application. This will break reproducible builds."
}
pkgver() {
@@ -76,13 +87,9 @@ package() {
cd $srcdir/build
DESTDIR="$pkgdir" ninja install
- #msg Creating signing key in $srcdir/build/gpg
- #mkdir $srcdir/build/gpg
- #gpg2 --homedir=$srcdir/build/gpg --batch --generate-key $srcdir/smolbote/tools/gpgkey.preset
-
- #msg Signing plugins
- #for so in $pkgdir/usr/local/lib/smolbote/plugins/*.so; do
- # gpg2 --homedir=$srcdir/build/gpg --batch --yes --local-user=smolbote@localhost --detach-sign --output=$so.sig $so
- #done
+ msg Signing plugins
+ for so in $pkgdir/usr/local/lib/smolbote/plugins/*.so; do
+ openssl dgst -sha256 -sign $srcdir/signing/privateKey.pem -out $so.sig $so
+ done
}