/
clearsigned
executable file
·85 lines (72 loc) · 1.91 KB
/
clearsigned
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
#!/usr/bin/env bash
set -euo pipefail
# A clearsigned text "editor".
# Easily edit and re-sign the body of an embedded PGP clearsigned document.
#
# Usage:
# clearsigned [-b] [-s] [-e editor] file ...
SHORTOPT=be:
LONGOPTS=backup,editor:,skip-verify
! PARSED=$(getopt --options=${SHORTOPT} --longoptions=${LONGOPTS} --name "$0" -- "$@")
[[ ${PIPESTATUS[0]} -ne 0 ]] && exit 2
eval set -- "$PARSED"
skip_verify=
while true; do
case $1 in
-b|--backup)
backup=1
shift
;;
-e|--editor)
editor=$2
shift 2
;;
--skip-verify)
skip_verify="--skip-verify"
shift
;;
--)
shift
break
;;
*)
echo "Error while parsing arguments" >&2
exit 2
esac
done
if [[ $# -lt 1 ]]; then
echo "Expected at least one file to process" >&2
exit 3
fi
myhead='^-----BEGIN PGP SIGNED MESSAGE-----$'
mytail='^-----END PGP SIGNATURE-----$'
for file in "$@"; do
printf "%s: " "$file"
if [ -v backup ]; then
cp "${file}" "${file}.bak"
printf "backed up. "
fi
tmpfile=$(mktemp --dry-run).${file##*.}
[ -z ${skip_verify} ] || printf "skipping verification! "
if [ -f $file ] && ! output=$(gpg -o "$tmpfile" --decrypt ${skip_verify} "$file" 2>&1 >/dev/null); then
echo "$output" >&2
rm "$tmpfile" 2>/dev/null
exit 1
fi
printf "extracted. "
${editor:-${EDITOR}} "$tmpfile"
printf "edited. "
tmpfile2=$(mktemp --dry-run)
gpg -o "$tmpfile2" --clearsign "$tmpfile"
printf "signed. "
rm "$tmpfile"
if [ -f $file ]; then
sed -i '1,1d; $d' "${tmpfile2}"
sed -ne "/${myhead}/ {p; r ${tmpfile2}" \
-e ":a; n; /${mytail}/ {p; b}; ba}; p" -i "$file"
rm "$tmpfile2"
else
mv "$tmpfile2" "$file"
fi
printf "done.\\n"
done