Skip to content

Commit

Permalink
Add qubes.PESign
Browse files Browse the repository at this point in the history 
Related to QubesOS/qubes-issues#8206
  • Loading branch information
@fepitre
fepitre committed Aug 2, 2024
1 parent b996674 commit cd2e162
Showing 1 changed file with 33 additions and 0 deletions.
33 changes: 33 additions & 0 deletions rpc/qubes.PESign
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
#!/bin/bash

set -x -e -o pipefail

CERTIFICATE="$1"
[[ -z "$CERTIFICATE" ]] && { echo "Please provide certificate name"; exit 1; };

PAYLOAD_DIR="$(mktemp -d)"

cleanup() {
local payload_dir="$1"
if [ -n "${payload_dir}" ]; then
rm -rf "${payload_dir}"
fi
}

trap "cleanup ${PAYLOAD_DIR}" EXIT

payload="${PAYLOAD_DIR}/payload"

# Limit stdin size
head --bytes=100MB > "$payload"

# We don't allow payload being at least 100MB
actual_size="$(wc -c < "$payload")"
if [ "$actual_size" -eq $((100 * 1024 * 1024)) ]; then
echo "Input size is at least 100MB. Aborting."
exit 1
fi

pesign -s -c "${CERTIFICATE//__/ }" -i "$payload" -o "$payload".signed

cat "$payload".signed

0 comments on commit cd2e162

Please sign in to comment.