32 lines
1.1 KiB
Bash
32 lines
1.1 KiB
Bash
#!/bin/bash
|
|
|
|
# from: https://repo.openeuler.org/${openEuler_version}/source/RPM-GPG-KEY-openEuler
|
|
# sha256: 006e79d37c10e74c24df6d07c4efc4176515cec009daa5ed493b06f5b6ef39c1
|
|
CERT="RPM-GPG-KEY-openEuler-compass-ci"
|
|
# process result for kernel building
|
|
CERT_OUT="pubring.gpg"
|
|
|
|
# base64 decode with removing prefix and suffix
|
|
for cert in $CERT; do
|
|
cat $cert | head -n -2 | tail -n +2 | base64 -d > $cert.gpg
|
|
done
|
|
|
|
# Now EBS use subkey to sign, but kernel can only parse main key. So we need to
|
|
# extract subkey information and wrap to a main key format.
|
|
|
|
# The PGP data can be parsered with https://cirw.in/gpg-decoder/
|
|
|
|
# Extra User ID Packet
|
|
# start: 400; length: 38
|
|
dd if=$CERT.gpg of=$CERT.userid.gpg skip=400 bs=1c count=38
|
|
# Extra Public-Subkey Packet
|
|
# start: 902 + 1(wrap cipherTypeByte); length: 400 - 1
|
|
# cipherTypeByte: 0x99 = 10 0110(wrap to a main key) 01
|
|
echo -en "\x99" > $CERT.subkey.gpg
|
|
dd if=$CERT.gpg of=$CERT.subkey.gpg skip=903 bs=1c count=399 seek=1
|
|
|
|
# merge all cert information
|
|
cat $CERT.subkey.gpg $CERT.userid.gpg > $CERT_OUT
|
|
# cleanup
|
|
rm -f RPM-GPG-KEY-openEuler-*
|