Skip to content

Commit

Permalink
[Dev] Fix signing scripts so they can be called from arbitrary locations
Browse files Browse the repository at this point in the history
  • Loading branch information
carlopi committed Sep 14, 2023
1 parent fe23ed6 commit 0af3a5f
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 2 deletions.
8 changes: 7 additions & 1 deletion scripts/extension-upload-wasm.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,14 @@

# Usage: ./extension-upload-wasm.sh <architecture> <commithash or version_tag>

# The directory that the script lives in, thanks @Tishj
script_dir="$(dirname "$(readlink -f "$0")")"

set -e

# Ensure we do nothing on failed globs
shopt -s nullglob

echo "$DUCKDB_EXTENSION_SIGNING_PK" > private.pem

FILES="loadable_extensions/*.duckdb_extension.wasm"
Expand All @@ -27,7 +33,7 @@ do
# for a grand total of 2 bytes
echo -n -e '\x80\x02' >> $f.append
# the actual payload, 256 bytes, to be added later
scripts/compute-extension-hash.sh $f.append > $f.hash
$script_dir/compute-extension-hash.sh $f.append > $f.hash
# encrypt hash with extension signing private key to create signature
openssl pkeyutl -sign -in $f.hash -inkey private.pem -pkeyopt digest:sha256 -out $f.sign
# append signature to extension binary
Expand Down
5 changes: 4 additions & 1 deletion scripts/extension-upload.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@

# Usage: ./extension-upload.sh <architecture> <commithash or version_tag> <(optionally) base_dir>

# The directory that the script lives in, thanks @Tishj
script_dir="$(dirname "$(readlink -f "$0")")"

if [ -z "$3" ]; then
BASE_DIR="build/release/extension/*"
else
Expand All @@ -20,7 +23,7 @@ for f in $FILES
do
ext=`basename $f .duckdb_extension`
# calculate SHA256 hash of extension binary
scripts/compute-extension-hash.sh $f > $f.hash
$script_dir/compute-extension-hash.sh $f > $f.hash
# encrypt hash with extension signing private key to create signature
openssl pkeyutl -sign -in $f.hash -inkey private.pem -pkeyopt digest:sha256 -out $f.sign
# append signature to extension binary
Expand Down

0 comments on commit 0af3a5f

Please sign in to comment.