diff --git a/sign.sh b/sign.sh new file mode 100755 index 0000000..aae358f --- /dev/null +++ b/sign.sh @@ -0,0 +1,210 @@ +#!/bin/sh +# vi:ts=4:ai +# $Id$ +# +# Unterzeichnet Newsartikel mittels PGP +# Heiko Schlichting (heiko@fu-berlin.de) +# +# $Log$ +# Revision 1.1 2003/07/06 18:58:06 eagle +# Import current version from ftp.isc.org /pub/pgpcontrol. +# +# Revision 1.8 1996/08/09 22:25:27 heiko +# ignore case in headers but keep the right case to sign +# filter unwanted headerlines +# sign an already signed article works now +# +# Revision 1.7 1996/08/07 19:00:08 heiko +# SIGNER could contain spaces. +# +# Revision 1.6 1996/08/07 18:17:13 lutz +# SIGNER might be preset. (lutz@as-node.jena.thur.de) +# +# Revision 1.5 1996/08/07 01:36:35 heiko +# Skip articles if not found. +# +# Revision 1.4 1996/08/07 01:15:38 heiko +# Debug statement removed +# +# Revision 1.3 1996/08/07 01:14:22 heiko +# Initial Version +# +# + +###################### START OF CONFIGURATION SECTION ###################### + +# Configure pathnames to required programs +GAWK=/usr/local/bin/gawk +PGP=/usr/local/bin/pgp + +# Who should sign the article? +if [ -z "$SIGNER" ]; then + SIGNER="de.admin.news.announce" +fi + + +# STORING YOUR PASS PHRASE IN A FILE IS A SECURITY HOLE! +# If you don't define PGPPASSFILE, you can use this script interactively. +PGPPASSFILE="" + +####################### END OF CONFIGURATION SECTION ####################### + +PRG=$0 + +check() +{ + if [ ! -x $1 ]; then + echo "Required executable $1 not found." + echo "You should configure $PRG." + exit 2 + fi +} + +# Usage message +if [ $# -eq 0 ]; then + echo "Usage: $PRG article ..." + exit 1 +fi + +# Are the executables available? +for EXE in $GAWK $PGP; +do + check "$EXE" +done + +if [ ! -z "$PGPPASSFILE" -a -f "$PGPPASSFILE" ]; +then + PGPPASS=`cat "$PGPPASSFILE"` + export PGPPASS +fi + +while [ $# -gt 0 ]; do + article=$1 + if [ ! -f ${article} ]; then + echo "${article}: not found - skipped" + shift + continue + fi + rm -f ${article}.new + trap "rm -f ${article}.new; exit 0" 0 1 2 3 15 + $GAWK -F: ' + BEGIN{ + # Which headers should be signed? + headernames="Subject:Control:Message-ID:Date:From:Sender:Newsgroups:Approved:Followup-To" + split(headernames,header) + IGNORECASE=1 + body=0 + i=0 + last=0 + } + + # After processing the header, print it + !NF&&!body{ + body=1 + print "X-Signed-Headers:",sig + for (h=0; h < i; h++) { + print ph[h] + } + } + + # Article body + body{print;next} + + # For continuation header lines + $0~/^[ \t]/ { + if (last==1) { + ph[i-1]=ph[i-1]"\n"$0 + } + next + } + + # Normal header lines + { + for (h in header) { + if (match($1,"^"header[h]"$")){ + ph[i]=$0 + if (i) { + sig=sig","$1 + }else{ + sig=$1 + } + i++ + last=1 + next + }else{ + last=0 + } + } + } + ' $article | $PGP -fast -u "$SIGNER" +verbose=0 +language="en" | + $GAWK -v artfile="$article" ' + BEGIN{ + body=0 + skip=0 + version="unknown" + # Which header should be filtered? + filternames="X-PGP-Sig:NNTP-Posting-Host:NNTP-Posting-User:Path:To:Cc:X-Access:Lines:X-Newsreader" + split(filternames,filter,":") + IGNORECASE=1 + while ((getline header < artfile) >0) { + if (length(header)>0) { + if (skip && match(header,/^[ \t]/)){ + continue + } + skip=0 + for (f in filter) { + if (match(header,"^"filter[f]":[ \t]")){ + skip=1 + } + } + if (!skip) { + print header + } + } else { + break + } + } + IGNORECASE=0 + } + $1~/^X-Signed-Headers:/&&!body{ + sig=$2 + next + } + $0~/^-----BEGIN PGP SIGNATURE-----$/{ + body=1 + next + } + $0~/^Version:/&&(body==1){ + version=$2 + next + } + $0~/^-----END PGP SIGNATURE-----$/{ + body=0 + next + } + !NF&&(body==1){ + body=2 + print "X-PGP-Sig:",version,sig + next + } + body==2{ + print "\t"$0 + } + END{ + print "" + while ((getline < artfile) >0) { + print $0 + } + close (artfile) + } + ' > ${article}.new + if [ -s ${article}.new ]; then + mv ${article} ${article}.bak + mv ${article}.new $article + echo "${article}: ok" + else + echo "${article}: FAILED" + rm -f ${article}.new + fi + shift +done