From d26c757f67b8d4dd728fdc05a160b9b22a1fbfd5 Mon Sep 17 00:00:00 2001 From: Pete Batard Date: Sun, 24 Mar 2019 20:30:42 +0000 Subject: [PATCH] Add LZMA compression to signing script, with 64-bit size insert * Why the default lzma utility doesn't insert the uncompressed size on its own is a real mystery... * Note that you need to have vim installed for xxd --- sign.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/sign.sh b/sign.sh index 2613a00..5c5d3f9 100644 --- a/sign.sh +++ b/sign.sh @@ -1,5 +1,5 @@ #!/bin/bash -# This script creates the RSA-2048 signatures for our downloadable content +# Creates an LZMA compressed Fido.ps1 (including decompressed size) and sign it PRIVATE_KEY=/d/Secured/Akeo/Rufus/private.pem PUBLIC_KEY=/d/Secured/Akeo/Rufus/public.pem @@ -25,6 +25,10 @@ echo # Confirm that the pass phrase is valid by trying to sign a dummy file openssl dgst -sha256 -sign $PRIVATE_KEY -passin pass:$PASSWORD $PUBLIC_KEY >/dev/null 2>&1 || { echo Invalid pass phrase; exit 1; } -find . -maxdepth 1 -name "*.ps1" | while read FILE; do sign_file; done +lzma -kf Fido.ps1 +# The 'lzma' utility does not add the uncompressed size, so we must add it manually. And yes, this whole +# gymkhana is what one must actually go through to insert a 64-bit little endian size into a binary file... +printf "00: %016X" `stat -c "%s" Fido.ps1` | xxd -r | xxd -p -c1 | tac | xxd -p -r | dd of=Fido.ps1.lzma seek=5 bs=1 status=none conv=notrunc +find . -maxdepth 1 -name "Fido.ps1.lzma" | while read FILE; do sign_file; done # Clear the PASSWORD variable just in case PASSWORD=`head -c 50 /dev/random | base64`