openssl signing

[pharext/pharext] / build / create-phar.php

diff --git a/build/create-phar.php b/build/create-phar.php
index c03ba8e2f3aac586a15256c57eb212be83ec700d..db9013faa4a8f72876a5d2274c411ee3129f18be 100644 (file)
--- a/build/create-phar.php
+++ b/build/create-phar.php
@@ -4,9 +4,8 @@
  * Creates bin/pharext, invoked through the Makefile
  */
 
-$pkguniq = uniqid();
 $pkgname = __DIR__."/../bin/pharext";
-$tmpname = "$pkgname.$pkguniq.phar.tmp";
+$tmpname = __DIR__."/pharext.phar";
 
 if (file_exists($tmpname)) {
        if (!unlink($tmpname)) {
@@ -16,6 +15,30 @@ if (file_exists($tmpname)) {
 }
 
 $package = new \Phar($tmpname, 0, "pharext.phar");
+
+if (getenv("SIGN")) {
+       shell_exec("stty -echo");
+       printf("Password: ");
+       $password = fgets(STDIN, 1024);
+       printf("\n");
+       shell_exec("stty echo");
+       if (substr($password, -1) == "\n") {
+               $password = substr($password, 0, -1);
+       }
+       
+       $pkey = openssl_pkey_get_private("file://".__DIR__."/pharext.key", $password);
+       if (!is_resource($pkey)) {
+               $this->error("Could not load private key %s/pharext.key", __DIR__);
+               exit(3);
+       }
+       if (!openssl_pkey_export($pkey, $key)) {
+               $this->error(null);
+               exit(3);
+       }
+       
+       $package->setSignatureAlgorithm(Phar::OPENSSL, $key);
+}
+
 $package->buildFromDirectory(dirname(__DIR__)."/src", "/^.*\.php$/");
 $package->setDefaultStub("pharext_packager.php");
 $package->setStub("#!/usr/bin/php -dphar.readonly=0\n".$package->getStub());