3 files changed, 107 insertions, 2 deletions

diff --git a/src/main-wgtpkg-pack.c b/src/main-wgtpkg-pack.c
index e448497..5e9a18f 100644
--- a/src/main-wgtpkg-pack.c
+++ b/src/main-wgtpkg-pack.c
@@ -31,6 +31,7 @@
 #include "wgtpkg-files.h"
 #include "wgtpkg-workdir.h"
 #include "wgtpkg-zip.h"
+#include "wgtpkg-digsig.h"
 
 const char appname[] = "wgtpkg-pack";
 
@@ -55,7 +56,9 @@ static void usage()
 		"\n"
 		"   -o wgtfile       the output widget file\n"
 		"   -f               force overwriting\n"
+		"   -N               no auto-sign"
 		"   -q               quiet\n"
+		"   -S               auto-sign"
 		"   -v               verbose\n"
 		"   -V               version\n"
 		"\n",
@@ -67,7 +70,9 @@ static struct option options[] = {
 	{ "output",      required_argument, NULL, 'o' },
 	{ "force",       no_argument,       NULL, 'f' },
 	{ "help",        no_argument,       NULL, 'h' },
+	{ "no-auto-sign",no_argument,       NULL, 'N' },
 	{ "quiet",       no_argument,       NULL, 'q' },
+	{ "auto-sign",   no_argument,       NULL, 'S' },
 	{ "verbose",     no_argument,       NULL, 'v' },
 	{ "version",     no_argument,       NULL, 'V' },
 	{ NULL, 0, NULL, 0 }
@@ -76,12 +81,13 @@ static struct option options[] = {
 /* install the widgets of the list */
 int main(int ac, char **av)
 {
-	int i, force;
+	int i, force, autosign;
 	char *wgtfile, *directory, *x;
 	struct stat s;
 
 	LOGUSER(appname);
 
+	autosign = 1;
 	force = 0;
 	wgtfile = directory = NULL;
 	for (;;) {
@@ -105,9 +111,15 @@ int main(int ac, char **av)
 		case 'h':
 			usage();
 			return 0;
+		case 'N':
+			autosign = 0;
+			break;
 		case 'V':
 			version();
 			return 0;
+		case 'S':
+			autosign = 1;
+			break;
 		case ':':
 			ERROR("missing argument");
 			return 1;
@@ -174,10 +186,12 @@ int main(int ac, char **av)
 	if (set_workdir(".", 0))
 		return 1;
 
-
 	if (fill_files())
 		return 1;
 
+	if (autosign && create_auto_digsig() < 0)
+		return 1;
+
 	return !!zwrite(wgtfile);
 }
 
diff --git a/src/wgtpkg-digsig.c b/src/wgtpkg-digsig.c
index d190d23..94f1d28 100644
--- a/src/wgtpkg-digsig.c
+++ b/src/wgtpkg-digsig.c
@@ -419,4 +419,92 @@ error:
 	return rc;
 }
 
+/* create a digital signature(s) from environment data */
+int create_auto_digsig()
+{
+	static const char envvar_prefix[] = "WGTPKG_AUTOSIGN_";
+	extern char **environ;
+
+	char **enviter;
+	char *var;
+	char *iter;
+	char *equal;
+	unsigned int num;
+	char *keyfile;
+	const char *certfiles[10];
+	int ncert;
+	int rc;
+	int i;
+
+	rc = 0;
+	/* enumerate environment variables */
+	enviter = environ;
+	while  (rc == 0 && (var = *enviter++) != NULL) {
+		/* check the prefix */
+		if (0 != strncmp(var, envvar_prefix, sizeof(envvar_prefix) - 1))
+			continue; /* not an auto sign variable */
+		DEBUG("autosign found %s", var);
+
+		/* check the num */
+		iter = &var[sizeof(envvar_prefix) - 1];
+		if (*iter < '0' || *iter > '9') {
+			ERROR("bad autosign key found: %s", var);
+			rc = -1;
+			continue;
+		}
+
+		/* compute the number */
+		num = (unsigned int)(*iter++ - '0');
+		while (*iter >= '0' && *iter <= '9')
+			num = 10 * num + (unsigned int)(*iter++ - '0');
+
+		/* next char must be = */
+		if (*iter != '=' || !iter[1]) {
+			/* it is not an error to have an empty autosign */
+			WARNING("ignoring autosign key %.*s", (int)(iter - var), var);
+			continue;
+		}
+
+		/* auto signing with num */
+		INFO("autosign key %u found", num);
+
+		/* compute key and certificates */
+		equal = iter++;
+		keyfile = iter;
+		*equal = 0;
+		ncert = 0;
+		while (ncert < (int)((sizeof certfiles / sizeof *certfiles) - 1)
+				&& (iter = strchr(iter, ':')) != NULL) {
+			*iter++ = 0;
+			certfiles[ncert++] = iter;
+		}
+		certfiles[ncert] = NULL;
+
+		/* check the parameters */
+		if (access(keyfile, R_OK) != 0) {
+			ERROR("autosign %u can't access private key %s", num, keyfile);
+			rc = -1;
+		}
+		for(i = 0 ; i < ncert ; i++) {
+			if (access(certfiles[i], R_OK) != 0) {
+				ERROR("autosign %u can't access certificate %s", num, certfiles[i]);
+				rc = -1;
+			}
+		}
+
+		/* sign now */
+		if (rc == 0) {
+			rc = xmlsec_init();
+			if (rc == 0) {
+				rc = create_digsig(num, keyfile, certfiles);
+			}
+		}
+
+		/* restore stolen chars */
+		while(ncert)
+			*(char*)(certfiles[--ncert] - 1) = ':';
+		*equal = '=';
+	}
+	return rc;
+}
 
diff --git a/src/wgtpkg-digsig.h b/src/wgtpkg-digsig.h
index defcfa1..a1cc32d 100644
--- a/src/wgtpkg-digsig.h
+++ b/src/wgtpkg-digsig.h
@@ -26,3 +26,6 @@ extern int create_digsig(unsigned int index, const char *key, const char **certs
 /* check the signatures of the current directory */
 extern int check_all_signatures(int allow_none);
 
+/* create a digital signature(s) from environment data */
+extern int create_auto_digsig();
+