From 900183743d67a4daa958c810fd16c2e359a51bed Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Wed, 17 Jun 2020 13:18:16 -0400
Subject: [PATCH] Add GPG signing to processRelease

---
 Misc/aosp-cves/gen_cve_list-qc.sh | 28 +++++++++++++++++++---------
 Scripts/Common/Functions.sh       | 10 ++++++++++
 Scripts/init.sh                   |  3 +++
 TODO                              |  1 -
 4 files changed, 32 insertions(+), 10 deletions(-)

diff --git a/Misc/aosp-cves/gen_cve_list-qc.sh b/Misc/aosp-cves/gen_cve_list-qc.sh
index 9ce12f9c..46fd5ee5 100644
--- a/Misc/aosp-cves/gen_cve_list-qc.sh
+++ b/Misc/aosp-cves/gen_cve_list-qc.sh
@@ -4,6 +4,7 @@ java -jar $DOS_BINARY_PATCHER scraper "https://www.qualcomm.com/company/product-
 java -jar $DOS_BINARY_PATCHER scraper "https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin" >> cve_list-qc.txt
 java -jar $DOS_BINARY_PATCHER scraper "https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin" >> cve_list-qc.txt
 java -jar $DOS_BINARY_PATCHER scraper "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" >> cve_list-qc.txt
+
 java -jar $DOS_BINARY_PATCHER scraper "https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin" >> cve_list-qc.txt
 java -jar $DOS_BINARY_PATCHER scraper "https://www.qualcomm.com/company/product-security/bulletins/november-2019-bulletin" >> cve_list-qc.txt
 java -jar $DOS_BINARY_PATCHER scraper "https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin" >> cve_list-qc.txt
@@ -14,15 +15,7 @@ java -jar $DOS_BINARY_PATCHER scraper "https://www.qualcomm.com/company/product-
 java -jar $DOS_BINARY_PATCHER scraper "https://www.qualcomm.com/company/product-security/bulletins/march-2019-bulletin" >> cve_list-qc.txt
 java -jar $DOS_BINARY_PATCHER scraper "https://www.qualcomm.com/company/product-security/bulletins/february-2019-bulletin" >> cve_list-qc.txt
 java -jar $DOS_BINARY_PATCHER scraper "https://www.qualcomm.com/company/product-security/bulletins/january-2019-bulletin" >> cve_list-qc.txt
-java -jar $DOS_BINARY_PATCHER scraper "https://www.qualcomm.com/company/product-security/bulletins/december-2018-bulletin" >> cve_list-qc.txt
-java -jar $DOS_BINARY_PATCHER scraper "https://www.qualcomm.com/company/product-security/bulletins/november-2018-bulletin" >> cve_list-qc.txt
-java -jar $DOS_BINARY_PATCHER scraper "https://www.qualcomm.com/company/product-security/bulletins/archives/october-2018" >> cve_list-qc.txt
-java -jar $DOS_BINARY_PATCHER scraper "https://www.qualcomm.com/company/product-security/bulletins/archives/september-2018" >> cve_list-qc.txt
-java -jar $DOS_BINARY_PATCHER scraper "https://www.qualcomm.com/company/product-security/bulletins/archives/august-2018" >> cve_list-qc.txt
-java -jar $DOS_BINARY_PATCHER scraper "https://www.qualcomm.com/company/product-security/bulletins/archives/july-2018" >> cve_list-qc.txt
-java -jar $DOS_BINARY_PATCHER scraper "https://www.qualcomm.com/company/product-security/bulletins/archives/june-2018" >> cve_list-qc.txt
-java -jar $DOS_BINARY_PATCHER scraper "https://www.qualcomm.com/company/product-security/bulletins/archives/may-2018" >> cve_list-qc.txt
-java -jar $DOS_BINARY_PATCHER scraper "https://www.qualcomm.com/product-security/bulletins/archives/december-2017" >> cve_list-qc.txt
+
 java -jar $DOS_BINARY_PATCHER scraper "https://www.codeaurora.org/security-bulletin/2019/08/05/august-2019-code-aurora-security-bulletin" >> cve_list-qc.txt
 java -jar $DOS_BINARY_PATCHER scraper "https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin" >> cve_list-qc.txt
 java -jar $DOS_BINARY_PATCHER scraper "https://www.codeaurora.org/security-bulletin/2019/06/03/june-2019-code-aurora-security-bulletin" >> cve_list-qc.txt
@@ -31,6 +24,16 @@ java -jar $DOS_BINARY_PATCHER scraper "https://www.codeaurora.org/security-bulle
 java -jar $DOS_BINARY_PATCHER scraper "https://www.codeaurora.org/security-bulletin/2019/03/04/2304-2" >> cve_list-qc.txt
 java -jar $DOS_BINARY_PATCHER scraper "https://www.codeaurora.org/security-bulletin/2019/02/04/february-2019-code-aurora-security-bulletin" >> cve_list-qc.txt
 java -jar $DOS_BINARY_PATCHER scraper "https://www.codeaurora.org/security-bulletin/2019/01/07/january-2019-code-aurora-security-bulletin" >> cve_list-qc.txt
+
+java -jar $DOS_BINARY_PATCHER scraper "https://www.qualcomm.com/company/product-security/bulletins/december-2018-bulletin" >> cve_list-qc.txt
+java -jar $DOS_BINARY_PATCHER scraper "https://www.qualcomm.com/company/product-security/bulletins/november-2018-bulletin" >> cve_list-qc.txt
+java -jar $DOS_BINARY_PATCHER scraper "https://www.qualcomm.com/company/product-security/bulletins/archives/october-2018" >> cve_list-qc.txt
+java -jar $DOS_BINARY_PATCHER scraper "https://www.qualcomm.com/company/product-security/bulletins/archives/september-2018" >> cve_list-qc.txt
+java -jar $DOS_BINARY_PATCHER scraper "https://www.qualcomm.com/company/product-security/bulletins/archives/august-2018" >> cve_list-qc.txt
+java -jar $DOS_BINARY_PATCHER scraper "https://www.qualcomm.com/company/product-security/bulletins/archives/july-2018" >> cve_list-qc.txt
+java -jar $DOS_BINARY_PATCHER scraper "https://www.qualcomm.com/company/product-security/bulletins/archives/june-2018" >> cve_list-qc.txt
+java -jar $DOS_BINARY_PATCHER scraper "https://www.qualcomm.com/company/product-security/bulletins/archives/may-2018" >> cve_list-qc.txt
+
 java -jar $DOS_BINARY_PATCHER scraper "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin" >> cve_list-qc.txt
 java -jar $DOS_BINARY_PATCHER scraper "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-security-bulletin" >> cve_list-qc.txt
 java -jar $DOS_BINARY_PATCHER scraper "https://www.codeaurora.org/security-bulletin/2018/10/01/october-2018-code-aurora-security-bulletin" >> cve_list-qc.txt
@@ -43,7 +46,14 @@ java -jar $DOS_BINARY_PATCHER scraper "https://www.codeaurora.org/security-bulle
 java -jar $DOS_BINARY_PATCHER scraper "https://www.codeaurora.org/security-bulletin/2018/03/29/march-2018-code-aurora-security-bulletin" >> cve_list-qc.txt
 java -jar $DOS_BINARY_PATCHER scraper "https://www.codeaurora.org/security-bulletin/2018/02/16/february-2018-code-aurora-security-bulletin" >> cve_list-qc.txt
 java -jar $DOS_BINARY_PATCHER scraper "https://www.codeaurora.org/security-bulletin/2018/01/26/january-2018-code-aurora-security-bulletin" >> cve_list-qc.txt
+
+java -jar $DOS_BINARY_PATCHER scraper "https://www.qualcomm.com/product-security/bulletins/archives/december-2017" >> cve_list-qc.txt
+
 java -jar $DOS_BINARY_PATCHER scraper "https://www.codeaurora.org/security-bulletin/2017/12/14/december-2017-security-bulletin" >> cve_list-qc.txt
 java -jar $DOS_BINARY_PATCHER scraper "https://www.codeaurora.org/security-bulletin/2017/11/28/november-2017-security-bulletin" >> cve_list-qc.txt
 java -jar $DOS_BINARY_PATCHER scraper "https://www.codeaurora.org/security-bulletin/2017/10/20/october-2017-v1" >> cve_list-qc.txt
 java -jar $DOS_BINARY_PATCHER scraper "https://www.codeaurora.org/security-bulletin/2017/09/27/september-2017-v1" >> cve_list-qc.txt
+
+# clean a bit
+# sort: java -jar $DOS_BINARY_PATCHER sort cve_list-qc.txt  >> cve_list-qc-sorted.txt
+# clean some more
diff --git a/Scripts/Common/Functions.sh b/Scripts/Common/Functions.sh
index b80eb9f4..41cf2bdb 100644
--- a/Scripts/Common/Functions.sh
+++ b/Scripts/Common/Functions.sh
@@ -245,6 +245,16 @@ processRelease() {
 
 	sed -i "s|$OUT_DIR/||" $OUT_DIR/*.md5sum $OUT_DIR/*.sha512sum;
 
+	#GPG signing
+	if [ "$DOS_GPG_SIGNING" = true ]; then
+		for checksum in $OUT_DIR/*.sha512sum; do
+			gpg --homedir "$DOS_SIGNING_GPG" --sign --local-user "$DOS_GPG_SIGNING_KEY" --clearsign "$checksum";
+			if [ "$?" -eq "0" ]; then
+				mv -f "$checksum.asc" "$checksum";
+			fi;
+		done;
+	fi;
+
 	#Copy to archive
 	if [ "$DOS_AUTO_ARCHIVE_BUILDS" = true ]; then
 		echo -e "\e[0;32mCopying files to archive\e[0m";
diff --git a/Scripts/init.sh b/Scripts/init.sh
index a8c1db93..8a7f9845 100644
--- a/Scripts/init.sh
+++ b/Scripts/init.sh
@@ -26,6 +26,7 @@ export DOS_WORKSPACE_ROOT="/mnt/dos/"; #XXX: THIS MUST BE CORRECT TO BUILD!
 #export DOS_BUILDS=$DOS_WORKSPACE_ROOT"Builds/";
 export DOS_BUILDS="/mnt/backup-1/DOS/Builds/";
 export DOS_SIGNING_KEYS=$DOS_WORKSPACE_ROOT"Signing_Keys/4096pro";
+export DOS_SIGNING_GPG=$DOS_WORKSPACE_ROOT"Signing_Keys/gnupg";
 #export USE_CCACHE=1;
 #export CCACHE_DIR="";
 export CCACHE_COMPRESS=1;
@@ -72,6 +73,8 @@ export DOS_MALWARE_SCAN_BEFORE_SIGN=false; #Scan device files for malware before
 export DOS_GENERATE_DELTAS=true; #Creates deltas from existing target_files in $DOS_BUILDS
 export DOS_AUTO_ARCHIVE_BUILDS=true; #Copies files to $DOS_BUILDS after signing
 export DOS_REMOVE_AFTER=true; #Removes device OUT directory after complete to reclaim space. Requires AUTO_ARCHIVE_BUILDS=true
+export DOS_GPG_SIGNING=true;
+export DOS_GPG_SIGNING_KEY="B8744D67F9F1E14E145DFD8E7F627E920F316994";
 
 #Branding
 export DOS_BRANDING_NAME="DivestOS";
diff --git a/TODO b/TODO
index dde560a2..9b3a4457 100644
--- a/TODO
+++ b/TODO
@@ -15,7 +15,6 @@ High Priority (Release blockers)
 		- Switch from Shadow to Piwik and update Privacy Policy
 		- mod_removeip for GDPR and update Privacy Policy
 		- Update cryptocurrency addresses
-		- Add a page on how to verify builds
 
 Medium Priority
 	Build