cboehme · December 15, 2015 04:50
diff --git a/travis-encrypt.sh b/travis-encrypt.sh
 #!/bin/bash

 PK_FILE="__travis-key.pub"
 CERT_FILE="__travis-root-cert.pem"

 # Root CA for the certificate used in the https connection with
 # the travis api (only required if the root CA certificate is 
 # not already installed which does not seem to be the case 
 # with Cygwin):
 CA_CERTIFICATE="-----BEGIN CERTIFICATE-----
 MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
 MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
 IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
 MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
 FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
 bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
 dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
 H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
 uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
 mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
 a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
 E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
 WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
 VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
 Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
 cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
 IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
 AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
 YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
 6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
 Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
 c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
 mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
 -----END CERTIFICATE-----
 "

 if [ $# -ne 3 ] ; then
  echo "Usage: $0 REPOSITORY-OWNER REPOSITORY DATA-TO-ENCRYPT"
  exit -1
 fi

 OWNER="$1"
 REPOS="$2"
 INPUT="$3"

 # Prepare certificate file:
 echo -n "$CA_CERTIFICATE" > $CERT_FILE

 # Retrieve public key from travis. The key is returned in 
 # a JSON container.Some keys are marked with "BEGIN RSA 
 # PUBLIC KEY" while others are marked with "BEGIN PUBLIC KEY".
 # Since openssl only accepts the latter version, the header
 # is modified if neccessary:
 wget --ca-certificate "$CERT_FILE" --output-document - \
     "https://api.travis-ci.org/repos/$OWNER/$REPOS/key" | 
 sed "s/^.*\(-----BEGIN\( RSA\)\? PUBLIC KEY-----.*-----END\( RSA\)\? PUBLIC KEY-----\\\\n\).*$/\1/" | 
 sed "s/\\\\n/\n/g" | 
 sed "s/ RSA PUBLIC KEY/ PUBLIC KEY/g" > $PK_FILE

 # Encrypt the input data:
 echo -n "secure: \""
 echo -n "$INPUT" | openssl pkeyutl -encrypt -pubin -inkey "$PK_FILE" | base64 --wrap 0
 echo "\""

 # Clean up:
 rm -f "$PK_FILE"
 rm -f "$CERT_FILE"
	#!/bin/bash

	PK_FILE="__travis-key.pub"
	CERT_FILE="__travis-root-cert.pem"

	# Root CA for the certificate used in the https connection with
	# the travis api (only required if the root CA certificate is
	# not already installed which does not seem to be the case
	# with Cygwin):
	CA_CERTIFICATE="-----BEGIN CERTIFICATE-----
	MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
	MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
	IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
	MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
	FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
	bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
	dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
	H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
	uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
	mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
	a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
	E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
	WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
	VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
	Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
	cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
	IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
	AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
	YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
	6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
	Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
	c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
	mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
	-----END CERTIFICATE-----
	"

	if [ $# -ne 3 ] ; then
	echo "Usage: $0 REPOSITORY-OWNER REPOSITORY DATA-TO-ENCRYPT"
	exit -1
	fi

	OWNER="$1"
	REPOS="$2"
	INPUT="$3"

	# Prepare certificate file:
	echo -n "$CA_CERTIFICATE" > $CERT_FILE

	# Retrieve public key from travis. The key is returned in
	# a JSON container.Some keys are marked with "BEGIN RSA
	# PUBLIC KEY" while others are marked with "BEGIN PUBLIC KEY".
	# Since openssl only accepts the latter version, the header
	# is modified if neccessary:
	wget --ca-certificate "$CERT_FILE" --output-document - \
	"https://api.travis-ci.org/repos/$OWNER/$REPOS/key" \|
	sed "s/^.\(-----BEGIN\( RSA\)\? PUBLIC KEY-----.-----END\( RSA\)\? PUBLIC KEY-----\\\\n\).*$/\1/" \|
	sed "s/\\\\n/\n/g" \|
	sed "s/ RSA PUBLIC KEY/ PUBLIC KEY/g" > $PK_FILE

	# Encrypt the input data:
	echo -n "secure: \""
	echo -n "$INPUT" \| openssl pkeyutl -encrypt -pubin -inkey "$PK_FILE" \| base64 --wrap 0
	echo "\""

	# Clean up:
	rm -f "$PK_FILE"
	rm -f "$CERT_FILE"