Merge branch 'master' of ssh://gparabola/libretools

1 files changed, 31 insertions, 0 deletions

diff --git a/librerelease b/librerelease
index bc765fe..c4584e1 100755
--- a/librerelease
+++ b/librerelease
@@ -46,6 +46,30 @@ function list_packages {
     unset repos
 }
 
+function sign_packages {
+    if [ -z "${GPG_AGENT_INFO}" ]; then
+        warning "It's better to use gpg-agent to sign packages in batches"
+    fi
+
+    packages=($(find "${WORKDIR}/staging/" -type f -iname '*.pkg.tar.?z'))
+    for package in ${packages[@]}; do
+        if [ -f "${package}${SIGEXT}" ]; then
+
+            warning "Package signature found, verifying..."
+
+# Verify that the signature is correct, else remove for re-signing
+            if ! gpg --quiet --verify "${package}${SIGEXT}" >/dev/null 2>&1; then
+                error "Failed! Resigning..."
+                rm -f "${package}${SIGEXT}"
+            else
+                continue
+            fi
+        fi
+
+        gpg --default-key "${SIGID}" --output "${package}${SIGEXT}" --detach-sig "${package}"
+    done
+}
+
 # Remove everything that's not a package or a signature
 function clean_non_packages {
     find $WORKDIR/staging/ -type f \
@@ -78,6 +102,13 @@ done
 [[ ! -z ${HOOKPRERELEASE} ]] && bash -c "${HOOKPRERELEASE}"
 
 clean_non_packages
+if [ ! -z "${SIGID}" ]; then
+    sign_packages
+else 
+    error "Package signing is *required*"
+    exit 1
+fi
+
 msg "Uploading packages..."
 rsync --recursive \
       ${dryrun} \