build: Add repo-only maintainer script append-signature.sh.
authorWerner Koch <wk@gnupg.org>
Mon, 21 Nov 2016 10:51:00 +0000 (11:51 +0100)
committerWerner Koch <wk@gnupg.org>
Mon, 21 Nov 2016 10:51:32 +0000 (11:51 +0100)
--

Signed-off-by: Werner Koch <wk@gnupg.org>
build-aux/append-signature.sh [new file with mode: 0755]

diff --git a/build-aux/append-signature.sh b/build-aux/append-signature.sh
new file mode 100755 (executable)
index 0000000..714d286
--- /dev/null
@@ -0,0 +1,108 @@
+#!/bin/sh
+# Append a signature to an existing detached signature.
+# Copyright (C) 2016 g10 Code GmbH
+#
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+set -e
+PGM="$(basename $0)"
+GPGV=gpgv
+
+# Prints usage information.
+usage()
+{
+    cat <<EOF
+Usage: $PGM TARBALL NEWSIGNATURE
+Append a signature to an existing detached signature.
+Options:
+    --verbose          Print some extra information.
+    --help             Print this help.
+EOF
+    exit $1
+}
+
+#
+# Parse options
+#
+verbose=""
+while [ $# -gt 0 ]; do
+    case "$1" in
+       # Set up `optarg'.
+       --*=*)
+           optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'`
+           ;;
+       *)
+           optarg=""
+           ;;
+    esac
+
+    case $1 in
+        --help|-h)
+           usage 0
+           ;;
+        --verbose|-v)
+            verbose="-v"
+            ;;
+        --)
+            break
+            ;;
+       -*)
+           usage 1 1>&2
+           ;;
+        *)
+            break;
+            ;;
+    esac
+    shift
+done
+
+if [ $# -ne 2 ]; then
+    usage 1 1>&2
+fi
+tarball="$1"
+tarballsig="$1".sig
+newsig="$2"
+
+[ -n "$verbose" ] && echo "tarball: $tarball"
+[ -n "$verbose" ] && echo "sig ...: $tarballsig"
+[ -n "$verbose" ] && echo "newsig : $newsig"
+
+if ! $GPGV --version >/dev/null 2>/dev/null ; then
+    echo "${PGM}: Command \"gpgv\" is not installed" >&2
+    exit 1
+fi
+
+distsigkey="/usr/local/share/gnupg/distsigkey.gpg"
+if [ ! -f "$distsigkey" ]; then
+    distsigkey="/usr/share/gnupg/distsigkey.gpg"
+fi
+if [ ! -f "$distsigkey" ]; then
+    echo "${PGM}: File \"$distsigkey\" is not installed" >&2
+    exit 1
+fi
+
+if ! $GPGV $verbose --keyring "$distsigkey" \
+           -- "$tarballsig" "$tarball" 2>/dev/null ; then
+    echo "${PGM}: Existing signature '$tarballsig' does not verify" >&2
+    exit 1
+fi
+
+if ! $GPGV $verbose --keyring "$distsigkey" \
+           -- "$newsig" "$tarball" 2>/dev/null; then
+    echo "${PGM}: New signature '$newsig' does not verify" >&2
+    exit 1
+fi
+
+cat "$newsig" >> "$tarballsig"
+
+if ! $GPGV $verbose --keyring "$distsigkey" \
+           -- "$tarballsig" "$tarball"; then
+    echo "${PGM}: Update signature '$tarballsig' does not verify" >&2
+    exit 1
+fi