diff --git a/build-aux/append-signature.sh b/build-aux/append-signature.sh new file mode 100755 index 000000000..714d2867f --- /dev/null +++ b/build-aux/append-signature.sh @@ -0,0 +1,108 @@ +#!/bin/sh +# Append a signature to an existing detached signature. +# Copyright (C) 2016 g10 Code GmbH +# +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the +# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +set -e +PGM="$(basename $0)" +GPGV=gpgv + +# Prints usage information. +usage() +{ + cat <&2 + ;; + *) + break; + ;; + esac + shift +done + +if [ $# -ne 2 ]; then + usage 1 1>&2 +fi +tarball="$1" +tarballsig="$1".sig +newsig="$2" + +[ -n "$verbose" ] && echo "tarball: $tarball" +[ -n "$verbose" ] && echo "sig ...: $tarballsig" +[ -n "$verbose" ] && echo "newsig : $newsig" + +if ! $GPGV --version >/dev/null 2>/dev/null ; then + echo "${PGM}: Command \"gpgv\" is not installed" >&2 + exit 1 +fi + +distsigkey="/usr/local/share/gnupg/distsigkey.gpg" +if [ ! -f "$distsigkey" ]; then + distsigkey="/usr/share/gnupg/distsigkey.gpg" +fi +if [ ! -f "$distsigkey" ]; then + echo "${PGM}: File \"$distsigkey\" is not installed" >&2 + exit 1 +fi + +if ! $GPGV $verbose --keyring "$distsigkey" \ + -- "$tarballsig" "$tarball" 2>/dev/null ; then + echo "${PGM}: Existing signature '$tarballsig' does not verify" >&2 + exit 1 +fi + +if ! $GPGV $verbose --keyring "$distsigkey" \ + -- "$newsig" "$tarball" 2>/dev/null; then + echo "${PGM}: New signature '$newsig' does not verify" >&2 + exit 1 +fi + +cat "$newsig" >> "$tarballsig" + +if ! $GPGV $verbose --keyring "$distsigkey" \ + -- "$tarballsig" "$tarball"; then + echo "${PGM}: Update signature '$tarballsig' does not verify" >&2 + exit 1 +fi