#!/bin/sh # Append a signature to an existing detached signature. # Copyright (C) 2016 g10 Code GmbH # # This file is free software; as a special exception the author gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. set -e PGM="$(basename $0)" GPGV=gpgv # Prints usage information. usage() { cat <&2 ;; *) break; ;; esac shift done if [ $# -ne 2 ]; then usage 1 1>&2 fi tarball="$1" tarballsig="$1".sig newsig="$2" [ -n "$verbose" ] && echo "tarball: $tarball" [ -n "$verbose" ] && echo "sig ...: $tarballsig" [ -n "$verbose" ] && echo "newsig : $newsig" if ! $GPGV --version >/dev/null 2>/dev/null ; then echo "${PGM}: Command \"gpgv\" is not installed" >&2 exit 1 fi distsigkey="/usr/local/share/gnupg/distsigkey.gpg" if [ ! -f "$distsigkey" ]; then distsigkey="/usr/share/gnupg/distsigkey.gpg" fi if [ ! -f "$distsigkey" ]; then echo "${PGM}: File \"$distsigkey\" is not installed" >&2 exit 1 fi if ! $GPGV $verbose --keyring "$distsigkey" \ -- "$tarballsig" "$tarball" 2>/dev/null ; then echo "${PGM}: Existing signature '$tarballsig' does not verify" >&2 exit 1 fi if ! $GPGV $verbose --keyring "$distsigkey" \ -- "$newsig" "$tarball" 2>/dev/null; then echo "${PGM}: New signature '$newsig' does not verify" >&2 exit 1 fi cat "$newsig" >> "$tarballsig" if ! $GPGV $verbose --keyring "$distsigkey" \ -- "$tarballsig" "$tarball"; then echo "${PGM}: Update signature '$tarballsig' does not verify" >&2 exit 1 fi