1#!/bin/sh
2
3# Generate GPG signatures on a PuTTY release/snapshot directory as
4# delivered by Buildscr.
5
6# Usage: sh sign.sh [-r] <builddir>
7# e.g.   sh sign.sh putty              (probably in the build.out directory)
8#   or   sh sign.sh -r 0.60            (-r means use the release keys)
9
10set -e
11
12keyname=38BA7229B7588FD1
13preliminary=false
14
15while :; do
16    case "$1" in
17        -r)
18            shift
19            keyname=6289A25F4AE8DA82
20            ;;
21        -p)
22            shift
23            preliminary=true
24            ;;
25        -*)
26            echo "Unknown option '$1'" >&2
27            exit 1
28            ;;
29        *)
30            break
31            ;;
32    esac
33done
34
35sign() {
36  # Check for the prior existence of the signature, so we can
37  # re-run this script if it encounters an error part way
38  # through.
39  echo "----- Signing $2 with key '$keyname'"
40  test -f "$3" || \
41    gpg --load-extension=idea "$1" -u "$keyname" -o "$3" "$2"
42}
43
44cd "$1"
45echo "===== Signing with key '$keyname'"
46if $preliminary; then
47    sign --clearsign sha512sums ../sha512sums-preliminary.gpg
48else
49    for i in putty*src.zip putty*.tar.gz \
50             w32/*.exe w32/*.zip w32/*.msi \
51             w64/*.exe w64/*.zip w64/*.msi \
52             wa32/*.exe wa32/*.zip wa32/*.msi \
53             wa64/*.exe wa64/*.zip wa64/*.msi \
54             w32old/*.exe w32old/*.zip; do
55        sign --detach-sign "$i" "$i.gpg"
56    done
57    for i in md5sums sha1sums sha256sums sha512sums; do
58        sign --clearsign "$i" "$i.gpg"
59    done
60fi
61