sign-autobuilds: more signature improvements20220409T170014Z

Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>

1 files changed, 25 insertions, 1 deletions

diff --git a/sign-autobuilds.sh b/sign-autobuilds.sh
index fbd94e1..5a8bb26 100755
--- a/sign-autobuilds.sh
+++ b/sign-autobuilds.sh
@@ -21,18 +21,29 @@ VERBOSEP=false
 [ -n "$DEBUG" ] && RSYNC_OPTS="${RSYNC_OPTS} -n"
 [ -n "$VERBOSE" ] && RSYNC_OPTS="${RSYNC_OPTS} -v"
 
+set -e
+
 signone() {
 	f="$1"
 	$DEBUGP gpg --homedir /home/gmirror/.gnupg-releng/ --armor --detach-sign "${f}"
 }
 
+signone_clearsign() {
+	# only for text files!
+	f="$1"
+	$DEBUGP gpg --homedir /home/gmirror/.gnupg-releng/ --armor --clearsign "${f}"
+	$DEBUGP mv "${f}".asc "${f}"
+}
+
 gpgconf --kill all
 
 for a in $ARCHES ; do
 pushd $RELEASES/$a >/dev/null || continue
 
-#echo "ISOS:"
 [[ -d autobuilds ]] || exit
+
+#echo "Release files:"
+
 files="$(find autobuilds -name '*.tar.xz' -or -name '*.iso' -or -name '*.tar.bz2' -or -name '*.lif')"
 sigs="$(find autobuilds -name '*.asc' )"
 unsigned="$(comm -23 <(echo "$files" |sort) <(echo "$sigs" | sed -e 's,.asc$,,g' |sort))"
@@ -54,6 +65,19 @@ for dgst in $digests ; do
 	fi
 done
 
+#echo "Text helper files:"
+
+files="$(find autobuilds -name '*.sha256' -or -name '*.DIGESTS')"
+unsigned=""
+for dgst in $files ; do
+	grep -sq "BEGIN PGP SIGNED MESSAGE-----" $dgst || unsigned="${unsigned} ${dgst}"
+done
+
+for dgst in $unsigned ; do
+	$VERBOSEP echo "Signing (inline/cleartext) $dgst"
+	signone_clearsign $dgst
+done
+
 popd >/dev/null
 
 done