[exim.git] / release-process / scripts / sign_exim_packages

#!/bin/sh -eu

# gpg signs all *.tar.* files under the release directory.
# Invoke from that dir, or let the script try to figure it out for you.

# Key used is from env var EXIM_KEY; if git config finds user.signingkey, then
# that is the default.  You can set this per-repo with:
#    git config --local user.signingkey SOME_IDENTIFIER
#
# If not set in git config then you _MUST_ set the env var.

# woe betide the poor sod who does not use a gpg agent, so has
# to enter their password for every file...

if repo_signing_key="$(git config user.signingkey)"; then
	: "${EXIM_KEY:=$repo_signing_key}"
else
	: "${EXIM_KEY:?Need a PGP key uid to sign with}"
fi

: "${GPG_COMMAND:=gpg}"
umask 022

cd_to() { echo "Working in: $1"; cd "$1"; }

okay=false
if [ -d ../../release-process ] && [ "${PWD##*/}" = "pkgs" ]; then
	okay=true # we are in right dir
elif [ -d release-process ]; then
	b="$(find . -maxdepth 1 -name 'exim-packaging-*' | sort | tail -n 1)"
	if [ ".$b" != "." ]; then
		cd_to "$b/pkgs"
		okay=true
	fi
fi
if ! $okay; then
	if [ -d "${1:?need a directory to look in}" ]; then
		cd_to "$1"
		shift
	else
		printf "%s: %s\n" >&2 "$(basename "$0")" "where should I be looking"
		exit 1
	fi
fi

# Assumes no whitespace (strictly, $IFS) in filenames, which we're okay with
set $(find . -name '*.asc' -prune -o -type f -print | cut -c 3- | sort)

for FILE
do
	echo "Signing: $FILE"
	${GPG_COMMAND} --local-user "${EXIM_KEY}" --detach-sig --armor "$FILE"
done
Commit	Line	Data
00f7a87b PP	1	#!/bin/sh -eu
	2
	3	# gpg signs all .tar. files under the release directory.
	4	# Invoke from that dir, or let the script try to figure it out for you.
	5
	6	# Key used is from env var EXIM_KEY; if git config finds user.signingkey, then
	7	# that is the default. You can set this per-repo with:
	8	# git config --local user.signingkey SOME_IDENTIFIER
8a483da6	9	#
00f7a87b PP	10	# If not set in git config then you _MUST_ set the env var.
00f7a87b PP	11
8a483da6 NM	12	# woe betide the poor sod who does not use a gpg agent, so has
8a483da6 NM	13	# to enter their password for every file...
0b4f0dad	14
00f7a87b PP	15	if repo_signing_key="$(git config user.signingkey)"; then
	16	: "${EXIM_KEY:=$repo_signing_key}"
	17	else
	18	: "${EXIM_KEY:?Need a PGP key uid to sign with}"
	19	fi
8a483da6	20
00f7a87b	21	: "${GPG_COMMAND:=gpg}"
25af913a PP	22	umask 022
25af913a PP	23
00f7a87b PP	24	cd_to() { echo "Working in: $1"; cd "$1"; }
	25
	26	okay=false
	27	if [ -d ../../release-process ] && [ "${PWD##*/}" = "pkgs" ]; then
	28	okay=true # we are in right dir
	29	elif [ -d release-process ]; then
	30	b="$(find . -maxdepth 1 -name 'exim-packaging-*' \| sort \| tail -n 1)"
	31	if [ ".$b" != "." ]; then
	32	cd_to "$b/pkgs"
	33	okay=true
	34	fi
	35	fi
	36	if ! $okay; then
	37	if [ -d "${1:?need a directory to look in}" ]; then
	38	cd_to "$1"
	39	shift
	40	else
	41	printf "%s: %s\n" >&2 "$(basename "$0")" "where should I be looking"
	42	exit 1
	43	fi
	44	fi
	45
	46	# Assumes no whitespace (strictly, $IFS) in filenames, which we're okay with
	47	set $(find . -name '*.asc' -prune -o -type f -print \| cut -c 3- \| sort)
	48
	49	for FILE
	50	do
	51	echo "Signing: $FILE"
	52	${GPG_COMMAND} --local-user "${EXIM_KEY}" --detach-sig --armor "$FILE"
	53	done