sign files5.20140421

1 files changed, 22 insertions, 2 deletions

diff --git a/Build/DistributionUpdate.hs b/Build/DistributionUpdate.hs
index a02ff990f..3a4c550b0 100644
--- a/Build/DistributionUpdate.hs
+++ b/Build/DistributionUpdate.hs
@@ -1,6 +1,9 @@
 {- Builds distributon info files for each git-annex release in a directory
  - tree, which must itself be part of a git-annex repository. Only files
- - that are present have their info file created. -}
+ - that are present have their info file created.
+ -
+ - Also gpg signs the files.
+ -}
 
 import Common.Annex
 import Types.Distribution
@@ -15,6 +18,10 @@ import Git.Command
 
 import Data.Time.Clock
 
+-- git-annex distribution signing key (for Joey Hess)
+signingKey :: String
+signingKey = "89C809CB"
+
 main = do
 	state <- Annex.new =<< Git.Construct.fromPath =<< getRepoDir
 	Annex.eval state makeinfos
@@ -46,7 +53,9 @@ makeinfos = do
 					, distributionReleasedate = now
 					, distributionUrgentUpgrade = Nothing
 					}
-				void $ inRepo $ runBool [Param "add", Param infofile]
+				void $ inRepo $ runBool [Param "add", File infofile]
+				signFile infofile
+				signFile f
 	void $ inRepo $ runBool 
 		[ Param "commit"
 		, Param "-m"
@@ -81,3 +90,14 @@ getRepoDir = do
 
 mkUrl :: FilePath -> FilePath -> String
 mkUrl basedir f = "https://downloads.kitenet.net/" ++ relPathDirToFile basedir f
+				
+signFile :: FilePath -> Annex ()
+signFile f = do
+	void $ liftIO $ boolSystem "gpg"
+		[ Param "-a"
+		, Param $ "--default-key=" ++ signingKey
+		, Param "--sign"
+		, File f
+		]
+	liftIO $ rename (f ++ ".asc") (f ++ ".sig")
+	void $ inRepo $ runBool [Param "add", File (f ++ ".sig")]