From 50420f08410cd37dc55c541bcc8da072b84304ff Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Wed, 29 Jul 2009 10:19:57 -0700
Subject: [PATCH] Do all signing at upload time

---
 tools/build/build44  | 27 +--------------------------
 tools/build/upload44 |  4 ++++
 2 files changed, 5 insertions(+), 26 deletions(-)

diff --git a/tools/build/build44 b/tools/build/build44
index e20c89942..a08bcbdb1 100755
--- a/tools/build/build44
+++ b/tools/build/build44
@@ -33,7 +33,6 @@
 #      -6      Build 6
 #      -h      Build HTML documentation
 #      -x      Build XML documentation
-#      -S      Sign with GPG
 #
 # If no options are given, all options are assumed.
 #
@@ -97,7 +96,6 @@ BUILDRPM=
 BUILDXML=
 BUILDHTML=
 SAMPLESTAG=
-SIGN=
 MANPAGETAG=
 MANPAGE6TAG=
 LITEMANPAGETAG=
@@ -192,7 +190,7 @@ do_buildanrpm() {
     do_or_die "tar -zcf $RPMDIR/SOURCES/${2}-${BASEVERSION}.tgz ${2}-${BASEVERSION}"
     cd $DIR
     do_or_die "cp ${3}/${2}.spec $RPMDIR/SPECS/"
-    do_or_die "do_rpmbuild -ba $SIGN $RPMDIR/SPECS/${2}.spec"
+    do_or_die "do_rpmbuild -ba $RPMDIR/SPECS/${2}.spec"
     do_or_die cp -a $RPMDIR/RPMS/noarch/${1} .
 }
 
@@ -208,16 +206,6 @@ do_export()
     [ $1 = $2 ] || do_or_die "mv -f $1 $2 >> $LOGFILE 2>&1"
 }
 
-do_signit()
-{
-    for shoresuffix in tgz tar.bz2; do
-	shoreball=${1}-${VERSION}.${shoresuffix}
-	report "GPG signing $DIR/$shoreball"
-	rm -f ${shoreball}.asc
-	do_or_die "$GPG $shoreball"
-    done
-}
-
 do_manpages()
 {
     do_export ${1} manpages
@@ -277,7 +265,6 @@ case $1 in
 	BUILD6LITE=Yes
 
 	done=Yes
-	SIGN=
 	;;
 esac
 
@@ -327,10 +314,6 @@ while [ -z "$done" ]; do
 			BUILD6LITE=Yes
 			option=${option#L}
 			;;
-		    S*)
-			SIGN=Yes
-			option=${option#S}
-			;;
 	    	    *)
 			usage
 			;;
@@ -555,7 +538,6 @@ if [ -n "${BUILDTARBALL}${BUILDRPM}" ]; then
 	    rm -f $SHOREWALLDIR/*.diff
 	    do_or_die "tar -zcvf $TARBALL $SHOREWALLDIR >> $LOGFILE 2>&1"
 	    do_or_die "tar -jcvf shorewall-${VERSION}.tar.bz2 $SHOREWALLDIR >> $LOGFILE 2>&1"
-	    [ -n "$SIGN" ] && do_signit shorewall
 	fi
 
 	if [ -n "$BUILD6" ]; then	
@@ -563,7 +545,6 @@ if [ -n "${BUILDTARBALL}${BUILDRPM}" ]; then
 	    rm -f $SHOREWALL6DIR/*.diff
 	    do_or_die "tar -zcvf $TARBALL6 $SHOREWALL6DIR >> $LOGFILE 2>&1"
 	    do_or_die "tar -jcvf shorewall6-${VERSION}.tar.bz2 $SHOREWALL6DIR >> $LOGFILE 2>&1"
-	    [ -n "$SIGN" ] && do_signit shorewall6
 	fi
 
 	if [ -n "$BUILDLITE" ]; then	
@@ -571,7 +552,6 @@ if [ -n "${BUILDTARBALL}${BUILDRPM}" ]; then
 	    rm -f $SHOREWALLLITEDIR/*.diff
 	    do_or_die "tar -zcvf $LITETARBALL $SHOREWALLLITEDIR >> $LOGFILE 2>&1"
 	    do_or_die "tar -jcvf shorewall-lite-${VERSION}.tar.bz2 $SHOREWALLLITEDIR >> $LOGFILE 2>&1"
-	    [ -n "$SIGN" ] && do_signit shorewall-lite
 	fi
     	
 	if [ -n "$BUILD6LITE" ]; then	
@@ -579,13 +559,10 @@ if [ -n "${BUILDTARBALL}${BUILDRPM}" ]; then
 	    rm -f $LITE6DIR/*.diff
 	    do_or_die "tar -zcvf $LITE6TARBALL $LITE6DIR >> $LOGFILE 2>&1"
 	    do_or_die "tar -jcvf shorewall6-lite-${VERSION}.tar.bz2 $LITE6DIR >> $LOGFILE 2>&1"
-	    [ -n "$SIGN" ] && do_signit shorewall6-lite
 	fi    	
     fi
 
     if [ -n "$BUILDRPM" ]; then
-	test -n "$SIGN" && SIGN="--sign"
-	
 	[ -n "$BUILDCOMMON" ] && do_buildanrpm $RPMNAME      shorewall       $SHOREWALLDIR
 	[ -n "$BUILD6" ]      && do_buildanrpm $RPM6NAME     shorewall6	     $SHOREWALL6DIR
 	[ -n "$BUILDLITE" ]   && do_buildanrpm $LITERPMNAME  shorewall-lite  $SHOREWALLLITEDIR
@@ -632,7 +609,6 @@ if [ -n "${BUILDXML}${BUILDHTML}" ]; then
 	progress_message "Creating $DIR/shorewall-docs-xml-$VERSION tarballs"
         tar -zcvf shorewall-docs-xml-$VERSION.tgz shorewall-docs-xml-$VERSION >> $LOGFILE 2>&1
         tar -jcvf shorewall-docs-xml-$VERSION.tar.bz2 shorewall-docs-xml-$VERSION >> $LOGFILE 2>&1 || true
-	[ -n "$SIGN" ] && do_signit shorewall-docs-xml
     fi
 
     if [ -n "$BUILDHTML" ]; then
@@ -758,7 +734,6 @@ if [ -n "${BUILDXML}${BUILDHTML}" ]; then
 
 	do_or_die "tar -zcvf shorewall-docs-html-$VERSION.tgz shorewall-docs-html-$VERSION >> $LOGFILE 2>&1"
 	do_or_die "tar -jcvf shorewall-docs-html-$VERSION.tar.bz2 shorewall-docs-html-$VERSION >> $LOGFILE 2>&1"
-	[ -n "$SIGN" ] && do_signit shorewall-docs-html
     fi
 fi
 
diff --git a/tools/build/upload44 b/tools/build/upload44
index 108934eb8..11015028d 100755
--- a/tools/build/upload44
+++ b/tools/build/upload44
@@ -172,6 +172,10 @@ fi
 files="errata known_problems.txt releasenotes.txt patch-*-$1 ${1}.*"
 base=
 
+for f in *-${1}.tar.bz2 *-${1}.tgz; do
+    /usr/bin/gpg -ab --batch --comment 'To verify this, you can download our public key at https://lists.shorewall.net/shorewall.gpg.key' $f
+done
+
 [ -n "$UPLOAD6" ]      && base="shorewall6-${1}.tar.*"                && files="$files shorewall6-${1}.*          $rpm6"
 [ -n "$UPLOADCOMMON" ] && base="$base shorewall-${1}.tar.*"           && files="$files shorewall-${1}.*           $rpm"
 [ -n "$UPLOADLITE" ]   && base="$base shorewall-lite-${1}.tar.*"      && files="$files shorewall-lite-${1}.*      $literpm"