Generate some checksum files with more up-to-date hash functions than

MD5. Shipped (and signed) alongside the existing 'md5sums' file.

[originally from svn r9189]

Buildscr

@@ -98,9 +98,14 @@ deliver putty/windows/*.map maps-x86/$@
 # whatever key they want.
 deliver putty/sign.sh $@
 
-# Building the md5sums file is most easily done in the destination
-# directory.
-in-dest putty do md5sum `\find * -type f -print` > md5sums
+# Create files of cryptographic checksums, which will be signed along
+# with the files they verify. We've provided MD5 checksums for a
+# while, but now MD5 is looking iffy, we're expanding our selection.
+#
+# Creating these files is most easily done in the destination
+# directory, where all the files we're delivering are already in their
+# final relative layout.
+in-dest putty do a=`\find * -type f -print`; md5sum $$a > md5sums && sha1sum $$a > sha1sums && sha256sum $$a > sha256sums && sha512sum $$a > sha512sums
 
 # And construct .htaccess files. One in the top-level directory,
 # setting the MIME types for Windows help files and providing an

sign.sh

@@ -3,9 +3,9 @@
 # Generate GPG signatures on a PuTTY release/snapshot directory as
 # delivered by Buildscr.
 
-# Usage: sign.sh <builddir> <keytype>
-# e.g. sign.sh build.out Snapshots
-#   or sign.sh 0.60 Releases
+# Usage: sh sign.sh <builddir> <keytype>
+# e.g.   sh sign.sh putty Snapshots  (probably in the build.out directory)
+#   or   sh sign.sh 0.60 Releases
 
 set -e
 
@@ -25,5 +25,7 @@ for t in DSA RSA; do
   for i in putty*src.zip putty*.tar.gz x86/*.exe x86/*.zip; do
     sign --detach-sign "$i" "$i.$t"
   done
-  sign --clearsign md5sums md5sums.$t
+  for i in md5sums sha1sums sha256sums sha512sums; do
+    sign --clearsign $i ${i}.$t
+  done
 done