1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-10 01:48:00 +00:00
putty-source/sign.sh
Simon Tatham 79ff0d086a sign.sh: stop telling gpg to load the 'idea' extension.
The IDEA symmetric cipher was the standard one used to protect trad
PGP private keys, back in the days when PuTTY had its very first set.
We haven't needed this option for a long time, but it didn't cause any
obvious failures, so I never spotted it and removed it from the build
script.

But it does cause a failure now, because gpg on Ubuntu 24.04 reports
'invalid option "--load-extension=idea"', suggesting that it hasn't
just forgotten about _that_ extension, it doesn't even like extensions
at all any more. Happily, we don't need it.
2024-09-10 06:35:42 +01:00

61 lines
1.5 KiB
Bash
Executable File

#!/bin/sh
# Generate GPG signatures on a PuTTY release/snapshot directory as
# delivered by Buildscr.
# Usage: sh sign.sh [-r] <builddir>
# e.g. sh sign.sh putty (probably in the build.out directory)
# or sh sign.sh -r 0.60 (-r means use the release keys)
set -e
keyname=10625E553F53FAAD
preliminary=false
while :; do
case "$1" in
-r)
shift
keyname=1993D21BCAD1AA77
;;
-p)
shift
preliminary=true
;;
-*)
echo "Unknown option '$1'" >&2
exit 1
;;
*)
break
;;
esac
done
sign() {
# Check for the prior existence of the signature, so we can
# re-run this script if it encounters an error part way
# through.
echo "----- Signing $2 with key '$keyname'"
test -f "$3" || \
gpg "$1" -u "$keyname" -o "$3" "$2"
}
cd "$1"
echo "===== Signing with key '$keyname'"
if $preliminary; then
sign --clearsign sha512sums ../sha512sums-preliminary.gpg
else
for i in putty*src.zip putty*.tar.gz \
w32/*.exe w32/*.zip w32/*.msi \
w64/*.exe w64/*.zip w64/*.msi \
wa32/*.exe wa32/*.zip wa32/*.msi \
wa64/*.exe wa64/*.zip wa64/*.msi \
w32old/*.exe w32old/*.zip; do
sign --detach-sign "$i" "$i.gpg"
done
for i in md5sums sha1sums sha256sums sha512sums; do
sign --clearsign "$i" "$i.gpg"
done
fi