From 55a977f2a4dcda32f01dab3bb673d808e9d3f3c6 Mon Sep 17 00:00:00 2001
From: Tobias Markmann <tm@ayena.de>
Date: Mon, 15 Aug 2016 15:30:56 +0200
Subject: Optionally create GPG signature for generated tarball

If the gpg tool is found in the PATH and a key exists for
Swift's signing identity, package.sh will generated a GPG
signature (.asc) file alongside the tarball.

Test-Information:

Created a new GPG key with Swift's signing identity,
ran package.sh script and correctly verified the generated
signature with GPG.

Tested both with and without --nosign flag.

Tested on Debian 8.5 with GPG 1.4.18.

Change-Id: I7e6c8b6a7c900b68e53ece97a59eba33a2de565d

diff --git a/Swift/Packaging/Source/package.sh b/Swift/Packaging/Source/package.sh
index 16a9a1f..3872b35 100755
--- a/Swift/Packaging/Source/package.sh
+++ b/Swift/Packaging/Source/package.sh
@@ -3,9 +3,13 @@
 ## For a Swiften-only tarball, try
 ## EXCLUDE_FOLDERS="Swift Sluift Limber Slimber" ./package.sh
 
+## This script will require GPG and a suitable signing key by default.
+## To disable tarball signature generation, pass the --nosign parameter to package.sh.
+
 export PYTHONPATH=../../../BuildTools/SCons
 VERSION=`../../../BuildTools/GetBuildVersion.py swift`
 DIRNAME=swift-$VERSION
+FIRST_ARGUMENT=$1
 
 if [ -z "$VERSION" ]; then
 	echo "Unable to determine version"
@@ -40,3 +44,20 @@ done
 
 echo "Creating tarball ..."
 $TAR -czf $DIRNAME.tar.gz --owner=swift --group=swift $DIRNAME
+
+if [ "$FIRST_ARGUMENT" != "--nosign" ]; then
+	echo "Creating armored GPG signature ..."
+	which gpg
+	if [ $? -eq 0 ]; then
+		gpg --list-keys packages@swift.im
+		if [ $? -eq 0 ]; then
+			gpg --armor --default-key packages@swift.im --detach-sign $DIRNAME.tar.gz
+		else
+			echo "Key for packages@swift.im missing. Not signing tar archive."
+			exit 1
+		fi
+	else
+		echo "GPG not found. Not signing tar archive."
+		exit 1
+	fi
+fi
\ No newline at end of file
-- 
cgit v0.10.2-6-g49f6