--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/bin/sign-unsigned-dsc-and-changes Fri Jul 03 15:23:10 2009 +0200
@@ -0,0 +1,54 @@
+#!/usr/bin/perl
+
+# Some source packages come unsigned. This wouldnt be a problem if it wouldnt
+# cause reprepro to spit messages like: 'Data seems not to be signed trying to
+# use directly...' which may be confusing when you think that it is related to
+# a changes file
+use strict;
+
+use IO::File;
+use File::Basename;
+use Symbol qw(gensym);
+
+my $arch = 'i386';
+my $incoming = "/home/apt/incoming";
+
+my @unsigned = qw(
+
+ nagios-client-check_1.4.5-1.dsc
+ freeradius_1.0.0+cvs20040609-0.hs.dsc
+ libnss-ldap_238-1.schlittermann.1.dsc
+
+);
+
+my $cv = "/usr/bin/gpg --verify";
+my $cc = "/usr/bin/gpg --clearsign";
+my $cu = "/usr/bin/changestool";
+
+for (@unsigned) {
+
+ my $cmd;
+
+ my $sf = "$incoming/$_";
+ (my $cf = $sf) =~ s/\.dsc$/_${arch}.changes/;
+
+ # we assume that the changes have been successfully resigned too when the dsc
+ # files can be verified
+ my $r = qx/$cv $sf 2>&1/;
+ next unless $?;
+
+ print "Attempting to sign [$sf] .. ";
+ $cmd = "$cc $sf";
+ system($cmd) == 0 or warn "[system($cmd)] failed: [$?] [$!]\n";
+ rename("$sf.asc", $sf) or warn "rename([$sf.asc], [$sf]) failed: [$!]\n";
+ print "finished\n";
+
+ print "Attempting to update and sign [$cf] .. ";
+ $cmd = "$cu $cf updatechecksums $sf";
+ system("$cmd") == 0 or warn "[system($cmd)] failed: [$?] [$!]\n";
+ $cmd = "$cc $cf";
+ system($cmd) == 0 or warn "[system($cmd)] failed: [$?] [$!]\n";
+ rename("$cf.asc", $cf) or warn "rename([$cf.asc], [$cf]) failed: [$!]\n";
+ print "finished\n";
+
+}