Add GPG signature support to makepkg

This is a rather simple patch to add signing support to makepkg. Add a
create_signature() to makepkg, add a 'sign' BUILDENV option in makepkg.conf,
and document the changes in the makepkg.conf manpage.

Signed-off-by: Geoffroy Carrier <geoffroy.carrier@koon.fr>
Signed-off-by: Dan McGee <dan@archlinux.org>

3 files changed, 32 insertions, 3 deletions

diff --git a/doc/makepkg.conf.5.txt b/doc/makepkg.conf.5.txt
index 61302492..a9faa14d 100644
--- a/doc/makepkg.conf.5.txt
+++ b/doc/makepkg.conf.5.txt
@@ -70,7 +70,7 @@ Options
 	This is often used to set the number of jobs used, for example, `-j2`.
 	Other flags that make accepts can also be passed.
 
-**BUILDENV=(**fakeroot !distcc color !ccache**)**::
+**BUILDENV=(**fakeroot !distcc color !ccache !sign**)**::
 	This array contains options that affect the build environment, the defaults
 	are shown here. All options should always be left in the array; to enable
 	or disable an option simply remove or place an ``!'' at the front of the
@@ -98,6 +98,13 @@ Options
 		enabled or disabled for individual packages through the use of
 		makepkg's `--check` and `--nocheck` options respectively.
 
+	*sign*;;
+		Generate a PGP signature file using GnuPG. This will execute `gpg
+		--detach-sign --use-agent` on the built package to generate a detached
+		signature file, using the GPG agent if it is available. The signature
+		file will be the entire filename of the package with a ``.sig''
+		extension.
+
 **DISTCC_HOSTS=**"host1 ..."::
 	If using DistCC, this is used to specify a space-delimited list of hosts
 	running in the DistCC cluster. In addition, you will want to modify your
diff --git a/etc/makepkg.conf.in b/etc/makepkg.conf.in
index 81a11b1d..286e2a84 100644
--- a/etc/makepkg.conf.in
+++ b/etc/makepkg.conf.in
@@ -39,7 +39,7 @@ CXXFLAGS="@CARCHFLAGS@-mtune=generic -O2 -pipe"
 # BUILD ENVIRONMENT
 #########################################################################
 #
-# Defaults: BUILDENV=(fakeroot !distcc color !ccache check)
+# Defaults: BUILDENV=(fakeroot !distcc color !ccache check !sign)
 #  A negated environment option will do the opposite of the comments below.
 #
 #-- fakeroot: Allow building packages as a non-root user
@@ -47,8 +47,9 @@ CXXFLAGS="@CARCHFLAGS@-mtune=generic -O2 -pipe"
 #-- color:    Colorize output messages
 #-- ccache:   Use ccache to cache compilation
 #-- check:    Run the check() function if present in the PKGBUILD
+#-- sign:     Generate PGP signature file
 #
-BUILDENV=(fakeroot !distcc color !ccache check)
+BUILDENV=(fakeroot !distcc color !ccache check !sign)
 #
 #-- If using DistCC, your MAKEFLAGS will also need modification. In addition,
 #-- specify a space-delimited list of hosts running in the DistCC cluster.
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index bb7616cf..f28097f6 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -1099,6 +1099,25 @@ create_package() {
 	fi
 }
 
+create_signature() {
+	if [[ $(check_buildenv sign) != "y" ]]; then
+		return
+	fi
+	local ret=0
+	local filename="$PKGDEST/${pkgname}-${pkgver}-${pkgrel}-${CARCH}${PKGEXT}"
+	msg "$(gettext "Signing package...")"
+	if [ ! $(type -p "gpg") ]; then
+		error "$(gettext "Cannot find the gpg binary! Is gnupg installed?")"
+		exit 1 # $E_MISSING_PROGRAM
+	fi
+	gpg --detach-sign --use-agent $filename || ret=$?
+	if (( ! ret )); then
+		msg2 "$(gettext "Created signature file %s.")" $filename.sig
+	else
+		warning "$(gettext "Failed to sign package file.")"
+	fi
+}
+
 create_srcpackage() {
 	cd "$startdir"
 
@@ -2115,6 +2134,8 @@ fi
 fullver=$(get_full_version $epoch $pkgver $pkgrel)
 msg "$(gettext "Finished making: %s")" "$pkgbase $fullver ($(date))"
 
+create_signature
+
 install_package
 
 exit 0 #E_OK