#!/bin/bash

#
#  To add your key to the KEYS file when signing a release
#  a command like the following will do the trick
#  
#  linux$ (gpg --fingerprint --list-sigs 'David Blevins' && gpg --armor --export 'David Blevins') >> KEYS
#
#  For the script impared, here is a concrete example of signing a file
#   
#  linux$ gpg --armor --output incubator-geronimo-1.0-M1.zip.asc --detach-sig incubator-geronimo-1.0-M1.zip
#
#  And to check that signature
#
#  linux$ gpg --verify incubator-geronimo-1.0-M1.zip.asc incubator-geronimo-1.0-M1.zip
#


function shash {
    openssl $1 < $2 > $2.$1 ;
}
function sign {
    archive=$1
    gpg --armor --output $archive.asc --detach-sig $archive
    gpg --verify $archive.asc $archive
}
function fail () { echo $1 >&2; exit 1;}

#  Let's create checksums for our source and binary tars and zips.
for archive in *.{zip,tar.gz,jar}; do
    echo $archive
    shash md5 $archive
    shash sha $archive
    sign $archive
done || fail "Unable to sign or hash release archives"