From aa99fa1674f958d5fa32cbff860c500014d0a925 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fe=CC=81lix=20Saparelli?= <felix@passcod.name>
Date: Thu, 22 Jul 2021 03:53:25 +1200
Subject: [PATCH] Add bin/sign tool

---
 bin/sign | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)
 create mode 100755 bin/sign

diff --git a/bin/sign b/bin/sign
new file mode 100755
index 0000000..ba8f587
--- /dev/null
+++ b/bin/sign
@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+if ! which rsign >/dev/null; then
+    echo "Requires rsign2 tool: $ cargo install rsign2"
+    exit 2
+fi
+
+missing=""
+for f in {B3,SHA512}SUMS{,.auto.minisig}; do
+    [[ ! -f "$f" ]] && missing="$missing $f"
+done
+
+if [[ ! -z "$missing" ]]; then
+    echo "Usage: bin/sign [rsign options...]"
+    echo "You must first download the relevant sums and minisig files."
+    echo "Missing: $missing"
+    exit 1
+fi
+
+sigs=""
+for algo in B3 SHA512; do
+
+    echo "Verifying ${algo}SUMS.auto.minisig:"
+    rsign verify \
+        -p "$(dirname $BASH_SOURCE)/../.github/workflows/release.pub" \
+        -x "${algo}SUMS.auto.minisig" \
+        "${algo}SUMS"
+
+    version=$(grep -m1 -oP 'watchexec-[\d.]+' "${algo}SUMS" | cut -d- -f3)
+    ownsig="${algo}SUMS.$(whoami).minisig"
+    sigs="$sigs $ownsig"
+
+    echo "Signing ${algo}SUMS with your key to $ownsig:"
+    rsign sign \
+        -t "watchexec $version signed by maintainer: $(whoami)" \
+        -c 'see README.md for signing information' \
+        -x "$ownsig" \
+        $@ \
+        "${algo}SUMS"
+done
+
+echo "Done; please upload $sigs to Github release $version!"