#!/usr/bin/perl

# Copyright (C) 2001,2002 Progeny Linux Systems, Inc.
# Authors: John Goerzen, Branden Robinson
# Copyright (C) 2009  Peter Pentchev <roam@ringlet.net>

# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

use strict;
use warnings;

use Getopt::Long;

use Debian::debsigs::debsigsmain;

sub syntax($);
sub version();

Getopt::Long::Configure('no_ignore_case');

$| = 1;

# set up variables

my $verbose = '';

my $maint_keyid = $ENV{DEBSIGS_MAINT_ID};
my $archive_keyid = $ENV{DEBSIGS_ARCHIVE_ID};
my $origin_keyid = $ENV{DEBSIGS_ORIGIN_ID};
my $secring = $ENV{DEBSIGS_SECRING};
my ($showhelp, $showversion);

GetOptions ('verbose' => \$verbose,
            'maint=s' => \$maint_keyid,
            'archive=s' => \$archive_keyid,
            'origin=s' => \$origin_keyid,
            'secring=s' => \$secring,
	    'help|h' => \$showhelp,
	    'version|V' => \$showversion);

version() if $showversion;
syntax(0) if $showhelp;
exit(0) if $showhelp || $showversion;

my %ids = ('maint' => $maint_keyid,
        'archive' => $archive_keyid,
        'origin' => $origin_keyid);

my @tosign = @ARGV;
syntax(1) unless (defined($tosign[0]));

while (defined(my $line = <STDIN>)) {
  chomp $line;
  if ($verbose) {
    print "Signing $line:";
  }
  foreach my $sig (@tosign) {
    my @cmd;
    if ($verbose) {
      print " $sig";
    }
    @cmd = ("debsigs", "--sign=$sig");
    push @cmd, '-K', $secring if $secring;
    push @cmd, "--default-key=$ids{$sig}" if $ids{$sig};
    push @cmd, $line;
    (system(@cmd) == 0) or die
              "Error signing!";
  }
  if ($verbose) {
    print ".\n";
  }
}

sub syntax($) {
  my ($err) = @_;
  my $s = "Usage: debsigs-autosign [options] sigtype [ ... ]\n".
    "Reads package names from standard input, and signs each with debsigs.\n".
    "\n".
    "\t--archive=KEYID    use KEYID for archive signature\n".
    "\t--maint=KEYID      use KEYID for maintainer signature\n".
    "\t--origin=KEYID     use KEYID for origin signature\n".
    "\t--secring=FILE     use FILE as GPG secret keyring\n".
    "\t--verbose          report status messages\n\n".
    "See the debsigs manual page for information about the signature types.\n";

  if ($err) {
    print STDERR "$s";
    exit(1);
  } else {
    print "$s";
  }
}

sub version() {
  print "debsigs-autosign $Debian::debsigs::debsigsmain::VERSION\n";
}

__END__

=head1 NAME

debsigs-autosign - batch-sign Debian package files

=head1 SYNOPSIS

B<debsigs-autosign> [I<options>] I<sigtype> [ I<...> ]

=head1 DESCRIPTION

I<debsigs-autosign> reads a newline-delimited list of file names from
standard input and runs I<debsigs>(1) on each package, with arguments
determined by the options, operands, and environment of
I<debsigs-autosign>.  See the L<debsigs(1)> manual page for more
information about the signature types.

=head1 OPTIONS

=over 5

=item B<--archive=>I<keyid>

=item B<--maint=>I<keyid>

=item B<--origin=>I<keyid>

The above options specify cryptographic key identifiers for use with
I<gpg>(1).

=item B<--secring=>I<file>

This option identifies a secret keyring file for use with I<gpg>(1).

=item B<--verbose>

Displays verbose output.

=back

=head1 OPERANDS

Each operand is a signature type to apply to the Debian package(s) to be
processed.  Currently recongnized signature types are B<archive>,
B<maint>, and B<origin>.

=head1 ENVIRONMENT

The following environment variables are recognized by
I<debsigs-autosign>:

=over 5

=item I<DEBSIGS_ARCHIVE_ID>

=item I<DEBSIGS_MAINT_ID>

=item I<DEBSIGS_ORIGIN_ID>

The above variables specify cryptographic key identifiers for use with
I<gpg>(1).

=item I<DEBSIGS_SECRING>

This variable identifies a secret keyring file for use with I<gpg>(1).

=back

=head1 AUTHORS

=over 5

=item John Goerzen <jgoerzen@complete.org>

=item Branden Robinson <branden@debian.org>

=back

=head1 SEE ALSO

debsigs(1), debsig-verify(1), gpg(1)

=cut

# vim:set ai et sts=2 sw=2 tw=72:
