[bin/sign-advisory.sh] New helper script for signing DSAs

  Sign a DSA generated by gen-D{L,S}A

  This allows for any number of headers below the regular 3 that
  gen-DSA generates (From, To, Subject).

  This can be useful if the advisory contains non-ASCII characters,
  like in first and last names for credits, and we need to send it as
  UTF-8. In that case, the signature will still be OK, and all the
  headers retained, even if we manually added those two to the DSA:

    Content-Transfer-Encoding: 8bit
    Content-type: text/plain; charset=UTF-8

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@44153 e39458fd-73e7-0310-bf30-c45bca0a0e42

1 files changed, 40 insertions, 0 deletions

diff --git a/bin/sign-advisory.sh b/bin/sign-advisory.sh
new file mode 100755
index 0000000000..5808b98984
--- /dev/null
+++ b/bin/sign-advisory.sh
@@ -0,0 +1,40 @@
+#! /bin/bash
+
+# Sign a DSA generated by gen-D{L,S}A
+# 
+# This allows for any number of headers below the regular 3 that
+# gen-DSA generates (From, To, Subject).
+# 
+# This can be useful if the advisory contains non-ASCII characters,
+# like in first and last names for credits, and we need to send it as
+# UTF-8. In that case, the signature will still be OK, and all the
+# headers retained, even if we manually added those two to the DSA:
+#
+#   Content-Transfer-Encoding: 8bit
+#   Content-type: text/plain; charset=UTF-8
+#
+# Copyright (C) 2016 Sebastien Delafond <seb@debian.org>
+
+set -e
+
+usage() {
+  echo "Usage: $0 </path/to/DSA-nnnn-m>"
+  echo "  this will create /path/to/DSA-nnnn-m.signed"
+}
+
+if [[ $# != 1 ]] ; then
+  usage
+  exit 1
+elif [[ $1 == "-h" ]] || [[ $1 == "--help" ]] ; then
+  usage
+  exit 0
+fi
+
+dsa=$1
+signed_dsa=${dsa}.signed
+
+# figure out the offset for actual DSA text, after headers
+n=$(awk '/^-+/ {print NR ; exit}' $dsa)
+
+# keep headers, and sign the content
+{ head -n $(($n - 1)) $dsa ; tail -n +$n $dsa | gpg --clearsign ; } >| $signed_dsa