#!/bin/bash

PKGDIR=/tmp/$$.signpkg

if ! [ "$GPG_AGENT_INFO" ];then
	echo "Please run gpg agent with:"
	echo "gpg-agent --daemon bash"
	exit 1
fi

trap "rm -rf $PKGDIR" 0

while true; do 
	PKG=$1
	shift
	[ "$PKG" ] || exit 0
	
	if ! echo "$PKG" | grep '^/' >/dev/null; then
		BASENAME="`pwd`/$PKG"
	else
		BASENAME="$PKG"
	fi

	if [ -f "$BASENAME.asc" ]; then
		echo "$PKG is already signed, skipping..."
		continue
	fi
	
	rm -rf "$PKGDIR" 2>/dev/null
	mkdir "$PKGDIR" || exit 1

	echo "Checksumming $PKG..."
	md5sum -b $PKG  > $BASENAME.tmp
	
	echo "Extracting $PKG..."
	tar --exclude 'dev/*' --no-same-permissions --no-same-owner --directory $PKGDIR -xzf $PKG || exit 1
	chmod -R 755 $PKGDIR || exit 1
	
	echo "Checksumming files..."
	pushd $PKGDIR >/dev/null || exit 1
	find -type f -exec md5sum -b "{}" \; >> $BASENAME.tmp || exit 1
	popd >/dev/null

	echo "Signing $BASENAME.tmp..."
	gpg --clearsign $BASENAME.tmp || exit 1
	rm $BASENAME.tmp || exit 1
	mv $BASENAME.tmp.asc $BASENAME.asc || exit 1
done