From dd6fd8ce5d05c14f34b34f3773804cc8dd1db125 Mon Sep 17 00:00:00 2001
From: Thomas Nagy <tnagy2pow10@gmail.com>
Date: Wed, 5 Mar 2014 22:52:54 +0100
Subject: [PATCH] support for included gpg signatures (use utils/verify-sig.py
 to verify them)

---
 utils/verify-sig.py | 53 +++++++++++++++++++++++++++++++++++++++++++++
 wscript             | 23 ++++++++++++++++++--
 2 files changed, 74 insertions(+), 2 deletions(-)
 create mode 100755 utils/verify-sig.py

diff --git a/utils/verify-sig.py b/utils/verify-sig.py
new file mode 100755
index 00000000..0ced24de
--- /dev/null
+++ b/utils/verify-sig.py
@@ -0,0 +1,53 @@
+#! /usr/bin/env python
+
+"""
+A simple file for verifying signatures in signed waf files
+
+Distributing detached signatures is boring
+"""
+
+import sys, os, re, subprocess
+
+if __name__ == '__main__':
+	try:
+		infile = sys.argv[1]
+	except IndexError:
+		infile = 'waf'
+
+	try:
+		outfile1 = sys.argv[2]
+	except IndexError:
+		outfile1 = infile + '-sig'
+
+	try:
+		outfile2 = sys.argv[3]
+	except IndexError:
+		outfile2 = outfile1 + '.asc'
+
+	f1 = open(outfile1, 'wb')
+	f2 = open(outfile2, 'wb')
+	f = open(infile, 'rb')
+	try:
+		txt = f.read()
+
+		lastline = txt.decode('ISO8859-1').splitlines()[-1] # just the last line
+		if not lastline.startswith('#-----BEGIN PGP SIGNATURE-----'):
+			print("ERROR: there is no signature to verify in %r :-/" % infile)
+			sys.exit(1)
+
+		sigtext = lastline.replace('\\n', '\n') # convert newlines
+		sigtext = sigtext[1:] # omit the '# character'
+		sigtext = sigtext.encode('ISO8859-1') # python3
+
+		f2.write(sigtext)
+		f1.write(txt[:-len(lastline) - 1]) # one newline character was eaten from splitlines()
+	finally:
+		f.close()
+		f1.close()
+		f2.close()
+
+	cmd = 'gpg --verify %s' % outfile2
+	print("-> %r" % cmd)
+	ret = subprocess.Popen(cmd, shell=True).wait()
+	sys.exit(ret)
+
diff --git a/wscript b/wscript
index 3a4a324f..f17e61f7 100644
--- a/wscript
+++ b/wscript
@@ -6,7 +6,7 @@
 to make a custom waf file use the option --tools
 
 To add a tool that does not exist in the folder compat15, pass an absolute path:
-./waf-light --make-waf --tools=compat15,/comp/waf/aba.py --prelude=$'\tfrom waflib.extras import aba\n\taba.foo()'
+./waf-light  --tools=compat15,/comp/waf/aba.py --prelude=$'\tfrom waflib.extras import aba\n\taba.foo()'
 """
 
 
@@ -86,9 +86,11 @@ def check(ctx):
 def options(opt):
 
 	# generate waf
-	opt.add_option('--make-waf', action='store_true', default=False,
+	opt.add_option('--make-waf', action='store_true', default=True,
 		help='creates the waf script', dest='waf')
 
+	opt.add_option('--sign', action='store_true', default=False, help='make a signed file', dest='signed')
+
 	opt.add_option('--zip-type', action='store', default='bz2',
 		help='specify the zip type [Allowed values: %s]' % ' '.join(zip_types), dest='zip')
 
@@ -368,9 +370,26 @@ def create_waf(*k, **kw):
 		f.write(to_bytes('#==>\n#'))
 		f.write(cnt)
 		f.write(to_bytes('\n#<==\n'))
+
+		if Options.options.signed:
+			f.flush()
+			try:
+				os.remove('waf.asc')
+			except OSError:
+				pass
+			ret = Utils.subprocess.Popen('gpg -bass waf', shell=True).wait()
+			if ret:
+				raise ValueError('Could not sign the waf file!')
+
+			sig = Utils.readf('waf.asc')
+			sig = sig.replace('\r', '').replace('\n', '\\n')
+			f.write('#')
+			f.write(sig)
+			f.write('\n')
 	finally:
 		f.close()
 
+
 	if sys.platform == 'win32' or Options.options.make_batch:
 		f = open('waf.bat', 'w')
 		try: