From 705fde638084f64c52b161a7bf8703716772ca3f Mon Sep 17 00:00:00 2001
From: Joerg Jaspert <joerg@debian.org>
Date: Sun, 27 Dec 2015 15:03:51 +0100
Subject: [PATCH] Generate "extrafiles", (closes: #752134)

A clearsigned sha256sum of files not otherwise having a signed checksum
available.
---
 config/debian/cron.dinstall      |  2 ++
 config/debian/dinstall.functions | 19 +++++++++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/config/debian/cron.dinstall b/config/debian/cron.dinstall
index 001ab117..f1a3dcf5 100755
--- a/config/debian/cron.dinstall
+++ b/config/debian/cron.dinstall
@@ -266,6 +266,7 @@ copyoverrides          none                       copyoverrides              fal
 mklslar                none                       mklslar                    false   false
 mkfilesindices         none                       mkfilesindices             false   false
 mkchecksums            none                       mkchecksums                false   false
+signotherfiles         none                       signotherfiles             false   false
 mirror                 none                       mirror\ hardlinks          false   false
 NOSTAGE                remove_locks               none                       false   false
 STATE                  postlock                   none                       false   false
@@ -285,6 +286,7 @@ NOSTAGE                rm\ -f\ "\${LOCK_BRITNEY}" none                       fal
 cleantransactions      none                       none                       false   false
 EOF
         )
+# FUNC                 ARGS                       TIME                       ERR     BG
 
 # we need to wait for the background processes before the end of dinstall
 wait
diff --git a/config/debian/dinstall.functions b/config/debian/dinstall.functions
index 25f84600..9aadf836 100644
--- a/config/debian/dinstall.functions
+++ b/config/debian/dinstall.functions
@@ -662,3 +662,22 @@ function changelogs() {
         trap remove_changelog_lock EXIT TERM HUP INT QUIT
     fi
 }
+
+function signotherfiles() {
+    log "Signing extra mirror files"
+
+    local archiveroot
+
+    for archive in "${public_archives[@]}"; do
+        log "... archive: ${archive}"
+        archiveroot="$(get_archiveroot "${archive}")"
+        local TMPLO=$( mktemp -p ${TMPDIR} )
+        trap "rm -f ${TMPLO}" ERR EXIT TERM HUP INT QUIT
+
+        cd ${archiveroot}
+        rm -f extrafiles
+        sha256sum $(find * -type f | egrep -v '(pool|i18n|dep11|source)/|Contents-.*\.(gz|diff)|installer|binary-|(In)?Release(.gpg)?|\.changes') > ${TMPLO}
+        gpg --no-options --batch --no-tty --armour --personal-digest-preferences=SHA256 --secret-keyring /srv/ftp-master.debian.org/s3kr1t/dot-gnupg/secring.gpg --keyring /srv/ftp-master.debian.org/s3kr1t/dot-gnupg/pubring.gpg --no-options --batch --no-tty --armour --default-key 473041FA --clearsign --output ${archiveroot}/extrafiles ${TMPLO}
+        rm -f ${TMPLO}
+    done
+}
-- 
2.39.2