#!/bin/bash
# sign_all_archives.sh
# This script signs all .tbz2 archives under /opt/local/var/macports/software recursively.

PRIVATE_KEY="/opt/local/etc/macports/privkey.pem"
ARCHIVE_DIR="/opt/local/var/macports/software"

# Check if the private key exists
if [ ! -f "$PRIVATE_KEY" ]; then
    echo "Private key not found at $PRIVATE_KEY"
    exit 1
fi

# Find and sign all .tbz2 archives
find "$ARCHIVE_DIR" -type f -name "*.tbz2" | while read -r archive; do
    signature="${archive}.rmd160"
    echo "Signing $archive..."
    # Sign the archive and generate the .rmd160 file
    openssl dgst -ripemd160 -sign "$PRIVATE_KEY" -out "$signature" "$archive"
    if [ $? -ne 0 ]; then
        echo "Failed to sign $archive"
    else
        echo "Successfully signed $archive"
    fi
done