pkgmeek: automatically create new signature if one is not present, similar to how footprints are handled

man8/pkgmeek.8

@@ -43,10 +43,13 @@ Build package without checking footprint.
 Update footprint and treat last build as successful.
 .TP
 .B "\-us, \-\-update\-signature"
-Update port signature and sha256sums.
+Update port signature and sha256sums. Only needed after editing a
+previously-built port, since the first build of a new port will automatically
+create \fB.signature\fP in the port directory.
 .TP
 .B "\-cs, \-\-check\-signature"
-Check the validity of Pkgfile, footprint, and sources using the signature and sha256sums.
+Check the validity of Pkgfile, footprint, and sources using the signature and
+sha256sums.
 .TP
 .B "\-is, \-\-ignore\-signature"
 Build package without checking the signature and sha256sums.

scripts/pkgmeek

@@ -13,7 +13,7 @@ local errDL=0; local errUZ=0; local BSDTAR="/usr/bin/bsdtar --format=gnutar"
 parse_options "$@"
 
 # Exit early if refreshing an existing sha256 manifest was requested
-[ "$PKGMK_REFRESH_SIG" = "yes" ] && { make_signature refresh && info "signature refreshed."; exit $?; }
+[ "$PKGMK_REFRESH_SIG" = "yes" ] && { make_signature refresh; exit $?; }
 #
 # Read the Pkgfile to determine what to do next. But first ensure that
 # it came from a trusted source (FS#1851)
@@ -109,7 +109,7 @@ if [ "$PKGMK_UPDATE_FOOTPRINT" = "yes" ]; then
 fi
 # Updating signatures (option -us) requires only sources and footprint, not a built package.
 # As with -uf, exit after fulfilling the explicit request for a manifest.
-[ "$PKGMK_UPDATE_SIG" = "yes" ] && { make_signature new && info "signature created."; cleanup_work; exit $?; }
+[ "$PKGMK_UPDATE_SIG" = "yes" ] && { make_signature new; cleanup_work; exit $?; }
 
 # All the sources should be here by now, let's verify that we can trust them.
 readonly cs_fail_msg="Use '--ignore-signature' to override, if you have determined integrity by other means."
@@ -184,6 +184,9 @@ if [ "$pkg_utd" = 0 ] || [[ "$PKGMK_FORCE $PKGMK_EXTRACT_ONLY" =~ yes ]]; then
 
 fi  # Continue from here if extract and build were skipped
 
+[ "$PKGMK_IGNORE_SIG" = "yes" ] || [ -e "$PKGMK_ROOT/.signature" ] \
+	|| make_signature new
+
 # Clean up the work directory.
 find . -maxdepth 1 -mindepth 1 -type l -delete; cleanup_work
 
@@ -483,7 +486,8 @@ get_repo_key() {
 
 make_signature() {
 	local ordered si pub
-	[ -w "$PKGMK_ROOT/.signature" ] || { error ".signature not writable."; return $E_DIRPERM; }
+	[ ! -e "$PKGMK_ROOT/.signature" ] || [ -w "$PKGMK_ROOT/.signature" ] \
+		|| { error ".signature not writable."; return $E_DIRPERM; }
 
 	[ -n "$PKGMK_PRIVATEKEY" ] || PKGMK_PRIVATEKEY="$(get_repo_key secret)"
 	if [ -n "$PKGMK_PRIVATEKEY" ]; then
@@ -522,6 +526,7 @@ make_signature() {
 			fi
 		;;
 	esac
+	[ "$1" = "new" ] && echo "signature created." || echo "signature updated."
 }
 
 interrupted() {