diff --git a/app/Makefile.am.inc b/app/Makefile.am.inc
index 00e9d5df..146ef18e 100644
--- a/app/Makefile.am.inc
+++ b/app/Makefile.am.inc
@@ -23,6 +23,7 @@ xdg_app_SOURCES = \
app/xdg-app-builtins-build-finish.c \
app/xdg-app-builtins-build-export.c \
app/xdg-app-builtins-build-bundle.c \
+ app/xdg-app-builtins-build-sign.c \
app/xdg-app-builtins-repo-update.c \
app/xdg-app-builtins-document.c \
$(xdp_dbus_built_sources) \
diff --git a/app/xdg-app-builtins-build-sign.c b/app/xdg-app-builtins-build-sign.c
new file mode 100644
index 00000000..e748e447
--- /dev/null
+++ b/app/xdg-app-builtins-build-sign.c
@@ -0,0 +1,117 @@
+/*
+ * Copyright © 2014 Red Hat, Inc
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library. If not, see .
+ *
+ * Authors:
+ * Alexander Larsson
+ */
+
+#include "config.h"
+
+#include
+#include
+#include
+#include
+
+#include "libgsystem.h"
+#include "libglnx/libglnx.h"
+
+#include "xdg-app-builtins.h"
+#include "xdg-app-utils.h"
+
+static char *opt_arch;
+static gboolean opt_runtime;
+static char **opt_gpg_key_ids;
+static char *opt_gpg_homedir;
+
+static GOptionEntry options[] = {
+ { "arch", 0, 0, G_OPTION_ARG_STRING, &opt_arch, "Arch to install for", "ARCH" },
+ { "runtime", 0, 0, G_OPTION_ARG_NONE, &opt_runtime, "Look for runtime with the specified name", },
+ { "gpg-sign", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_gpg_key_ids, "GPG Key ID to sign the commit with", "KEY-ID"},
+ { "gpg-homedir", 0, 0, G_OPTION_ARG_STRING, &opt_gpg_homedir, "GPG Homedir to use when looking for keyrings", "HOMEDIR"},
+ { NULL }
+};
+
+
+gboolean
+xdg_app_builtin_build_sign (int argc, char **argv, GCancellable *cancellable, GError **error)
+{
+ g_autoptr(GOptionContext) context = NULL;
+ g_autoptr(GFile) repofile = NULL;
+ g_autoptr(OstreeRepo) repo = NULL;
+ const char *location;
+ const char *branch;
+ const char *id;
+ g_autofree char *commit_checksum = NULL;
+ g_autofree char *ref = NULL;
+ char **iter;
+
+ context = g_option_context_new ("LOCATION ID [BRANCH] - Create a repository from a build directory");
+
+ if (!xdg_app_option_context_parse (context, options, &argc, &argv, XDG_APP_BUILTIN_FLAG_NO_DIR, NULL, cancellable, error))
+ return FALSE;
+
+ if (argc < 3)
+ {
+ usage_error (context, "LOCATION and DIRECTORY must be specified", error);
+ return FALSE;
+ }
+
+ location = argv[1];
+ id = argv[2];
+
+ if (argc >= 4)
+ branch = argv[3];
+ else
+ branch = "master";
+
+ if (!xdg_app_is_valid_name (id))
+ return xdg_app_fail (error, "'%s' is not a valid name", id);
+
+ if (!xdg_app_is_valid_branch (branch))
+ return xdg_app_fail (error, "'%s' is not a valid branch name", branch);
+
+ if (opt_gpg_key_ids == NULL)
+ return xdg_app_fail (error, "No gpg key ids specified");
+
+ if (opt_runtime)
+ ref = xdg_app_build_runtime_ref (id, branch, opt_arch);
+ else
+ ref = xdg_app_build_app_ref (id, branch, opt_arch);
+
+ repofile = g_file_new_for_commandline_arg (location);
+ repo = ostree_repo_new (repofile);
+
+ if (!ostree_repo_open (repo, cancellable, error))
+ return FALSE;
+
+ if (!ostree_repo_resolve_rev (repo, ref, TRUE, &commit_checksum, error))
+ return FALSE;
+
+ for (iter = opt_gpg_key_ids; iter && *iter; iter++)
+ {
+ const char *keyid = *iter;
+
+ if (!ostree_repo_sign_commit (repo,
+ commit_checksum,
+ keyid,
+ opt_gpg_homedir,
+ cancellable,
+ error))
+ return FALSE;
+ }
+
+ return TRUE;
+}
diff --git a/app/xdg-app-builtins.h b/app/xdg-app-builtins.h
index 5e022aa7..c71253ee 100644
--- a/app/xdg-app-builtins.h
+++ b/app/xdg-app-builtins.h
@@ -65,6 +65,7 @@ BUILTINPROTO(enter);
BUILTINPROTO(build_init);
BUILTINPROTO(build);
BUILTINPROTO(build_finish);
+BUILTINPROTO(build_sign);
BUILTINPROTO(build_export);
BUILTINPROTO(build_bundle);
BUILTINPROTO(build_update_repo);
diff --git a/app/xdg-app-main.c b/app/xdg-app-main.c
index 2c594065..87edbfb8 100644
--- a/app/xdg-app-main.c
+++ b/app/xdg-app-main.c
@@ -70,6 +70,7 @@ static XdgAppCommand commands[] = {
{ "build-finish", xdg_app_builtin_build_finish, "Finish a build dir for export" },
{ "build-export", xdg_app_builtin_build_export, "Export a build dir to a repository" },
{ "build-bundle", xdg_app_builtin_build_bundle, "Create a bundle file from a build directory" },
+ { "build-sign", xdg_app_builtin_build_sign, "Sign an application or runtime" },
{ "build-update-repo", xdg_app_builtin_build_update_repo, "Update the summary file in a repository" },
/* Deprecated old names */
diff --git a/doc/Makefile.am b/doc/Makefile.am
index 01f84be4..fa641ea9 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -37,6 +37,7 @@ man_MANS = \
xdg-app-build-finish.1 \
xdg-app-build-export.1 \
xdg-app-build-update-repo.1 \
+ xdg-app-build-sign.1 \
xdg-app-builder.1 \
$(NULL)
diff --git a/doc/xdg-app-build-export.xml b/doc/xdg-app-build-export.xml
index 02f0543c..155d0145 100644
--- a/doc/xdg-app-build-export.xml
+++ b/doc/xdg-app-build-export.xml
@@ -215,6 +215,7 @@ Content Bytes Written: 305
xdg-app-build-init1,
xdg-app-build1,
xdg-app-build-finish1
+ xdg-app-build-sign1
xdg-app-repo-update1
diff --git a/doc/xdg-app-build-sign.xml b/doc/xdg-app-build-sign.xml
new file mode 100644
index 00000000..4a6a5e39
--- /dev/null
+++ b/doc/xdg-app-build-sign.xml
@@ -0,0 +1,154 @@
+
+
+
+
+
+
+ xdg-app build-sign
+ xdg-app
+
+
+
+ Developer
+ Alexander
+ Larsson
+ alexl@redhat.com
+
+
+
+
+
+ xdg-app build-sign
+ 1
+
+
+
+ xdg-app-build-sign
+ Sign an application or runtime
+
+
+
+
+ xdg-app build-sign
+ OPTION
+ LOCATION
+ ID
+ BRANCH
+
+
+
+
+ Description
+
+
+ Signs the commit for a speficied application or runtime in
+ a local repository. LOCATION is
+ the location of the repository. ID is the name of the application, or
+ runtime if --runtime is specified. If BRANCH is not specified, it is
+ assumed to be "master".
+
+
+ Applications can also be signed during build-export, but
+ it is sometimes useful to add additionaly signatures later.
+
+
+
+
+ Options
+
+ The following options are understood:
+
+
+
+
+
+
+
+ Show help options and exit.
+
+
+
+
+
+
+
+ Sign the commit with this GPG key
+
+
+
+
+
+
+
+ GPG Homedir to use when looking for keyrings
+
+
+
+
+
+
+
+ Sign a runtime instead of an app.
+
+
+
+
+
+
+
+ The architecture to use.
+
+
+
+
+
+
+
+
+ Print debug information during command processing.
+
+
+
+
+
+
+
+ Print version information and exit.
+
+
+
+
+
+
+ Examples
+
+
+ $ xdg-app build-export ~/repos/gnome-calculator/ ~/build/gnome-calculator/ org.gnome.Calculator
+
+
+Commit: 9d0044ea480297114d03aec85c3d7ae3779438f9d2cb69d717fb54237acacb8c
+Metadata Total: 605
+Metadata Written: 5
+Content Total: 1174
+Content Written: 1
+Content Bytes Written: 305
+
+
+
+
+
+ See also
+
+
+ ostree1,
+ xdg-app1,
+ xdg-app-build-export1,
+ xdg-app-build1,
+
+
+
+
+
diff --git a/doc/xdg-app.xml b/doc/xdg-app.xml
index 48df8949..d48613fc 100644
--- a/doc/xdg-app.xml
+++ b/doc/xdg-app.xml
@@ -262,6 +262,13 @@
Update the summary file in a repository.
+
+ xdg-app-build-sign1
+
+
+ Sign an application or runtime after its been exported.
+
+