#!/bin/bash
set -e

KEY_FILE="$1"

if [ -z "$KEY_FILE" ]; then
    echo "Usage: $0 <private-key-file>"
    exit 1
fi

SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
REPO_ROOT="$(dirname "$SCRIPT_DIR")"
SIGNTOOL="$REPO_ROOT/signtool"

# 构建 signtool
if [ ! -f "$SIGNTOOL" ]; then
    echo "Building signtool..."
    cd "$REPO_ROOT"
    go build -o signtool ./tools/signtool
fi

cd "$REPO_ROOT"

# 签名撤销列表
if [ -f "security/revocation.json" ]; then
    echo "Signing revocation.json..."
    "$SIGNTOOL" sign-json -key "$KEY_FILE" security/revocation.json
fi

# 签名公钥列表
if [ -f "security/keys.json" ]; then
    echo "Signing keys.json..."
    "$SIGNTOOL" sign-json -key "$KEY_FILE" security/keys.json
fi

echo "Done!"