===================================================================
RCS file: /cvs/openbsd/update_openbsd/update_openbsd,v
retrieving revision 1.55
retrieving revision 1.59
diff -u -r1.55 -r1.59
--- openbsd/update_openbsd/update_openbsd	2013/12/28 02:56:24	1.55
+++ openbsd/update_openbsd/update_openbsd	2014/01/22 06:44:53	1.59
@@ -1,5 +1,5 @@
 #!/bin/sh
-# $AFresh1: update_openbsd,v 1.54 2013/12/28 02:55:28 andrew Exp $
+# $AFresh1: update_openbsd,v 1.58 2013/12/31 18:46:59 andrew Exp $
 # 
 # Copyright (c) 2012 Andrew Fresh <andrew@afresh1.com>
 #
@@ -234,10 +234,12 @@
     done
 
     local _type
+    local _ftp
     for _type in $CHECKSUM_TYPES; do
         [ -e $_type ] && break
-        echo "===> $FTP_CMD ${FTP}/$_type"
-        $FTP_CMD ${FTP}/$_type
+        _ftp=`echo "$FTP" | sed -e 's,://[^/]*/,://ftp.openbsd.org/,'`
+        echo "===> $FTP_CMD ${_ftp}/$_type"
+        $FTP_CMD ${_ftp}/$_type
     done
 }
 
@@ -263,9 +265,28 @@
         return 1
     fi
 
-    ls bsd* *gz | sed -e 's/\(.*\)/(\1)/' > index 
-    grep -f index $_type | sum -c
+    local _nv=`echo $NEW_VER | sed -e 's/\.//'`
+    local _signify=`which signify`
+    local _keyfile=/etc/signify/${_nv}base.pub 
+    local _b _s
 
+    (
+        for _b in $INSTALL_KERNELS; do echo "($_b)"        ; done
+        for _s in $INSTALLED_SETS;  do echo "($_s$_nv.tgz)"; done
+    ) > index
+    
+
+    if [ -n "$_signify" -a "$_type" != "${_type%.sig}" ]; then
+        echo "===> Checking signature";
+        if [ ! -e $_keyfile ]; then
+            echo "key [$_keyfile] does not exist, cannot check $_type" >&2
+            return 2
+        fi
+        signify -V -e -p $_keyfile -x $_type -m - | grep -f index | sum -c -
+    else
+       grep -f index $_type | sum -c
+    fi
+
     if [ $? -ne 0 ]; then
         echo ERROR: $_type does not match! >&2
         return 1
@@ -315,10 +336,12 @@
     local _type
     for _type in $CHECKSUM_TYPES; do
         if [ -e $_type ]; then
-            check_sum $_type
-            [ $? -ne 0 -a -z "$IGNORE_CHECKSUM_ERROR" ] && exit 1
+            check_sum $_type && break
+            [ -z "$IGNORE_CHECKSUM_ERROR" ] || exit 1
         fi
     done
+
+    return 0
 }
 
 
@@ -487,7 +510,7 @@
 
 INSTALLED_SETS=${INSTALLED_SETS:=`installed_sets`}
 
-CHECKSUM_TYPES=${CHECKSUM_TYPES:=SHA256 MD5}
+CHECKSUM_TYPES=${CHECKSUM_TYPES:=SHA256.sig SHA256}
 
 set_version
 local _error=$?