===================================================================
RCS file: /cvs/openbsd/update_openbsd/update_openbsd,v
retrieving revision 1.58
retrieving revision 1.59
diff -u -r1.58 -r1.59
--- openbsd/update_openbsd/update_openbsd	2013/12/31 18:46:59	1.58
+++ openbsd/update_openbsd/update_openbsd	2014/01/22 06:44:53	1.59
@@ -1,5 +1,5 @@
 #!/bin/sh
-# $AFresh1: update_openbsd,v 1.57 2013/12/31 18:42:31 andrew Exp $
+# $AFresh1: update_openbsd,v 1.58 2013/12/31 18:46:59 andrew Exp $
 # 
 # Copyright (c) 2012 Andrew Fresh <andrew@afresh1.com>
 #
@@ -266,13 +266,27 @@
     fi
 
     local _nv=`echo $NEW_VER | sed -e 's/\.//'`
+    local _signify=`which signify`
+    local _keyfile=/etc/signify/${_nv}base.pub 
+    local _b _s
 
     (
         for _b in $INSTALL_KERNELS; do echo "($_b)"        ; done
         for _s in $INSTALLED_SETS;  do echo "($_s$_nv.tgz)"; done
     ) > index
-    grep -f index $_type | sum -c
+    
 
+    if [ -n "$_signify" -a "$_type" != "${_type%.sig}" ]; then
+        echo "===> Checking signature";
+        if [ ! -e $_keyfile ]; then
+            echo "key [$_keyfile] does not exist, cannot check $_type" >&2
+            return 2
+        fi
+        signify -V -e -p $_keyfile -x $_type -m - | grep -f index | sum -c -
+    else
+       grep -f index $_type | sum -c
+    fi
+
     if [ $? -ne 0 ]; then
         echo ERROR: $_type does not match! >&2
         return 1
@@ -322,10 +336,12 @@
     local _type
     for _type in $CHECKSUM_TYPES; do
         if [ -e $_type ]; then
-            check_sum $_type
-            [ $? -ne 0 -a -z "$IGNORE_CHECKSUM_ERROR" ] && exit 1
+            check_sum $_type && break
+            [ -z "$IGNORE_CHECKSUM_ERROR" ] || exit 1
         fi
     done
+
+    return 0
 }
 
 
@@ -494,7 +510,7 @@
 
 INSTALLED_SETS=${INSTALLED_SETS:=`installed_sets`}
 
-CHECKSUM_TYPES=${CHECKSUM_TYPES:=SHA256 MD5}
+CHECKSUM_TYPES=${CHECKSUM_TYPES:=SHA256.sig SHA256}
 
 set_version
 local _error=$?