From bbd53d6d7d803cd02afd6d26b0ad4ed3266bd21b Mon Sep 17 00:00:00 2001
From: Peter Eckersley <pde@eff.org>
Date: Sun, 10 Jan 2016 23:15:29 -0800
Subject: [PATCH] Ensure we have an leauto signature before releasing

---
 tools/release.sh | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/tools/release.sh b/tools/release.sh
index 2d427d49d..61506f79e 100755
--- a/tools/release.sh
+++ b/tools/release.sh
@@ -81,11 +81,18 @@ if [ "$RELEASE_BRANCH" != "candidate-$version" ] ; then
 fi
 git checkout "$RELEASE_BRANCH"
 
-if ! openssl dgst -sha1 -verify $RELEASE_OPENSSL_KEY -signature \
+# ensure we have the latest built version of leauto
+letsencrypt-auto-source/build.py
+
+# and that it's signed correctly
+if ! openssl dgst -sha256 -verify $RELEASE_OPENSSL_KEY -signature \
         letsencrypt-auto-source/letsencrypt-auto.sig \
         letsencrypt-auto-source/letsencrypt-auto            ; then
    echo Failed letsencrypt-auto signature check on "$RELEASE_BRANCH"
    echo please fix that and re-run
+   exit 1
+else
+    echo Signature check on letsencrypt-auto successful
 fi