2 files changed, 50 insertions, 1 deletions
diff --git a/Makefile b/Makefile
index 38d1a78..d8c159d 100644
--- a/Makefile
+++ b/Makefile
@@ -2,7 +2,7 @@
 # basic build sequence before we start messing with packaging scripts,
 # version numbers, and other forms of entertainment.  Expect changes.
 
-all: bitstream elves
+all: bitstream elves package
 
 bitstream:
 	cd core/platform/alpha/build; ${MAKE}
@@ -10,6 +10,16 @@ bitstream:
 elves:
 	cd sw/stm32; ${MAKE} bootloader hsm
 
+PACKAGE_FILES =	sw/stm32/projects/bootloader/bootloader.bin	\
+		sw/stm32/projects/bootloader/bootloader.elf	\
+		sw/stm32/projects/hsm/hsm.bin	\
+		sw/stm32/projects/hsm/hsm.elf	\
+		core/platform/alpha/build/alpha_fmc.bit
+
+package: bitstream elves
+	python build-package.py package.tar ${PACKAGE_FILES}
+	gzip -9f package.tar
+
 clean:
 	git clean -dfx
 	git submodule foreach git clean -dfx
diff --git a/build-package.py b/build-package.py
new file mode 100644
index 0000000..ae7b0b1
--- /dev/null
+++ b/build-package.py
@@ -0,0 +1,39 @@
+#!/usr/bin/env python
+
+import subprocess
+import tempfile
+import argparse
+import hashlib
+import tarfile
+import json
+
+parser = argparse.ArgumentParser()
+parser.add_argument("tarfile", type = argparse.FileType("wb"), help = "tarball to create")
+parser.add_argument("firmware", nargs = "+", help = "firmware files to stuff into tarball")
+args = parser.parse_args()
+
+tar = tarfile.TarFile(mode = "w", fileobj = args.tarfile)
+
+status = [line.split() for line in subprocess.check_output(("git", "submodule", "status")).splitlines()]
+sha256 = {}
+
+for fn in args.firmware:
+    with open(fn, "rb") as f:
+        sha256[fn] = hashlib.sha256(f.read()).hexdigest()
+    tar.add(fn)
+
+# export GNUPGHOME := /home/aptbot/gnupg
+# --no-default-keyring --keyring isc-pubring.gpg --secret-keyring isc-secring.gpg
+
+with tempfile.NamedTemporaryFile() as f:
+    gpg = subprocess.Popen(("gpg", "--clearsign", "--no-default-keyring", 
+                            "--keyring",        "/home/aptbot/gnupg/pubring.gpg",
+                            "--secret-keyring", "/home/aptbot/gnupg/secring.gpg",
+                            "--trustdb-name",   "/home/aptbot/gnupg/trustdb.gpg",
+                            "--no-random-seed-file", "--no-permission-warning",
+                            "--personal-digest-preferences", "SHA256"),
+                           stdin = subprocess.PIPE, stdout = f)
+    json.dump(dict(commits = status, sha256  = sha256), gpg.stdin, indent = 2)
+    gpg.stdin.close()
+    gpg.wait()
+    tar.add(f.name, "+MANIFEST")