--- /usr/bin/debsign    2008-04-07 19:25:17.000000000 +0100
+++ debsign.sh  2008-04-08 11:28:38.000000000 +0100
@@ -76,7 +76,7 @@

 version () {
     echo \
-"This is debsign, from the Debian devscripts package, version 2.10.24
+"This is debsign, from the Debian devscripts package, version ###VERSION###
 This code is copyright 1999 by Julian Gilbey, all rights reserved.
 This program comes with ABSOLUTELY NO WARRANTY.
 You are free to redistribute this code under the terms of the
@@ -368,19 +368,58 @@
            fi
            check_already_signed "$dsc" "dsc" || withecho signfile "$dsc" "$signas"
            dsc_md5=`md5sum $dsc | cut -d' ' -f1`
+           dsc_sha1=`sha1sum $dsc | cut -d' ' -f1`
+           dsc_sha256=`sha256sum $dsc | cut -d' ' -f1`

-           perl -i -pe 'BEGIN {
+           temp_changes=`mktemp` || {
+               echo "$PROGNAME: Unable to create temporary changes file; aborting" >&2
+               exit 1
+           }
+           cp "$changes" "$temp_changes"
+           if perl -i -pe 'BEGIN {
                '" \$dsc_file=\"$dsc\"; \$dsc_md5=\"$dsc_md5\"; "'
+               '" \$dsc_sha1=\"$dsc_sha1\"; \$dsc_sha256=\"$dsc_sha256\"; "'
                $dsc_size=(-s $dsc_file); ($dsc_base=$dsc_file) =~ s|.*/||;
-               $infiles=0;
+               $infiles=0; $insha1=0; $insha256=0; $format="";
                }
-               /^Files:/ && ($infiles=1);
-               /^\s*$/ && ($infiles=0);
+               if(/^Format:\s+(.*)/) {
+                   $format=$1;
+                   die "Unrecognised .changes format: $format\n"
+                       unless $format =~ /^\d+(\.\d+)*$/;
+                   $format+=0;
+                   die "Unsupported .changes format: $format\n"
+                       if($format > 1.8 or $format < 1.7);
+               }
+               /^Files:/ && ($infiles=1,$insha1=0,$insha256=0);
+               if(/^Checksums-Sha1:/) {$insha1=1;$infiles=0;$insha256=0;}
+               elsif(/^Checksums-Sha256:/) {
+                   $insha256=1;$infiles=0;$insha1=0;
+               } elsif(/^Checksums-.*?:/) {
+                   die "Unknown checksum format: $_\n";
+               }
+               /^\s*$/ && ($infiles=0,$insha1=0,$insha256=0);
                if ($infiles &&
                    /^ (\S+) (\d+) (\S+) (\S+) \Q$dsc_base\E\s*$/) {
                    $_ = " $dsc_md5 $dsc_size $3 $4 $dsc_base\n";
                    $infiles=0;
-               }' "$changes"
+               }
+               if ($insha1 &&
+                   /^ (\S+) (\d+) \Q$dsc_base\E\s*$/) {
+                   $_ = " $dsc_sha1 $dsc_size $dsc_base\n";
+                   $insha1=0;
+               }
+               if ($insha256 &&
+                   /^ (\S+) (\d+) \Q$dsc_base\E\s*$/) {
+                   $_ = " $dsc_sha256 $dsc_size $dsc_base\n";
+                   $insha256=0;
+               }' "$temp_changes"
+           then
+               mv "$temp_changes" "$changes"
+           else
+               rm "$temp_changes"
+               echo "$PROGNAME: Error processing .changes file (see above)" >&2
+               exit 1
+           fi

            withecho signfile "$changes" "$signas"