typos. variable scoping

This commit is contained in:
Lance Vick 2020-11-17 15:56:39 -08:00
parent 07ca1b2c09
commit 23562cde12
Signed by: lrvick
GPG Key ID: 8E47A1EC35A1551D
4 changed files with 25 additions and 24 deletions

View File

@ -1,16 +1,16 @@
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+0X2UACgkQjkeh7DWh iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+0YykACgkQjkeh7DWh
VR0adA//T6GKxXV5fagaH/2rba/+/AzeRzPo4rKooT3kEC05LK95AMig3K83ztHo VR2UOhAAnjdxq5e17AGa+VRS3JOqiv8moPvLiYZMILnaxzJUFJwTcV4Fu4SEjBL/
D/cQengjdajSYXjJniVCY1IXXtfNAcCLIPgfYHQirGWLQy4hERSkFeVVeq0ZCMMd /BzZemxbwRQMnwcI9FiqRYfN6wB8SkoN6TakD6NDag9ARRdL6VDRLRE9w3xGRD+M
7Pjag6wNCXukEZjLRCiZyyIfaYlN7IdEBS8fvRDoN3HWEvJldlOkHgaAkquKb+Ll kcCD5fdR1d9MOx4bomvkNJzLEzStvyTjoH7LICZINCMIlzOM9jB3Rbw7/ZnsmGg8
MPRvpB2pDeTi2o8PUKVDqUaqVPRRjYqudsKqqfl2kVxLH3wEd7ES0kBRjjlGHV8h t9kOP/Nf7b+cOTTUaymeluZji4Xf3i9/GgK5QEByV+P0ggq71VBgVvRFaKC8Qk2/
iV3lDM0qA1tVc50mw187qdN5ENxEDWp8OxNX9K0g3og2Z4/8ZUyrJOk2jfE5am1A bK4iFpn/d3eRWlB/PIcPNFnrlVBoePbNdKuFuRKD7lvxoCN1tJVsWVXdexnRNN1j
rocYoxw4xTyktWHsJWeYJcXeVS5p7vY3NHZD4Db/G/vRjAK4k6BGuYe1JaVh/p8h OVBFluCHCumL+y3DgtmNqrA0PihbAlQyCl8D3RjQvbqwCxazfSnrtv2uOW8jUj/M
OAwNVRbbMddsJXQXUCv+74zTKhvEtqWAh+gH349pkmrt72DblDNYSNrLlnt1CJmV GMvbrJ/jGXqc6EYPQljxxgHPc5XhZLEHbJ0nPYo+dEjiUPF2JhMF/o7JHWFlVSrs
bGnfTVEgRqVzBMZyhHIj2GAHfHoa/8OOq3Ph135YZ9/ZhWGE86zqt8kIv7MuL9At 5RhvZfpxfQOrxpWlUOyJTOoQGGb/tT0hDB/xrRvedW31hLjpqrSzNPmPmCOpWABl
Yp0QW+3Ocsl8EDjBMnlVZ72pcuHsmRjijOMJahFFZHrML28WzQH34iMLwihQC1OC GCiY09MX284oN2gZOshoBPNWFphzzLb4aDEDzLjFuOa9X0HRohs13rG619nIzchB
pOJSu22UYkhKp5I2MJtFe93/feRl+KsrF2P8LpaZ1baecY2dhubminy4NBtpv9PL 2l0Q1UC+N8sRvr331yuFKlvQIoBbiS7GVRnpv47xoK+056FP4FxHFqhk+qN9S+uo
oZHVIA42M/Ebk5Z/g9Iknx4hdiA/hQUMe8zJ/wP7/QvxXb4CNzY= px2BFGmgCN5trQLaVcCBD4yPzWacSaIkLoguh3svGjz8yuUg/Ns=
=Ah1n =T6my
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----

View File

@ -1,3 +1,3 @@
64263feac7b00952e9ec3b6c1fd11316faa58ff673c6bd085fac9f6f8d8389f6 .gitignore 64263feac7b00952e9ec3b6c1fd11316faa58ff673c6bd085fac9f6f8d8389f6 .gitignore
96bdf717daff77951303378d9abba4857a28bae1738fe8e2536680c6735819be README.md a879b0beb9cf169a5af7b3b643609a84c0ec38b1627be6ebf6f4bbeb46e571b5 README.md
e02b0ef74b361497249967dd13477c988c602a187d76d610c05f9193eaec6cb4 sig 9188d59457ca4f71a6cb94ca1c3bd7ba5ac5515b1c06793b35f0482dca727de3 sig

View File

@ -70,7 +70,7 @@ This method verifies a git repo contains signed commits by one or more authors.
If 'threshold' is specified, it searches history until enough unique signatures If 'threshold' is specified, it searches history until enough unique signatures
are found to satisify the threshold, ensuring all commits between are signed. are found to satisify the threshold, ensuring all commits between are signed.
If 'group' is specified, all signatures must be by keys that belong to a If 'group' is specified, all signatures must be from keys that belong to a
defined gpg alias group. defined gpg alias group.
Note: this only proves the history had multiple participants, but not that Note: this only proves the history had multiple participants, but not that
@ -128,8 +128,9 @@ sig add
### Why Bash? ### Why Bash?
Because it is easy to quickly verify at any time, has wide OS compatibility andthe majority of the needed operations are calling other programs already on Because it is easy to quickly verify at any time, has wide OS compatibility and
your system like gpg and openssl. the majority of the needed operations are calling other programs already on
most systems like gpg and openssl.
If this were in another language it would be harder to audit on the fly, would If this were in another language it would be harder to audit on the fly, would
require the user to have a specific language toolchain installed, and it would require the user to have a specific language toolchain installed, and it would
@ -155,5 +156,5 @@ stable future.
See: https://sequoia-pgp.org/ See: https://sequoia-pgp.org/
The only promising alternative to GnuPG for software signing that has hsm The only promising alternative to GnuPG for software signing that has hsm
support and the very attractive feature of expiring signatures is [The Update Framework](https://theupdateframework.io) which may be supported as an alternate support and the very attractive feature of expiring signatures is [The Update Framework](https://theupdateframework.io) which may be supported as an alternate method in the future
method in the future if m-of-n multisig is ever implemented. if m-of-n multisig is ever implemented.

8
sig
View File

@ -159,8 +159,8 @@ group_add_fp(){
local group_names=() local group_names=()
local member_lists=() local member_lists=()
local name member_list config i data local name member_list config i data
local -r config=$(group_get_config)
config=$(group_get_config)
while IFS=' =' read -rd, name member_list; do while IFS=' =' read -rd, name member_list; do
group_names+=("${name:1}") group_names+=("${name:1}")
member_lists+=("$member_list") member_lists+=("$member_list")
@ -194,8 +194,8 @@ group_get_fps(){
group_check_fp(){ group_check_fp(){
local fp=${1?} local fp=${1?}
local group_name=${2?} local group_name=${2?}
local group_fps; group_fps=$( group_get_fps "${group_name}" ) local -r group_fps=$( group_get_fps "${group_name}" )
local uid; uid=$(get_uid "${fp}") local -r uid=$(get_uid "${fp}")
if [ -z "$group_fps" ] \ if [ -z "$group_fps" ] \
|| [[ "${group_fps}" != *"${fp}"* ]]; then || [[ "${group_fps}" != *"${fp}"* ]]; then
@ -337,7 +337,7 @@ cmd_verify() {
cmd_add(){ cmd_add(){
cmd_manifest cmd_manifest
gpg --armor --detach-sig ."${PROGRAM}"/manifest.txt >/dev/null 2>&1 gpg --armor --detach-sig ."${PROGRAM}"/manifest.txt >/dev/null 2>&1
local fp; fp=$( \ local -r fp=$( \
gpg --list-packets ."${PROGRAM}"/manifest.txt.asc \ gpg --list-packets ."${PROGRAM}"/manifest.txt.asc \
| grep "issuer key ID" \ | grep "issuer key ID" \
| sed 's/.*\([A-Z0-9]\{16\}\).*/\1/g' \ | sed 's/.*\([A-Z0-9]\{16\}\).*/\1/g' \