typos. variable scoping

This commit is contained in:
Lance Vick 2020-11-17 15:56:39 -08:00
parent 07ca1b2c09
commit 23562cde12
Signed by: lrvick
GPG Key ID: 8E47A1EC35A1551D
4 changed files with 25 additions and 24 deletions

View File

@ -1,16 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+0X2UACgkQjkeh7DWh
VR0adA//T6GKxXV5fagaH/2rba/+/AzeRzPo4rKooT3kEC05LK95AMig3K83ztHo
D/cQengjdajSYXjJniVCY1IXXtfNAcCLIPgfYHQirGWLQy4hERSkFeVVeq0ZCMMd
7Pjag6wNCXukEZjLRCiZyyIfaYlN7IdEBS8fvRDoN3HWEvJldlOkHgaAkquKb+Ll
MPRvpB2pDeTi2o8PUKVDqUaqVPRRjYqudsKqqfl2kVxLH3wEd7ES0kBRjjlGHV8h
iV3lDM0qA1tVc50mw187qdN5ENxEDWp8OxNX9K0g3og2Z4/8ZUyrJOk2jfE5am1A
rocYoxw4xTyktWHsJWeYJcXeVS5p7vY3NHZD4Db/G/vRjAK4k6BGuYe1JaVh/p8h
OAwNVRbbMddsJXQXUCv+74zTKhvEtqWAh+gH349pkmrt72DblDNYSNrLlnt1CJmV
bGnfTVEgRqVzBMZyhHIj2GAHfHoa/8OOq3Ph135YZ9/ZhWGE86zqt8kIv7MuL9At
Yp0QW+3Ocsl8EDjBMnlVZ72pcuHsmRjijOMJahFFZHrML28WzQH34iMLwihQC1OC
pOJSu22UYkhKp5I2MJtFe93/feRl+KsrF2P8LpaZ1baecY2dhubminy4NBtpv9PL
oZHVIA42M/Ebk5Z/g9Iknx4hdiA/hQUMe8zJ/wP7/QvxXb4CNzY=
=Ah1n
iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+0YykACgkQjkeh7DWh
VR2UOhAAnjdxq5e17AGa+VRS3JOqiv8moPvLiYZMILnaxzJUFJwTcV4Fu4SEjBL/
/BzZemxbwRQMnwcI9FiqRYfN6wB8SkoN6TakD6NDag9ARRdL6VDRLRE9w3xGRD+M
kcCD5fdR1d9MOx4bomvkNJzLEzStvyTjoH7LICZINCMIlzOM9jB3Rbw7/ZnsmGg8
t9kOP/Nf7b+cOTTUaymeluZji4Xf3i9/GgK5QEByV+P0ggq71VBgVvRFaKC8Qk2/
bK4iFpn/d3eRWlB/PIcPNFnrlVBoePbNdKuFuRKD7lvxoCN1tJVsWVXdexnRNN1j
OVBFluCHCumL+y3DgtmNqrA0PihbAlQyCl8D3RjQvbqwCxazfSnrtv2uOW8jUj/M
GMvbrJ/jGXqc6EYPQljxxgHPc5XhZLEHbJ0nPYo+dEjiUPF2JhMF/o7JHWFlVSrs
5RhvZfpxfQOrxpWlUOyJTOoQGGb/tT0hDB/xrRvedW31hLjpqrSzNPmPmCOpWABl
GCiY09MX284oN2gZOshoBPNWFphzzLb4aDEDzLjFuOa9X0HRohs13rG619nIzchB
2l0Q1UC+N8sRvr331yuFKlvQIoBbiS7GVRnpv47xoK+056FP4FxHFqhk+qN9S+uo
px2BFGmgCN5trQLaVcCBD4yPzWacSaIkLoguh3svGjz8yuUg/Ns=
=T6my
-----END PGP SIGNATURE-----

View File

@ -1,3 +1,3 @@
64263feac7b00952e9ec3b6c1fd11316faa58ff673c6bd085fac9f6f8d8389f6 .gitignore
96bdf717daff77951303378d9abba4857a28bae1738fe8e2536680c6735819be README.md
e02b0ef74b361497249967dd13477c988c602a187d76d610c05f9193eaec6cb4 sig
a879b0beb9cf169a5af7b3b643609a84c0ec38b1627be6ebf6f4bbeb46e571b5 README.md
9188d59457ca4f71a6cb94ca1c3bd7ba5ac5515b1c06793b35f0482dca727de3 sig

View File

@ -70,7 +70,7 @@ This method verifies a git repo contains signed commits by one or more authors.
If 'threshold' is specified, it searches history until enough unique signatures
are found to satisify the threshold, ensuring all commits between are signed.
If 'group' is specified, all signatures must be by keys that belong to a
If 'group' is specified, all signatures must be from keys that belong to a
defined gpg alias group.
Note: this only proves the history had multiple participants, but not that
@ -128,8 +128,9 @@ sig add
### Why Bash?
Because it is easy to quickly verify at any time, has wide OS compatibility andthe majority of the needed operations are calling other programs already on
your system like gpg and openssl.
Because it is easy to quickly verify at any time, has wide OS compatibility and
the majority of the needed operations are calling other programs already on
most systems like gpg and openssl.
If this were in another language it would be harder to audit on the fly, would
require the user to have a specific language toolchain installed, and it would
@ -155,5 +156,5 @@ stable future.
See: https://sequoia-pgp.org/
The only promising alternative to GnuPG for software signing that has hsm
support and the very attractive feature of expiring signatures is [The Update Framework](https://theupdateframework.io) which may be supported as an alternate
method in the future if m-of-n multisig is ever implemented.
support and the very attractive feature of expiring signatures is [The Update Framework](https://theupdateframework.io) which may be supported as an alternate method in the future
if m-of-n multisig is ever implemented.

8
sig
View File

@ -159,8 +159,8 @@ group_add_fp(){
local group_names=()
local member_lists=()
local name member_list config i data
local -r config=$(group_get_config)
config=$(group_get_config)
while IFS=' =' read -rd, name member_list; do
group_names+=("${name:1}")
member_lists+=("$member_list")
@ -194,8 +194,8 @@ group_get_fps(){
group_check_fp(){
local fp=${1?}
local group_name=${2?}
local group_fps; group_fps=$( group_get_fps "${group_name}" )
local uid; uid=$(get_uid "${fp}")
local -r group_fps=$( group_get_fps "${group_name}" )
local -r uid=$(get_uid "${fp}")
if [ -z "$group_fps" ] \
|| [[ "${group_fps}" != *"${fp}"* ]]; then
@ -337,7 +337,7 @@ cmd_verify() {
cmd_add(){
cmd_manifest
gpg --armor --detach-sig ."${PROGRAM}"/manifest.txt >/dev/null 2>&1
local fp; fp=$( \
local -r fp=$( \
gpg --list-packets ."${PROGRAM}"/manifest.txt.asc \
| grep "issuer key ID" \
| sed 's/.*\([A-Z0-9]\{16\}\).*/\1/g' \