threshold git sig support with method backend

This commit is contained in:
Lance Vick 2020-11-16 03:36:19 -08:00
parent fa61f1112c
commit 4e2f70af46
Signed by: lrvick
GPG Key ID: 8E47A1EC35A1551D
3 changed files with 36 additions and 28 deletions

View File

@ -1,16 +1,16 @@
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+yX8YACgkQjkeh7DWh iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+yZBsACgkQjkeh7DWh
VR0iXhAAjDDgwMPi0BnzqcqCewpqmvlbM8XnqE6sjRI1PSfyjV+D0oCwNdpjVZgY VR2DqA/9FIc1IgqyiwL3+kA5SnfHDC73WdKLP0g2SZbdwxhlW4ZZCgiEKBRcUZte
rH8V/6g+aT0V8n3PprAzJPVZD2L7Infh4QkxX/LjHdV27U1YqDiwh/MuHmkmBlkL 4fVop+fR9GNEZmqNlUHUe4ijBnpcW+xgAu2EenGxdmDjQitnMs8ujnbRMp1ug1QE
E/2L11XfyoyiOq021sRO2jgVjfFYTHVd5z96EJFtMEwuehdMFxujJA5hYoPinjrc Qj9yDiDmOuOHAfuv3s2z/Vx2XFunn/XxE5vzgkzwb99LxcafOC+zyNzKfc3hpZ5W
iBNT2yP5a1gMVSV1XxXbLvGBmAByHY14lExo+eVEwnAmbxe9G9tGmE//suC3erjt YjP7KI/q6w7QFN6qRjoRvbYKQjXuMENkt1NR7fKFXnnFPWq58tWtcjM5DP89p9wD
t9nsB7/9U61TT1tF+xgVDjwyekjmHQejh3eebCBzyle8RS1RANxElFwgWNC/GUHD HOmEMSWwQlmSB7tIvoqshpLGYVyjLHCADIwsXutoSl0XPOgvtAkm/DO5ud8sWIgh
EYoaXWkR6DJjqFRXyNvowDdXBxgFedSsABc75mZaXXQ1wLeG9ZIALJAwL5jb8+sA NM0eruBqz9tVc0mUyrm6UXRLIfbnGBtOp6zqGPHLwdxPLYsVg+9VG7/XiHkILjHP
aSOnKkbUbE1s0Fiz64fIm19lFGqXIINWyW1zzSuun8Qy6smoOpmuoVhQsuT2MMiL rEJQrWnbg1vfmfHrLK6qc6rZjlxTmmk+ZN5JwZwLbBjCn4oGO7sjIQNjTD2F8VeA
mm2BHJKzzyAQzK2a9V9foRI8Xsz/kruYkQtJTqpt33TKR4L0fpu97XuaqKkd4Mhy p8O7p9GZCej4aS9j14RHMd/j7kLFHA0Kffu6D4djfXyZmV8aK9fdMZ6bZowHRxud
pZLJvERK4PpQGXgldwFzGYEI5tHimXJfq46hovuKXwZag1tlqIPug8XY0BIKI7lO 66/XdI/jLJsjt/oYMPMaoez9htD31XYOLBXf7BuX+8xjBpw2J9dKLXs5XOJQ1VGC
MyKY0YXh2nIzSxsfKWpR2t4DjZp3eOkpYtdCE81xLDW3jJtHK60UHORYGDSqVwTs UM8JgzROwWcDHaJxw5hwwJIDDYE50nnndJRMCKr6ElnYq29KEY87b3R/21F8CXgH
VMaaZc7VePds657kjyy+Qxfje2aDK4kB2KPNgx32l0NA4WVKfdQ= Bh+LBgH7NMpg4x8zkTFdZwsAYMCsiHzkFOisDG2IKjoq7NkAXGU=
=L1Lc =0W8T
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----

View File

@ -1,2 +1,2 @@
64263feac7b00952e9ec3b6c1fd11316faa58ff673c6bd085fac9f6f8d8389f6 .gitignore 64263feac7b00952e9ec3b6c1fd11316faa58ff673c6bd085fac9f6f8d8389f6 .gitignore
994f504acaa5d89c312494d45e8f1b66f32c749e58d42b15d58b44f217e912b9 sig 03bc3d3bbd3a4831a7d8b05c42fa1404c6672a15f7d749765a96bb725c1a4752 sig

26
sig
View File

@ -121,8 +121,8 @@ get_signer(){
### Verify a file has 0-N unique valid detached signatures ### Verify a file has 0-N unique valid detached signatures
### Optionally verify all signatures belong to keys in gpg alias group ### Optionally verify all signatures belong to keys in gpg alias group
verify_file() { verify_detached() {
[ $# -eq 3 ] || die "Usage: verify_file <threshold> <group> <file>" [ $# -eq 3 ] || die "Usage: verify_detached <threshold> <group> <file>"
local threshold="${1}" local threshold="${1}"
local group="${2}" local group="${2}"
local filename="${3}" local filename="${3}"
@ -213,24 +213,32 @@ cmd_manifest() {
} }
cmd_verify() { cmd_verify() {
local opts min=1 group="" local opts threshold=1 group="" method=""
opts="$(getopt -o m:g: -l min:,group: -n "$PROGRAM" -- "$@")" opts="$(getopt -o t:g:m: -l threshold:,group:,method: -n "$PROGRAM" -- "$@")"
eval set -- "$opts" eval set -- "$opts"
while true; do case $1 in while true; do case $1 in
-m|--min) min="$2"; shift 2 ;; -t|--threshold) threshold="$2"; shift 2 ;;
-g|--group) group="$2"; shift 2 ;; -g|--group) group="$2"; shift 2 ;;
-m|--method) method="$2"; shift 2 ;;
--) shift; break ;; --) shift; break ;;
esac done esac done
if ( [ -z "$method" ] || [ "$method" == "git" ] ); then
if [ "$method" == "git" ]; then
command -v git >/dev/null 2>&1 \
|| die "Error: method 'git' specified and git is not installed"
fi
command -v git >/dev/null 2>&1 \ command -v git >/dev/null 2>&1 \
&& ( [ -d .git ] || git rev-parse --git-dir > /dev/null 2>&1 ) \ && ( [ -d .git ] || git rev-parse --git-dir > /dev/null 2>&1 ) \
&& verify_git "${min}" "${group}" && verify_git "${threshold}" "${group}"
fi
#TODO: if git and if invalid: show diff against last valid version if ( [ -z "$method" ] || [ "$method" == "detached" ] ); then
( [ -d ".${PROGRAM}" ] && ls .${PROGRAM}/*.asc >/dev/null 2>&1 ) \ ( [ -d ".${PROGRAM}" ] && ls .${PROGRAM}/*.asc >/dev/null 2>&1 ) \
|| die "Error: No signatures" || die "Error: No signatures"
cmd_manifest cmd_manifest
verify_file "${min}" "${group}" .${PROGRAM}/manifest.txt verify_detached "${threshold}" "${group}" .${PROGRAM}/manifest.txt
fi
} }
cmd_add(){ cmd_add(){
@ -260,7 +268,7 @@ cmd_usage() {
cmd_version cmd_version
cat <<-_EOF cat <<-_EOF
Usage: Usage:
$PROGRAM verify [--group=<group>,-g <group>] [--min=<N>,-m <N>] $PROGRAM verify [-g,--group=<group>] [-t,--threshold=<N>] [-m,--method=<git|detached> ]
Verify m-of-n signatures by given group are present for directory Verify m-of-n signatures by given group are present for directory
$PROGRAM add $PROGRAM add
Add signature to manifest for this directory Add signature to manifest for this directory