threshold git sig support with method backend
This commit is contained in:
parent
fa61f1112c
commit
4e2f70af46
GPG Key ID:
8E47A1EC35A1551D
|
|
@ -1,16 +1,16 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+yX8YACgkQjkeh7DWh
|
||||
VR0iXhAAjDDgwMPi0BnzqcqCewpqmvlbM8XnqE6sjRI1PSfyjV+D0oCwNdpjVZgY
|
||||
rH8V/6g+aT0V8n3PprAzJPVZD2L7Infh4QkxX/LjHdV27U1YqDiwh/MuHmkmBlkL
|
||||
E/2L11XfyoyiOq021sRO2jgVjfFYTHVd5z96EJFtMEwuehdMFxujJA5hYoPinjrc
|
||||
iBNT2yP5a1gMVSV1XxXbLvGBmAByHY14lExo+eVEwnAmbxe9G9tGmE//suC3erjt
|
||||
t9nsB7/9U61TT1tF+xgVDjwyekjmHQejh3eebCBzyle8RS1RANxElFwgWNC/GUHD
|
||||
EYoaXWkR6DJjqFRXyNvowDdXBxgFedSsABc75mZaXXQ1wLeG9ZIALJAwL5jb8+sA
|
||||
aSOnKkbUbE1s0Fiz64fIm19lFGqXIINWyW1zzSuun8Qy6smoOpmuoVhQsuT2MMiL
|
||||
mm2BHJKzzyAQzK2a9V9foRI8Xsz/kruYkQtJTqpt33TKR4L0fpu97XuaqKkd4Mhy
|
||||
pZLJvERK4PpQGXgldwFzGYEI5tHimXJfq46hovuKXwZag1tlqIPug8XY0BIKI7lO
|
||||
MyKY0YXh2nIzSxsfKWpR2t4DjZp3eOkpYtdCE81xLDW3jJtHK60UHORYGDSqVwTs
|
||||
VMaaZc7VePds657kjyy+Qxfje2aDK4kB2KPNgx32l0NA4WVKfdQ=
|
||||
=L1Lc
|
||||
iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+yZBsACgkQjkeh7DWh
|
||||
VR2DqA/9FIc1IgqyiwL3+kA5SnfHDC73WdKLP0g2SZbdwxhlW4ZZCgiEKBRcUZte
|
||||
4fVop+fR9GNEZmqNlUHUe4ijBnpcW+xgAu2EenGxdmDjQitnMs8ujnbRMp1ug1QE
|
||||
Qj9yDiDmOuOHAfuv3s2z/Vx2XFunn/XxE5vzgkzwb99LxcafOC+zyNzKfc3hpZ5W
|
||||
YjP7KI/q6w7QFN6qRjoRvbYKQjXuMENkt1NR7fKFXnnFPWq58tWtcjM5DP89p9wD
|
||||
HOmEMSWwQlmSB7tIvoqshpLGYVyjLHCADIwsXutoSl0XPOgvtAkm/DO5ud8sWIgh
|
||||
NM0eruBqz9tVc0mUyrm6UXRLIfbnGBtOp6zqGPHLwdxPLYsVg+9VG7/XiHkILjHP
|
||||
rEJQrWnbg1vfmfHrLK6qc6rZjlxTmmk+ZN5JwZwLbBjCn4oGO7sjIQNjTD2F8VeA
|
||||
p8O7p9GZCej4aS9j14RHMd/j7kLFHA0Kffu6D4djfXyZmV8aK9fdMZ6bZowHRxud
|
||||
66/XdI/jLJsjt/oYMPMaoez9htD31XYOLBXf7BuX+8xjBpw2J9dKLXs5XOJQ1VGC
|
||||
UM8JgzROwWcDHaJxw5hwwJIDDYE50nnndJRMCKr6ElnYq29KEY87b3R/21F8CXgH
|
||||
Bh+LBgH7NMpg4x8zkTFdZwsAYMCsiHzkFOisDG2IKjoq7NkAXGU=
|
||||
=0W8T
|
||||
-----END PGP SIGNATURE-----
|
||||
|
|
|
|||
|
|
@ -1,2 +1,2 @@
|
|||
64263feac7b00952e9ec3b6c1fd11316faa58ff673c6bd085fac9f6f8d8389f6 .gitignore
|
||||
994f504acaa5d89c312494d45e8f1b66f32c749e58d42b15d58b44f217e912b9 sig
|
||||
03bc3d3bbd3a4831a7d8b05c42fa1404c6672a15f7d749765a96bb725c1a4752 sig
|
||||
|
|
|
|||
26
sig
26
sig
|
|
@ -121,8 +121,8 @@ get_signer(){
|
|||
|
||||
### Verify a file has 0-N unique valid detached signatures
|
||||
### Optionally verify all signatures belong to keys in gpg alias group
|
||||
verify_file() {
|
||||
[ $# -eq 3 ] || die "Usage: verify_file <threshold> <group> <file>"
|
||||
verify_detached() {
|
||||
[ $# -eq 3 ] || die "Usage: verify_detached <threshold> <group> <file>"
|
||||
local threshold="${1}"
|
||||
local group="${2}"
|
||||
local filename="${3}"
|
||||
|
|
@ -213,24 +213,32 @@ cmd_manifest() {
|
|||
}
|
||||
|
||||
cmd_verify() {
|
||||
local opts min=1 group=""
|
||||
opts="$(getopt -o m:g: -l min:,group: -n "$PROGRAM" -- "$@")"
|
||||
local opts threshold=1 group="" method=""
|
||||
opts="$(getopt -o t:g:m: -l threshold:,group:,method: -n "$PROGRAM" -- "$@")"
|
||||
eval set -- "$opts"
|
||||
while true; do case $1 in
|
||||
-m|--min) min="$2"; shift 2 ;;
|
||||
-t|--threshold) threshold="$2"; shift 2 ;;
|
||||
-g|--group) group="$2"; shift 2 ;;
|
||||
-m|--method) method="$2"; shift 2 ;;
|
||||
--) shift; break ;;
|
||||
esac done
|
||||
|
||||
if ( [ -z "$method" ] || [ "$method" == "git" ] ); then
|
||||
if [ "$method" == "git" ]; then
|
||||
command -v git >/dev/null 2>&1 \
|
||||
|| die "Error: method 'git' specified and git is not installed"
|
||||
fi
|
||||
command -v git >/dev/null 2>&1 \
|
||||
&& ( [ -d .git ] || git rev-parse --git-dir > /dev/null 2>&1 ) \
|
||||
&& verify_git "${min}" "${group}"
|
||||
&& verify_git "${threshold}" "${group}"
|
||||
fi
|
||||
|
||||
#TODO: if git and if invalid: show diff against last valid version
|
||||
if ( [ -z "$method" ] || [ "$method" == "detached" ] ); then
|
||||
( [ -d ".${PROGRAM}" ] && ls .${PROGRAM}/*.asc >/dev/null 2>&1 ) \
|
||||
|| die "Error: No signatures"
|
||||
cmd_manifest
|
||||
verify_file "${min}" "${group}" .${PROGRAM}/manifest.txt
|
||||
verify_detached "${threshold}" "${group}" .${PROGRAM}/manifest.txt
|
||||
fi
|
||||
}
|
||||
|
||||
cmd_add(){
|
||||
|
|
@ -260,7 +268,7 @@ cmd_usage() {
|
|||
cmd_version
|
||||
cat <<-_EOF
|
||||
Usage:
|
||||
$PROGRAM verify [--group=<group>,-g <group>] [--min=<N>,-m <N>]
|
||||
$PROGRAM verify [-g,--group=<group>] [-t,--threshold=<N>] [-m,--method=<git|detached> ]
|
||||
Verify m-of-n signatures by given group are present for directory
|
||||
$PROGRAM add
|
||||
Add signature to manifest for this directory
|
||||
|
|
|
|||
Loading…
Reference in New Issue