diff --git a/.sig/manifest.8E47A1EC35A1551D.asc b/.sig/manifest.8E47A1EC35A1551D.asc index 2644026..81015f9 100644 --- a/.sig/manifest.8E47A1EC35A1551D.asc +++ b/.sig/manifest.8E47A1EC35A1551D.asc @@ -1,16 +1,16 @@ -----BEGIN PGP SIGNATURE----- -iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+0bicACgkQjkeh7DWh -VR3DyxAAlwmJxFCA/l4luZPHRzTSVuyLSSPc7E2+p696a6SjK63mobsyr/MdyMNN -U8933/5Se7HZvV4SfAwYbVABkZOxBU+N/2p06LJ2KgqTmbyoNRDM5FBu+aU2NNWw -ddHIlFdObBQvJ5jorFGwkcWNCmNSxZ2LlZzn/qCrIymG+jyt71pRjFbJpiMJGj1p -kNuGXwDtzg4XtGKGNfZJIoTMvYo4dFfw6pYJn/OS8cufhsh15ocgLiE3SHstiNqM -+cRQ//pRNnT6Q/J3idGgBqXl9S8CXzgJkUosIPY5vUZUrKNdcmE4jIcMrk8zKP5Q -b31odCE2Qvakh+psWi2Xrf2sIA2IYLZ35UKN4E//LXaLdaaycGrl70QP2Cy/LFYC -qdne2qzvSU7WJ1PBFuJVrqXUZIlJrjJROJFg44qOdSb1YFw0q36lTZ4bC++8bRh6 -9Lc8kHhJesdYl9866PBwEHKZ4vv1Bb/l2ySlgsS2qDKDhyl+Y7NpXNFkPmHQIIc6 -mRxo7uHyRS+4EkI7GcwxP+nP5jg0AI/+7Mdclc9YcD433nuhjBgh3zjSAASHOENI -dbsdlxvDF9AWa+RddliIJmARUAwwXQgc8PzmHt+lQntt8m+JiJK+2vaCKTb4ANOQ -eBQX4vhfZgaKwj4jWxvVGHlAkR/TguBY/NqFJj9BNKsMmvM5eiw= -=ORZ0 +iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+1YpAACgkQjkeh7DWh +VR2wWRAAieouX51DLRxoIYjmRQSCYnyeJUe1yrT9J9XM/iVpK+5xX2yXOMO2vz0f +1LoPVp1Wg5rjN+48Qfm4TvSMLNFg6cLtNQc+KymqzR9DK4N7HMXE1cPKCVcdkBau +hW+wh34H0U3oDgZrMNm0B0jONp2bB3k73GV8EFHrpGCmOeZYfRclmDiPqQm1SCwU ++exqC1xBD8tHF1eID7oLs7xbRbpYIj1ytLVvvfqpW9pVp6OcfEramy/czMZinzq5 +K+5jPqNNQo5i3Bv+r0aqQOq0sIB5NTaMcQv3qtc/r6CInz5N4PQtXyG/0p1ySGTt +gm8qhMuSkvcFuCEecUMRxw7r7H44qpdgsSAvTmeRPWzwC5bLH/mZ/T1lljfvDohc +bAwm8UTS01UJtnCZW35QIDTyo+EXN9qJrO+u9uirQNmeHsLHnlD6Jz41hDRxB9My +AOtUsoNND//rRXGHBj/iJzuzRkmhTr7JDhgpbYnp6afg5t02nNM973C8NbO7kRIg +H5298Egy1NCxvOB43t7FORMawwI1Ty1HR9+95STA8gZtqo9Bk52wkCN586aR8tsh +SukX3UPJ1mzAtCzmcH2LUUeF9d7BuWGSrX5/vc8FcXeAevMKNK/yFI2Ll3dTmVLC +TgcgsvprhOnrZEdTTKvtA9JXTk/T9h8zH/O+VSLyog5FDhEcm8k= +=Fxj8 -----END PGP SIGNATURE----- diff --git a/.sig/manifest.txt b/.sig/manifest.txt index da0a30d..d3f42b5 100644 --- a/.sig/manifest.txt +++ b/.sig/manifest.txt @@ -1,3 +1,3 @@ 64263feac7b00952e9ec3b6c1fd11316faa58ff673c6bd085fac9f6f8d8389f6 .gitignore f19d267e4aa6bf82d5416891697a2a81a574efdddecf5c54e3a8a77c207013fa README.md -9188d59457ca4f71a6cb94ca1c3bd7ba5ac5515b1c06793b35f0482dca727de3 sig +bf3492ca7625d9ac199678cf2828253e5968a87c5c444ec92e2a90ed1cbbac49 sig diff --git a/sig b/sig index ac27a21..74483d9 100755 --- a/sig +++ b/sig @@ -1,10 +1,10 @@ #! /usr/bin/env bash set -e -MIN_BASH_VERSION=4 -MIN_GPG_VERSION=2.2 -MIN_OPENSSL_VERSION=1.1 -MIN_GETOPT_VERSION=2.33 +readonly MIN_BASH_VERSION=4 +readonly MIN_GPG_VERSION=2.2 +readonly MIN_OPENSSL_VERSION=1.1 +readonly MIN_GETOPT_VERSION=2.33 ## Private Functions @@ -16,8 +16,8 @@ die() { ### Bail and instruct user on missing package to install for their platform die_pkg() { - local package=${1?} - local version=${2?} + local -r package=${1?} + local -r version=${2?} local install_cmd case "$OSTYPE" in linux*) @@ -71,17 +71,17 @@ check_version(){ local pkg="${1?}" local have="${2?}" local need="${3?}" - [[ "$have" == "$need" ]] && return 0 - local IFS=. - local i ver1=($have) ver2=($need) - for ((i=${#ver1[@]}; i<${#ver2[@]}; i++)); - do ver1[i]=0; - done - for ((i=0; i<${#ver1[@]}; i++)); do - [[ -z ${ver2[i]} ]] && ver2[i]=0 - ((10#${ver1[i]} > 10#${ver2[i]})) && return 0 - ((10#${ver1[i]} < 10#${ver2[i]})) && die_pkg "${pkg}" "${need}" - done + [[ "$have" == "$need" ]] && return 0 + local IFS=. + local i ver1=($have) ver2=($need) + for ((i=${#ver1[@]}; i<${#ver2[@]}; i++)); + do ver1[i]=0; + done + for ((i=0; i<${#ver1[@]}; i++)); do + [[ -z ${ver2[i]} ]] && ver2[i]=0 + ((10#${ver1[i]} > 10#${ver2[i]})) && return 0 + ((10#${ver1[i]} < 10#${ver2[i]})) && die_pkg "${pkg}" "${need}" + done } ### Check if required binaries are installed at appropriate versions @@ -124,7 +124,7 @@ get_files(){ ### Get primary UID for a given fingerprint get_uid(){ - local fp="${1?}" + local -r fp="${1?}" gpg --list-keys --with-colons "${fp}" 2>&1 \ | awk -F: '$1 == "uid" {print $10}' \ | head -n1 @@ -132,7 +132,7 @@ get_uid(){ ### Get primary fingerprint for given search get_primary_fp(){ - local search="${1?}" + local -r search="${1?}" gpg --list-keys --with-colons "${search}" 2>&1 \ | awk -F: '$1 == "fpr" {print $10}' \ | head -n1 @@ -140,7 +140,7 @@ get_primary_fp(){ ### Get fingerprint for a given pgp file get_file_fp(){ - local filename="${1?}" + local -r filename="${1?}" gpg --list-packets "${filename}" \ | grep keyid \ | sed 's/.*keyid //g' @@ -148,42 +148,42 @@ get_file_fp(){ ### Get raw gpgconf group config group_get_config(){ - local -r config=$(gpgconf --list-options gpg | grep ^group) - printf '%s' "${config##*:}" + local -r config=$(gpgconf --list-options gpg | grep ^group) + printf '%s' "${config##*:}" } ### Add fingerprint to a given group group_add_fp(){ - local fp=${1?} - local group_name=${2?} + local -r fp=${1?} + local -r group_name=${2?} + local -r config=$(group_get_config) local group_names=() local member_lists=() - local name member_list config i data - local -r config=$(group_get_config) + local name member_list config i data - while IFS=' =' read -rd, name member_list; do - group_names+=("${name:1}") - member_lists+=("$member_list") - done <<< "$config," + while IFS=' =' read -rd, name member_list; do + group_names+=("${name:1}") + member_lists+=("$member_list") + done <<< "$config," printf '%s\n' "${group_names[@]}" \ | grep -w "${group_name}" \ || group_names+=("${group_name}") - for i in "${!group_names[@]}"; do - [ "${group_names[$i]}" == "${group_name}" ] \ - && member_lists[$i]="${member_lists[$i]} ${fp}" - data+=$(printf '"%s = %s,' "${group_names[$i]}" "${member_lists[$i]}") - done + for i in "${!group_names[@]}"; do + [ "${group_names[$i]}" == "${group_name}" ] \ + && member_lists[$i]="${member_lists[$i]} ${fp}" + data+=$(printf '"%s = %s,' "${group_names[$i]}" "${member_lists[$i]}") + done - echo "Adding key \"${fp}\" to group \"${group_name}\"" - printf 'group:0:%s' "${data%?}" \ - | gpgconf --change-options gpg >/dev/null 2>&1 + echo "Adding key \"${fp}\" to group \"${group_name}\"" + printf 'group:0:%s' "${data%?}" \ + | gpgconf --change-options gpg >/dev/null 2>&1 } ### Get fingerprints for a given group group_get_fps(){ - local group_name=${1?} + local -r group_name=${1?} gpg --with-colons --list-config group \ | grep -i "^cfg:group:${group_name}:" \ | cut -d ':' -f4 @@ -192,9 +192,9 @@ group_get_fps(){ ### Check if fingerprint belongs to a given group ### Give user option to add it if they wish group_check_fp(){ - local fp=${1?} - local group_name=${2?} - local -r group_fps=$( group_get_fps "${group_name}" ) + local -r fp=${1?} + local -r group_name=${2?} + local -r group_fps=$(group_get_fps "${group_name}") local -r uid=$(get_uid "${fp}") if [ -z "$group_fps" ] \ @@ -220,13 +220,10 @@ group_check_fp(){ ### Optionally verify all signatures belong to keys in gpg alias group verify_detached() { [ $# -eq 3 ] || die "Usage: verify_detached " - local threshold="${1}" - local group="${2}" - local filename="${3}" - local sig_count=0 - local seen_fps="" - local fp - local uid + local -r threshold="${1}" + local -r group="${2}" + local -r filename="${3}" + local fp uid sig_count=0 seen_fps="" for sig_filename in "${filename%.*}".*.asc; do gpg --verify "${sig_filename}" "${filename}" >/dev/null 2>&1 || { @@ -259,11 +256,9 @@ verify_detached() { ### Optionally verify all signatures belong to keys in gpg alias group verify_git(){ [ $# -eq 2 ] || die "Usage: verify_git " - local threshold="${1}" - local group="${2}" - local seen_fps="" - local sig_count=0 - local depth=0 + local -r threshold="${1}" + local -r group="${2}" + local seen_fps="" sig_count=0 depth=0 while [[ $depth != "$(git rev-list --count HEAD)" ]]; do ref=HEAD~${depth} @@ -378,7 +373,7 @@ cmd_usage() { check_tools head cut find sort sed getopt gpg openssl # Allow entire script to be namespaced based on filename -PROGRAM="${0##*/}" +readonly PROGRAM="${0##*/}" # Export public sub-commands case "$1" in