use constants everywhere possible. consistent indentation
This commit is contained in:
parent
4756f399ee
commit
82888d6cb0
|
@ -1,16 +1,16 @@
|
||||||
-----BEGIN PGP SIGNATURE-----
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+0bicACgkQjkeh7DWh
|
iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+1YpAACgkQjkeh7DWh
|
||||||
VR3DyxAAlwmJxFCA/l4luZPHRzTSVuyLSSPc7E2+p696a6SjK63mobsyr/MdyMNN
|
VR2wWRAAieouX51DLRxoIYjmRQSCYnyeJUe1yrT9J9XM/iVpK+5xX2yXOMO2vz0f
|
||||||
U8933/5Se7HZvV4SfAwYbVABkZOxBU+N/2p06LJ2KgqTmbyoNRDM5FBu+aU2NNWw
|
1LoPVp1Wg5rjN+48Qfm4TvSMLNFg6cLtNQc+KymqzR9DK4N7HMXE1cPKCVcdkBau
|
||||||
ddHIlFdObBQvJ5jorFGwkcWNCmNSxZ2LlZzn/qCrIymG+jyt71pRjFbJpiMJGj1p
|
hW+wh34H0U3oDgZrMNm0B0jONp2bB3k73GV8EFHrpGCmOeZYfRclmDiPqQm1SCwU
|
||||||
kNuGXwDtzg4XtGKGNfZJIoTMvYo4dFfw6pYJn/OS8cufhsh15ocgLiE3SHstiNqM
|
+exqC1xBD8tHF1eID7oLs7xbRbpYIj1ytLVvvfqpW9pVp6OcfEramy/czMZinzq5
|
||||||
+cRQ//pRNnT6Q/J3idGgBqXl9S8CXzgJkUosIPY5vUZUrKNdcmE4jIcMrk8zKP5Q
|
K+5jPqNNQo5i3Bv+r0aqQOq0sIB5NTaMcQv3qtc/r6CInz5N4PQtXyG/0p1ySGTt
|
||||||
b31odCE2Qvakh+psWi2Xrf2sIA2IYLZ35UKN4E//LXaLdaaycGrl70QP2Cy/LFYC
|
gm8qhMuSkvcFuCEecUMRxw7r7H44qpdgsSAvTmeRPWzwC5bLH/mZ/T1lljfvDohc
|
||||||
qdne2qzvSU7WJ1PBFuJVrqXUZIlJrjJROJFg44qOdSb1YFw0q36lTZ4bC++8bRh6
|
bAwm8UTS01UJtnCZW35QIDTyo+EXN9qJrO+u9uirQNmeHsLHnlD6Jz41hDRxB9My
|
||||||
9Lc8kHhJesdYl9866PBwEHKZ4vv1Bb/l2ySlgsS2qDKDhyl+Y7NpXNFkPmHQIIc6
|
AOtUsoNND//rRXGHBj/iJzuzRkmhTr7JDhgpbYnp6afg5t02nNM973C8NbO7kRIg
|
||||||
mRxo7uHyRS+4EkI7GcwxP+nP5jg0AI/+7Mdclc9YcD433nuhjBgh3zjSAASHOENI
|
H5298Egy1NCxvOB43t7FORMawwI1Ty1HR9+95STA8gZtqo9Bk52wkCN586aR8tsh
|
||||||
dbsdlxvDF9AWa+RddliIJmARUAwwXQgc8PzmHt+lQntt8m+JiJK+2vaCKTb4ANOQ
|
SukX3UPJ1mzAtCzmcH2LUUeF9d7BuWGSrX5/vc8FcXeAevMKNK/yFI2Ll3dTmVLC
|
||||||
eBQX4vhfZgaKwj4jWxvVGHlAkR/TguBY/NqFJj9BNKsMmvM5eiw=
|
TgcgsvprhOnrZEdTTKvtA9JXTk/T9h8zH/O+VSLyog5FDhEcm8k=
|
||||||
=ORZ0
|
=Fxj8
|
||||||
-----END PGP SIGNATURE-----
|
-----END PGP SIGNATURE-----
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
64263feac7b00952e9ec3b6c1fd11316faa58ff673c6bd085fac9f6f8d8389f6 .gitignore
|
64263feac7b00952e9ec3b6c1fd11316faa58ff673c6bd085fac9f6f8d8389f6 .gitignore
|
||||||
f19d267e4aa6bf82d5416891697a2a81a574efdddecf5c54e3a8a77c207013fa README.md
|
f19d267e4aa6bf82d5416891697a2a81a574efdddecf5c54e3a8a77c207013fa README.md
|
||||||
9188d59457ca4f71a6cb94ca1c3bd7ba5ac5515b1c06793b35f0482dca727de3 sig
|
bf3492ca7625d9ac199678cf2828253e5968a87c5c444ec92e2a90ed1cbbac49 sig
|
||||||
|
|
105
sig
105
sig
|
@ -1,10 +1,10 @@
|
||||||
#! /usr/bin/env bash
|
#! /usr/bin/env bash
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
MIN_BASH_VERSION=4
|
readonly MIN_BASH_VERSION=4
|
||||||
MIN_GPG_VERSION=2.2
|
readonly MIN_GPG_VERSION=2.2
|
||||||
MIN_OPENSSL_VERSION=1.1
|
readonly MIN_OPENSSL_VERSION=1.1
|
||||||
MIN_GETOPT_VERSION=2.33
|
readonly MIN_GETOPT_VERSION=2.33
|
||||||
|
|
||||||
## Private Functions
|
## Private Functions
|
||||||
|
|
||||||
|
@ -16,8 +16,8 @@ die() {
|
||||||
|
|
||||||
### Bail and instruct user on missing package to install for their platform
|
### Bail and instruct user on missing package to install for their platform
|
||||||
die_pkg() {
|
die_pkg() {
|
||||||
local package=${1?}
|
local -r package=${1?}
|
||||||
local version=${2?}
|
local -r version=${2?}
|
||||||
local install_cmd
|
local install_cmd
|
||||||
case "$OSTYPE" in
|
case "$OSTYPE" in
|
||||||
linux*)
|
linux*)
|
||||||
|
@ -71,17 +71,17 @@ check_version(){
|
||||||
local pkg="${1?}"
|
local pkg="${1?}"
|
||||||
local have="${2?}"
|
local have="${2?}"
|
||||||
local need="${3?}"
|
local need="${3?}"
|
||||||
[[ "$have" == "$need" ]] && return 0
|
[[ "$have" == "$need" ]] && return 0
|
||||||
local IFS=.
|
local IFS=.
|
||||||
local i ver1=($have) ver2=($need)
|
local i ver1=($have) ver2=($need)
|
||||||
for ((i=${#ver1[@]}; i<${#ver2[@]}; i++));
|
for ((i=${#ver1[@]}; i<${#ver2[@]}; i++));
|
||||||
do ver1[i]=0;
|
do ver1[i]=0;
|
||||||
done
|
done
|
||||||
for ((i=0; i<${#ver1[@]}; i++)); do
|
for ((i=0; i<${#ver1[@]}; i++)); do
|
||||||
[[ -z ${ver2[i]} ]] && ver2[i]=0
|
[[ -z ${ver2[i]} ]] && ver2[i]=0
|
||||||
((10#${ver1[i]} > 10#${ver2[i]})) && return 0
|
((10#${ver1[i]} > 10#${ver2[i]})) && return 0
|
||||||
((10#${ver1[i]} < 10#${ver2[i]})) && die_pkg "${pkg}" "${need}"
|
((10#${ver1[i]} < 10#${ver2[i]})) && die_pkg "${pkg}" "${need}"
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
### Check if required binaries are installed at appropriate versions
|
### Check if required binaries are installed at appropriate versions
|
||||||
|
@ -124,7 +124,7 @@ get_files(){
|
||||||
|
|
||||||
### Get primary UID for a given fingerprint
|
### Get primary UID for a given fingerprint
|
||||||
get_uid(){
|
get_uid(){
|
||||||
local fp="${1?}"
|
local -r fp="${1?}"
|
||||||
gpg --list-keys --with-colons "${fp}" 2>&1 \
|
gpg --list-keys --with-colons "${fp}" 2>&1 \
|
||||||
| awk -F: '$1 == "uid" {print $10}' \
|
| awk -F: '$1 == "uid" {print $10}' \
|
||||||
| head -n1
|
| head -n1
|
||||||
|
@ -132,7 +132,7 @@ get_uid(){
|
||||||
|
|
||||||
### Get primary fingerprint for given search
|
### Get primary fingerprint for given search
|
||||||
get_primary_fp(){
|
get_primary_fp(){
|
||||||
local search="${1?}"
|
local -r search="${1?}"
|
||||||
gpg --list-keys --with-colons "${search}" 2>&1 \
|
gpg --list-keys --with-colons "${search}" 2>&1 \
|
||||||
| awk -F: '$1 == "fpr" {print $10}' \
|
| awk -F: '$1 == "fpr" {print $10}' \
|
||||||
| head -n1
|
| head -n1
|
||||||
|
@ -140,7 +140,7 @@ get_primary_fp(){
|
||||||
|
|
||||||
### Get fingerprint for a given pgp file
|
### Get fingerprint for a given pgp file
|
||||||
get_file_fp(){
|
get_file_fp(){
|
||||||
local filename="${1?}"
|
local -r filename="${1?}"
|
||||||
gpg --list-packets "${filename}" \
|
gpg --list-packets "${filename}" \
|
||||||
| grep keyid \
|
| grep keyid \
|
||||||
| sed 's/.*keyid //g'
|
| sed 's/.*keyid //g'
|
||||||
|
@ -148,42 +148,42 @@ get_file_fp(){
|
||||||
|
|
||||||
### Get raw gpgconf group config
|
### Get raw gpgconf group config
|
||||||
group_get_config(){
|
group_get_config(){
|
||||||
local -r config=$(gpgconf --list-options gpg | grep ^group)
|
local -r config=$(gpgconf --list-options gpg | grep ^group)
|
||||||
printf '%s' "${config##*:}"
|
printf '%s' "${config##*:}"
|
||||||
}
|
}
|
||||||
|
|
||||||
### Add fingerprint to a given group
|
### Add fingerprint to a given group
|
||||||
group_add_fp(){
|
group_add_fp(){
|
||||||
local fp=${1?}
|
local -r fp=${1?}
|
||||||
local group_name=${2?}
|
local -r group_name=${2?}
|
||||||
|
local -r config=$(group_get_config)
|
||||||
local group_names=()
|
local group_names=()
|
||||||
local member_lists=()
|
local member_lists=()
|
||||||
local name member_list config i data
|
local name member_list config i data
|
||||||
local -r config=$(group_get_config)
|
|
||||||
|
|
||||||
while IFS=' =' read -rd, name member_list; do
|
while IFS=' =' read -rd, name member_list; do
|
||||||
group_names+=("${name:1}")
|
group_names+=("${name:1}")
|
||||||
member_lists+=("$member_list")
|
member_lists+=("$member_list")
|
||||||
done <<< "$config,"
|
done <<< "$config,"
|
||||||
|
|
||||||
printf '%s\n' "${group_names[@]}" \
|
printf '%s\n' "${group_names[@]}" \
|
||||||
| grep -w "${group_name}" \
|
| grep -w "${group_name}" \
|
||||||
|| group_names+=("${group_name}")
|
|| group_names+=("${group_name}")
|
||||||
|
|
||||||
for i in "${!group_names[@]}"; do
|
for i in "${!group_names[@]}"; do
|
||||||
[ "${group_names[$i]}" == "${group_name}" ] \
|
[ "${group_names[$i]}" == "${group_name}" ] \
|
||||||
&& member_lists[$i]="${member_lists[$i]} ${fp}"
|
&& member_lists[$i]="${member_lists[$i]} ${fp}"
|
||||||
data+=$(printf '"%s = %s,' "${group_names[$i]}" "${member_lists[$i]}")
|
data+=$(printf '"%s = %s,' "${group_names[$i]}" "${member_lists[$i]}")
|
||||||
done
|
done
|
||||||
|
|
||||||
echo "Adding key \"${fp}\" to group \"${group_name}\""
|
echo "Adding key \"${fp}\" to group \"${group_name}\""
|
||||||
printf 'group:0:%s' "${data%?}" \
|
printf 'group:0:%s' "${data%?}" \
|
||||||
| gpgconf --change-options gpg >/dev/null 2>&1
|
| gpgconf --change-options gpg >/dev/null 2>&1
|
||||||
}
|
}
|
||||||
|
|
||||||
### Get fingerprints for a given group
|
### Get fingerprints for a given group
|
||||||
group_get_fps(){
|
group_get_fps(){
|
||||||
local group_name=${1?}
|
local -r group_name=${1?}
|
||||||
gpg --with-colons --list-config group \
|
gpg --with-colons --list-config group \
|
||||||
| grep -i "^cfg:group:${group_name}:" \
|
| grep -i "^cfg:group:${group_name}:" \
|
||||||
| cut -d ':' -f4
|
| cut -d ':' -f4
|
||||||
|
@ -192,9 +192,9 @@ group_get_fps(){
|
||||||
### Check if fingerprint belongs to a given group
|
### Check if fingerprint belongs to a given group
|
||||||
### Give user option to add it if they wish
|
### Give user option to add it if they wish
|
||||||
group_check_fp(){
|
group_check_fp(){
|
||||||
local fp=${1?}
|
local -r fp=${1?}
|
||||||
local group_name=${2?}
|
local -r group_name=${2?}
|
||||||
local -r group_fps=$( group_get_fps "${group_name}" )
|
local -r group_fps=$(group_get_fps "${group_name}")
|
||||||
local -r uid=$(get_uid "${fp}")
|
local -r uid=$(get_uid "${fp}")
|
||||||
|
|
||||||
if [ -z "$group_fps" ] \
|
if [ -z "$group_fps" ] \
|
||||||
|
@ -220,13 +220,10 @@ group_check_fp(){
|
||||||
### Optionally verify all signatures belong to keys in gpg alias group
|
### Optionally verify all signatures belong to keys in gpg alias group
|
||||||
verify_detached() {
|
verify_detached() {
|
||||||
[ $# -eq 3 ] || die "Usage: verify_detached <threshold> <group> <file>"
|
[ $# -eq 3 ] || die "Usage: verify_detached <threshold> <group> <file>"
|
||||||
local threshold="${1}"
|
local -r threshold="${1}"
|
||||||
local group="${2}"
|
local -r group="${2}"
|
||||||
local filename="${3}"
|
local -r filename="${3}"
|
||||||
local sig_count=0
|
local fp uid sig_count=0 seen_fps=""
|
||||||
local seen_fps=""
|
|
||||||
local fp
|
|
||||||
local uid
|
|
||||||
|
|
||||||
for sig_filename in "${filename%.*}".*.asc; do
|
for sig_filename in "${filename%.*}".*.asc; do
|
||||||
gpg --verify "${sig_filename}" "${filename}" >/dev/null 2>&1 || {
|
gpg --verify "${sig_filename}" "${filename}" >/dev/null 2>&1 || {
|
||||||
|
@ -259,11 +256,9 @@ verify_detached() {
|
||||||
### Optionally verify all signatures belong to keys in gpg alias group
|
### Optionally verify all signatures belong to keys in gpg alias group
|
||||||
verify_git(){
|
verify_git(){
|
||||||
[ $# -eq 2 ] || die "Usage: verify_git <threshold> <group>"
|
[ $# -eq 2 ] || die "Usage: verify_git <threshold> <group>"
|
||||||
local threshold="${1}"
|
local -r threshold="${1}"
|
||||||
local group="${2}"
|
local -r group="${2}"
|
||||||
local seen_fps=""
|
local seen_fps="" sig_count=0 depth=0
|
||||||
local sig_count=0
|
|
||||||
local depth=0
|
|
||||||
|
|
||||||
while [[ $depth != "$(git rev-list --count HEAD)" ]]; do
|
while [[ $depth != "$(git rev-list --count HEAD)" ]]; do
|
||||||
ref=HEAD~${depth}
|
ref=HEAD~${depth}
|
||||||
|
@ -378,7 +373,7 @@ cmd_usage() {
|
||||||
check_tools head cut find sort sed getopt gpg openssl
|
check_tools head cut find sort sed getopt gpg openssl
|
||||||
|
|
||||||
# Allow entire script to be namespaced based on filename
|
# Allow entire script to be namespaced based on filename
|
||||||
PROGRAM="${0##*/}"
|
readonly PROGRAM="${0##*/}"
|
||||||
|
|
||||||
# Export public sub-commands
|
# Export public sub-commands
|
||||||
case "$1" in
|
case "$1" in
|
||||||
|
|
Loading…
Reference in New Issue