From 9ae18ca169c7e8778bc359538e385162a6b4574b Mon Sep 17 00:00:00 2001
From: "Lance R. Vick" <lance@lrvick.net>
Date: Thu, 12 Nov 2020 19:24:37 -0800
Subject: [PATCH] use multisig verification flow

---
 .sig/manifest.8E47A1EC35A1551D.asc | 26 +++++------
 .sig/manifest.txt                  |  2 +-
 sig                                | 74 ++++++++++--------------------
 3 files changed, 38 insertions(+), 64 deletions(-)

diff --git a/.sig/manifest.8E47A1EC35A1551D.asc b/.sig/manifest.8E47A1EC35A1551D.asc
index 32caecf..3d15de3 100644
--- a/.sig/manifest.8E47A1EC35A1551D.asc
+++ b/.sig/manifest.8E47A1EC35A1551D.asc
@@ -1,16 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 
-iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+t85AACgkQjkeh7DWh
-VR1vrA//VhXO6PH8kpNQe/fLyrIuUf4M67/oW1/wGmOmFKU8iQ26qMCFP6CtnsNP
-1mkkbUyhLeR17ktRlxR7s3Kqu1h83YTG8IpEGirGJApAbyxmB65D0iypZCxolYGy
-9exiv3gOSPsvEgpskYnL4kYyoOf6z6EH/Zlhj9nfDC62n6ZfZUQSXZWhUKKfE2d9
-OK2yEFxd3wd+If3JMnxV49+nItlymBD8avJcnSo209rXk0iHXjbK4yPvy/FoH3aR
-bgUtzckF3rQ1hmCda487TOBXVnR6NdM7x/+gApqwuODuBYluYIVjW8kvv5FdpTes
-veX5ISBitkRJuy8lvw6mbCbId2ulw7Ml/DLK/3QWWARxIN6hjRAns6wNrV9c7x3u
-D4PWcgsbB7AOIK8Ia4+YWWGEy7gVKVRNDZSm4ZaK5TpYTUh8zXwKpy3qEQJjO7nl
-Pfcf+15DT358MltcqAtYoBJCfnCtv/G4mnvLjeBopusY6letqW6TG7f7IJCEJRoO
-bHiRtWHq+lwIXTDHOXCjYhFK3HrkViEl5vEXWMmdtcVvax9i3vl/jlHHjT3XsYJY
-fV2COE7H1a1ETeUmL0E98YQdKe+3q5Y+kdRpdcxTtvH9e6yP31E0AeBX+Lbwb3Yp
-kWvmZiA4SNahhakNqgoVyvL8nQw18kpCIIrZBkFkxaKOC7PmDNo=
-=pv+J
+iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+t+2oACgkQjkeh7DWh
+VR2IXhAAjmTd0B6opCTpBLztUvFugGMTQ9RoTxJnK3tubVyr0iM5qwMeg4odVvew
+6pDtOG5prIqaj1cx97ehwN/zs76HCRUYOguZ4y7RTnOW+tvrz1DOmqT61AyJK1Lz
+8lPhtR6HsomPznrBRQBz91JC8BPsVKnmXAtJyQlhY6kk6uRIyUVCvuHcz8i2H/Ao
+GmPlbP6B0uDwiXhK0zF0v3wccoIIIylMsOW2hUHdJ1FKIn6DX795MmDK8SfPqFkE
+t0UfHiAraG98+2rwF3Hppu3+8DkqfdKJzAwKKjT+WUJz4XHNVQi7eVDBkH8MEegp
+ntFFaIACZ0kNSctD9OGPofkCgrh/r+RviTD1lCxYLWfSVEAceOwTSBC8nRPNZysq
+60/WHumYuOkQqaN+LCLNHie4HryP5DBq2O9nmVglRzj9IDvcXronC0ug7VLEcfMZ
+crId3FQUU/rgZE/VbwvfWxflSyj32QHMRpd1yFadeOWBt08cRkj0zMF0rUeeoJJy
+JGXbhEV9Irtga2iss2FDijBzHMJIVu/Rfq9boV4YAip5dE0jKZyy6X+pLxFpxUlz
+Etbsrzn9W0Z55srHDOCeYDyGm4p6rNDQTOTJFswLUXmW1A7M/Vx9ZuMR2tT0vv9D
+WeJkGX764VHEgHABfsdRsvSm1xOPy+Du10gUkPyGT/HHcAdhwww=
+=MuI6
 -----END PGP SIGNATURE-----
diff --git a/.sig/manifest.txt b/.sig/manifest.txt
index cf32ca3..b14d6c0 100644
--- a/.sig/manifest.txt
+++ b/.sig/manifest.txt
@@ -1,2 +1,2 @@
 64263feac7b00952e9ec3b6c1fd11316faa58ff673c6bd085fac9f6f8d8389f6 .gitignore
-f99e09f2f6ac5f6b37969e70b796c3bafa102bd9c6f79c77b98d27ed1bd74f97 sig
+9c0292898230fb016b00b0f4c72e79b839bb5395f299feb97222e3035e05c6eb sig
diff --git a/sig b/sig
index 5fc70be..965ef75 100755
--- a/sig
+++ b/sig
@@ -58,22 +58,30 @@ get_temp(){
 	)"
 }
 
-gpg_env(){
-	GNUPGHOME=$(get_temp); export GNUPGPHOME
-	killall gpg-agent 2> /dev/null
-	gpg-agent --daemon --extra-socket "$GNUPGHOME/S.gpg-agent" 2> /dev/null
-	echo "export PATH=$GNUPGHOME:$PATH \
-		  export GNUPGHOME=$GNUPGHOME; \
-		  export GPG_AGENT_INFO=$GNUPGHOME/S.gpg-agent"
+get_files(){
+	if command -v git >/dev/null; then
+		git ls-files | grep -v ".${PROGRAM}"
+	else
+		find . \
+			-type f \
+			-not -path "./.git/*" \
+			-not -path "./.${PROGRAM}/*"
+	fi
 }
 
-gpg_cleanup(){
-	gpgconf --kill gpg-agent
-	rm -rf "$GNUPGHOME"
+cmd_manifest() {
+	mkdir -p ".${PROGRAM}"
+	printf "$(get_files | xargs openssl sha256 -r)" \
+	| sed -e 's/ \*/ /g' -e 's/ \.\// /g' \
+	| LC_ALL=C sort -k2 \
+	> ".${PROGRAM}/manifest.txt"
 }
 
 verify_file() {
-	local filename="${1?}"
+	[ $# -eq 2 ] || die \
+		"Usage: verify_file <threshold> <file>"
+	local threshold="${1}"
+	local filename="${2}"
 	local sig_count=0
 	local seen_fingerprints=""
 	local fingerprint
@@ -109,49 +117,15 @@ verify_file() {
 	}
 }
 
-verify_files() {
-	[ $# -lt 3 ] || die \
-		"Usage: verify-files <threshold> <pubkey_dir> <file> (, <file, ...)"
-
-	local threshold="${1}"
-	local pubkey_dir="${2}"
-	local target_files="${*:3}"
-
-	eval "$(gpg_env)"
-	gpg --import "${pubkey_dir}"/*.asc 2>/dev/null
-	for target_file in ${target_files}; do
-		verify_file "${target_file}"
-	done
-
-	gpg_cleanup
-}
-
-get_files(){
-	if command -v git >/dev/null; then
-		git ls-files | grep -v ".${PROGRAM}"
-	else
-		find . \
-			-type f \
-			-not -path "./.git/*" \
-			-not -path "./.${PROGRAM}/*"
-	fi
-}
-
-cmd_manifest() {
-	mkdir -p ".${PROGRAM}"
-	printf "$(get_files | xargs openssl sha256 -r)" \
-	| sed -e 's/ \*/ /g' -e 's/ \.\// /g' \
-	| LC_ALL=C sort -k2 \
-	> ".${PROGRAM}/manifest.txt"
-}
-
 cmd_verify() {
+	#TODO: support --min to override the default minimum of 3
+	local min=3
+	#TODO: support --group for a gpg-group
+	local group=""
 	( [ -d ".${PROGRAM}" ] && ls .${PROGRAM}/*.asc >/dev/null 2>&1 ) \
 		|| die "Error: No signatures"
 	cmd_manifest
-	for file in .${PROGRAM}/*.asc; do
-	  gpg --verify "$file" .${PROGRAM}/manifest.txt
-	done
+	verify_file "${min}" .${PROGRAM}/manifest.txt
 }
 
 cmd_add(){