use multisig verification flow

This commit is contained in:
Lance Vick 2020-11-12 19:24:37 -08:00
parent 04ddb126c8
commit 9ae18ca169
Signed by: lrvick
GPG Key ID: 8E47A1EC35A1551D
3 changed files with 38 additions and 64 deletions

View File

@ -1,16 +1,16 @@
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+t85AACgkQjkeh7DWh iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+t+2oACgkQjkeh7DWh
VR1vrA//VhXO6PH8kpNQe/fLyrIuUf4M67/oW1/wGmOmFKU8iQ26qMCFP6CtnsNP VR2IXhAAjmTd0B6opCTpBLztUvFugGMTQ9RoTxJnK3tubVyr0iM5qwMeg4odVvew
1mkkbUyhLeR17ktRlxR7s3Kqu1h83YTG8IpEGirGJApAbyxmB65D0iypZCxolYGy 6pDtOG5prIqaj1cx97ehwN/zs76HCRUYOguZ4y7RTnOW+tvrz1DOmqT61AyJK1Lz
9exiv3gOSPsvEgpskYnL4kYyoOf6z6EH/Zlhj9nfDC62n6ZfZUQSXZWhUKKfE2d9 8lPhtR6HsomPznrBRQBz91JC8BPsVKnmXAtJyQlhY6kk6uRIyUVCvuHcz8i2H/Ao
OK2yEFxd3wd+If3JMnxV49+nItlymBD8avJcnSo209rXk0iHXjbK4yPvy/FoH3aR GmPlbP6B0uDwiXhK0zF0v3wccoIIIylMsOW2hUHdJ1FKIn6DX795MmDK8SfPqFkE
bgUtzckF3rQ1hmCda487TOBXVnR6NdM7x/+gApqwuODuBYluYIVjW8kvv5FdpTes t0UfHiAraG98+2rwF3Hppu3+8DkqfdKJzAwKKjT+WUJz4XHNVQi7eVDBkH8MEegp
veX5ISBitkRJuy8lvw6mbCbId2ulw7Ml/DLK/3QWWARxIN6hjRAns6wNrV9c7x3u ntFFaIACZ0kNSctD9OGPofkCgrh/r+RviTD1lCxYLWfSVEAceOwTSBC8nRPNZysq
D4PWcgsbB7AOIK8Ia4+YWWGEy7gVKVRNDZSm4ZaK5TpYTUh8zXwKpy3qEQJjO7nl 60/WHumYuOkQqaN+LCLNHie4HryP5DBq2O9nmVglRzj9IDvcXronC0ug7VLEcfMZ
Pfcf+15DT358MltcqAtYoBJCfnCtv/G4mnvLjeBopusY6letqW6TG7f7IJCEJRoO crId3FQUU/rgZE/VbwvfWxflSyj32QHMRpd1yFadeOWBt08cRkj0zMF0rUeeoJJy
bHiRtWHq+lwIXTDHOXCjYhFK3HrkViEl5vEXWMmdtcVvax9i3vl/jlHHjT3XsYJY JGXbhEV9Irtga2iss2FDijBzHMJIVu/Rfq9boV4YAip5dE0jKZyy6X+pLxFpxUlz
fV2COE7H1a1ETeUmL0E98YQdKe+3q5Y+kdRpdcxTtvH9e6yP31E0AeBX+Lbwb3Yp Etbsrzn9W0Z55srHDOCeYDyGm4p6rNDQTOTJFswLUXmW1A7M/Vx9ZuMR2tT0vv9D
kWvmZiA4SNahhakNqgoVyvL8nQw18kpCIIrZBkFkxaKOC7PmDNo= WeJkGX764VHEgHABfsdRsvSm1xOPy+Du10gUkPyGT/HHcAdhwww=
=pv+J =MuI6
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----

View File

@ -1,2 +1,2 @@
64263feac7b00952e9ec3b6c1fd11316faa58ff673c6bd085fac9f6f8d8389f6 .gitignore 64263feac7b00952e9ec3b6c1fd11316faa58ff673c6bd085fac9f6f8d8389f6 .gitignore
f99e09f2f6ac5f6b37969e70b796c3bafa102bd9c6f79c77b98d27ed1bd74f97 sig 9c0292898230fb016b00b0f4c72e79b839bb5395f299feb97222e3035e05c6eb sig

74
sig
View File

@ -58,22 +58,30 @@ get_temp(){
)" )"
} }
gpg_env(){ get_files(){
GNUPGHOME=$(get_temp); export GNUPGPHOME if command -v git >/dev/null; then
killall gpg-agent 2> /dev/null git ls-files | grep -v ".${PROGRAM}"
gpg-agent --daemon --extra-socket "$GNUPGHOME/S.gpg-agent" 2> /dev/null else
echo "export PATH=$GNUPGHOME:$PATH \ find . \
export GNUPGHOME=$GNUPGHOME; \ -type f \
export GPG_AGENT_INFO=$GNUPGHOME/S.gpg-agent" -not -path "./.git/*" \
-not -path "./.${PROGRAM}/*"
fi
} }
gpg_cleanup(){ cmd_manifest() {
gpgconf --kill gpg-agent mkdir -p ".${PROGRAM}"
rm -rf "$GNUPGHOME" printf "$(get_files | xargs openssl sha256 -r)" \
| sed -e 's/ \*/ /g' -e 's/ \.\// /g' \
| LC_ALL=C sort -k2 \
> ".${PROGRAM}/manifest.txt"
} }
verify_file() { verify_file() {
local filename="${1?}" [ $# -eq 2 ] || die \
"Usage: verify_file <threshold> <file>"
local threshold="${1}"
local filename="${2}"
local sig_count=0 local sig_count=0
local seen_fingerprints="" local seen_fingerprints=""
local fingerprint local fingerprint
@ -109,49 +117,15 @@ verify_file() {
} }
} }
verify_files() {
[ $# -lt 3 ] || die \
"Usage: verify-files <threshold> <pubkey_dir> <file> (, <file, ...)"
local threshold="${1}"
local pubkey_dir="${2}"
local target_files="${*:3}"
eval "$(gpg_env)"
gpg --import "${pubkey_dir}"/*.asc 2>/dev/null
for target_file in ${target_files}; do
verify_file "${target_file}"
done
gpg_cleanup
}
get_files(){
if command -v git >/dev/null; then
git ls-files | grep -v ".${PROGRAM}"
else
find . \
-type f \
-not -path "./.git/*" \
-not -path "./.${PROGRAM}/*"
fi
}
cmd_manifest() {
mkdir -p ".${PROGRAM}"
printf "$(get_files | xargs openssl sha256 -r)" \
| sed -e 's/ \*/ /g' -e 's/ \.\// /g' \
| LC_ALL=C sort -k2 \
> ".${PROGRAM}/manifest.txt"
}
cmd_verify() { cmd_verify() {
#TODO: support --min to override the default minimum of 3
local min=3
#TODO: support --group for a gpg-group
local group=""
( [ -d ".${PROGRAM}" ] && ls .${PROGRAM}/*.asc >/dev/null 2>&1 ) \ ( [ -d ".${PROGRAM}" ] && ls .${PROGRAM}/*.asc >/dev/null 2>&1 ) \
|| die "Error: No signatures" || die "Error: No signatures"
cmd_manifest cmd_manifest
for file in .${PROGRAM}/*.asc; do verify_file "${min}" .${PROGRAM}/manifest.txt
gpg --verify "$file" .${PROGRAM}/manifest.txt
done
} }
cmd_add(){ cmd_add(){