use multisig verification flow
This commit is contained in:
parent
04ddb126c8
commit
9ae18ca169
GPG Key ID:
8E47A1EC35A1551D
|
|
@ -1,16 +1,16 @@
|
||||||
-----BEGIN PGP SIGNATURE-----
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+t85AACgkQjkeh7DWh
|
iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+t+2oACgkQjkeh7DWh
|
||||||
VR1vrA//VhXO6PH8kpNQe/fLyrIuUf4M67/oW1/wGmOmFKU8iQ26qMCFP6CtnsNP
|
VR2IXhAAjmTd0B6opCTpBLztUvFugGMTQ9RoTxJnK3tubVyr0iM5qwMeg4odVvew
|
||||||
1mkkbUyhLeR17ktRlxR7s3Kqu1h83YTG8IpEGirGJApAbyxmB65D0iypZCxolYGy
|
6pDtOG5prIqaj1cx97ehwN/zs76HCRUYOguZ4y7RTnOW+tvrz1DOmqT61AyJK1Lz
|
||||||
9exiv3gOSPsvEgpskYnL4kYyoOf6z6EH/Zlhj9nfDC62n6ZfZUQSXZWhUKKfE2d9
|
8lPhtR6HsomPznrBRQBz91JC8BPsVKnmXAtJyQlhY6kk6uRIyUVCvuHcz8i2H/Ao
|
||||||
OK2yEFxd3wd+If3JMnxV49+nItlymBD8avJcnSo209rXk0iHXjbK4yPvy/FoH3aR
|
GmPlbP6B0uDwiXhK0zF0v3wccoIIIylMsOW2hUHdJ1FKIn6DX795MmDK8SfPqFkE
|
||||||
bgUtzckF3rQ1hmCda487TOBXVnR6NdM7x/+gApqwuODuBYluYIVjW8kvv5FdpTes
|
t0UfHiAraG98+2rwF3Hppu3+8DkqfdKJzAwKKjT+WUJz4XHNVQi7eVDBkH8MEegp
|
||||||
veX5ISBitkRJuy8lvw6mbCbId2ulw7Ml/DLK/3QWWARxIN6hjRAns6wNrV9c7x3u
|
ntFFaIACZ0kNSctD9OGPofkCgrh/r+RviTD1lCxYLWfSVEAceOwTSBC8nRPNZysq
|
||||||
D4PWcgsbB7AOIK8Ia4+YWWGEy7gVKVRNDZSm4ZaK5TpYTUh8zXwKpy3qEQJjO7nl
|
60/WHumYuOkQqaN+LCLNHie4HryP5DBq2O9nmVglRzj9IDvcXronC0ug7VLEcfMZ
|
||||||
Pfcf+15DT358MltcqAtYoBJCfnCtv/G4mnvLjeBopusY6letqW6TG7f7IJCEJRoO
|
crId3FQUU/rgZE/VbwvfWxflSyj32QHMRpd1yFadeOWBt08cRkj0zMF0rUeeoJJy
|
||||||
bHiRtWHq+lwIXTDHOXCjYhFK3HrkViEl5vEXWMmdtcVvax9i3vl/jlHHjT3XsYJY
|
JGXbhEV9Irtga2iss2FDijBzHMJIVu/Rfq9boV4YAip5dE0jKZyy6X+pLxFpxUlz
|
||||||
fV2COE7H1a1ETeUmL0E98YQdKe+3q5Y+kdRpdcxTtvH9e6yP31E0AeBX+Lbwb3Yp
|
Etbsrzn9W0Z55srHDOCeYDyGm4p6rNDQTOTJFswLUXmW1A7M/Vx9ZuMR2tT0vv9D
|
||||||
kWvmZiA4SNahhakNqgoVyvL8nQw18kpCIIrZBkFkxaKOC7PmDNo=
|
WeJkGX764VHEgHABfsdRsvSm1xOPy+Du10gUkPyGT/HHcAdhwww=
|
||||||
=pv+J
|
=MuI6
|
||||||
-----END PGP SIGNATURE-----
|
-----END PGP SIGNATURE-----
|
||||||
|
|
|
||||||
|
|
@ -1,2 +1,2 @@
|
||||||
64263feac7b00952e9ec3b6c1fd11316faa58ff673c6bd085fac9f6f8d8389f6 .gitignore
|
64263feac7b00952e9ec3b6c1fd11316faa58ff673c6bd085fac9f6f8d8389f6 .gitignore
|
||||||
f99e09f2f6ac5f6b37969e70b796c3bafa102bd9c6f79c77b98d27ed1bd74f97 sig
|
9c0292898230fb016b00b0f4c72e79b839bb5395f299feb97222e3035e05c6eb sig
|
||||||
|
|
|
||||||
74
sig
74
sig
|
|
@ -58,22 +58,30 @@ get_temp(){
|
||||||
)"
|
)"
|
||||||
}
|
}
|
||||||
|
|
||||||
gpg_env(){
|
get_files(){
|
||||||
GNUPGHOME=$(get_temp); export GNUPGPHOME
|
if command -v git >/dev/null; then
|
||||||
killall gpg-agent 2> /dev/null
|
git ls-files | grep -v ".${PROGRAM}"
|
||||||
gpg-agent --daemon --extra-socket "$GNUPGHOME/S.gpg-agent" 2> /dev/null
|
else
|
||||||
echo "export PATH=$GNUPGHOME:$PATH \
|
find . \
|
||||||
export GNUPGHOME=$GNUPGHOME; \
|
-type f \
|
||||||
export GPG_AGENT_INFO=$GNUPGHOME/S.gpg-agent"
|
-not -path "./.git/*" \
|
||||||
|
-not -path "./.${PROGRAM}/*"
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
gpg_cleanup(){
|
cmd_manifest() {
|
||||||
gpgconf --kill gpg-agent
|
mkdir -p ".${PROGRAM}"
|
||||||
rm -rf "$GNUPGHOME"
|
printf "$(get_files | xargs openssl sha256 -r)" \
|
||||||
|
| sed -e 's/ \*/ /g' -e 's/ \.\// /g' \
|
||||||
|
| LC_ALL=C sort -k2 \
|
||||||
|
> ".${PROGRAM}/manifest.txt"
|
||||||
}
|
}
|
||||||
|
|
||||||
verify_file() {
|
verify_file() {
|
||||||
local filename="${1?}"
|
[ $# -eq 2 ] || die \
|
||||||
|
"Usage: verify_file <threshold> <file>"
|
||||||
|
local threshold="${1}"
|
||||||
|
local filename="${2}"
|
||||||
local sig_count=0
|
local sig_count=0
|
||||||
local seen_fingerprints=""
|
local seen_fingerprints=""
|
||||||
local fingerprint
|
local fingerprint
|
||||||
|
|
@ -109,49 +117,15 @@ verify_file() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
verify_files() {
|
|
||||||
[ $# -lt 3 ] || die \
|
|
||||||
"Usage: verify-files <threshold> <pubkey_dir> <file> (, <file, ...)"
|
|
||||||
|
|
||||||
local threshold="${1}"
|
|
||||||
local pubkey_dir="${2}"
|
|
||||||
local target_files="${*:3}"
|
|
||||||
|
|
||||||
eval "$(gpg_env)"
|
|
||||||
gpg --import "${pubkey_dir}"/*.asc 2>/dev/null
|
|
||||||
for target_file in ${target_files}; do
|
|
||||||
verify_file "${target_file}"
|
|
||||||
done
|
|
||||||
|
|
||||||
gpg_cleanup
|
|
||||||
}
|
|
||||||
|
|
||||||
get_files(){
|
|
||||||
if command -v git >/dev/null; then
|
|
||||||
git ls-files | grep -v ".${PROGRAM}"
|
|
||||||
else
|
|
||||||
find . \
|
|
||||||
-type f \
|
|
||||||
-not -path "./.git/*" \
|
|
||||||
-not -path "./.${PROGRAM}/*"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
cmd_manifest() {
|
|
||||||
mkdir -p ".${PROGRAM}"
|
|
||||||
printf "$(get_files | xargs openssl sha256 -r)" \
|
|
||||||
| sed -e 's/ \*/ /g' -e 's/ \.\// /g' \
|
|
||||||
| LC_ALL=C sort -k2 \
|
|
||||||
> ".${PROGRAM}/manifest.txt"
|
|
||||||
}
|
|
||||||
|
|
||||||
cmd_verify() {
|
cmd_verify() {
|
||||||
|
#TODO: support --min to override the default minimum of 3
|
||||||
|
local min=3
|
||||||
|
#TODO: support --group for a gpg-group
|
||||||
|
local group=""
|
||||||
( [ -d ".${PROGRAM}" ] && ls .${PROGRAM}/*.asc >/dev/null 2>&1 ) \
|
( [ -d ".${PROGRAM}" ] && ls .${PROGRAM}/*.asc >/dev/null 2>&1 ) \
|
||||||
|| die "Error: No signatures"
|
|| die "Error: No signatures"
|
||||||
cmd_manifest
|
cmd_manifest
|
||||||
for file in .${PROGRAM}/*.asc; do
|
verify_file "${min}" .${PROGRAM}/manifest.txt
|
||||||
gpg --verify "$file" .${PROGRAM}/manifest.txt
|
|
||||||
done
|
|
||||||
}
|
}
|
||||||
|
|
||||||
cmd_add(){
|
cmd_add(){
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue