use multisig verification flow

This commit is contained in:
Lance Vick 2020-11-12 19:24:37 -08:00
parent 04ddb126c8
commit 9ae18ca169
Signed by: lrvick
GPG Key ID: 8E47A1EC35A1551D
3 changed files with 38 additions and 64 deletions

View File

@ -1,16 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+t85AACgkQjkeh7DWh
VR1vrA//VhXO6PH8kpNQe/fLyrIuUf4M67/oW1/wGmOmFKU8iQ26qMCFP6CtnsNP
1mkkbUyhLeR17ktRlxR7s3Kqu1h83YTG8IpEGirGJApAbyxmB65D0iypZCxolYGy
9exiv3gOSPsvEgpskYnL4kYyoOf6z6EH/Zlhj9nfDC62n6ZfZUQSXZWhUKKfE2d9
OK2yEFxd3wd+If3JMnxV49+nItlymBD8avJcnSo209rXk0iHXjbK4yPvy/FoH3aR
bgUtzckF3rQ1hmCda487TOBXVnR6NdM7x/+gApqwuODuBYluYIVjW8kvv5FdpTes
veX5ISBitkRJuy8lvw6mbCbId2ulw7Ml/DLK/3QWWARxIN6hjRAns6wNrV9c7x3u
D4PWcgsbB7AOIK8Ia4+YWWGEy7gVKVRNDZSm4ZaK5TpYTUh8zXwKpy3qEQJjO7nl
Pfcf+15DT358MltcqAtYoBJCfnCtv/G4mnvLjeBopusY6letqW6TG7f7IJCEJRoO
bHiRtWHq+lwIXTDHOXCjYhFK3HrkViEl5vEXWMmdtcVvax9i3vl/jlHHjT3XsYJY
fV2COE7H1a1ETeUmL0E98YQdKe+3q5Y+kdRpdcxTtvH9e6yP31E0AeBX+Lbwb3Yp
kWvmZiA4SNahhakNqgoVyvL8nQw18kpCIIrZBkFkxaKOC7PmDNo=
=pv+J
iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+t+2oACgkQjkeh7DWh
VR2IXhAAjmTd0B6opCTpBLztUvFugGMTQ9RoTxJnK3tubVyr0iM5qwMeg4odVvew
6pDtOG5prIqaj1cx97ehwN/zs76HCRUYOguZ4y7RTnOW+tvrz1DOmqT61AyJK1Lz
8lPhtR6HsomPznrBRQBz91JC8BPsVKnmXAtJyQlhY6kk6uRIyUVCvuHcz8i2H/Ao
GmPlbP6B0uDwiXhK0zF0v3wccoIIIylMsOW2hUHdJ1FKIn6DX795MmDK8SfPqFkE
t0UfHiAraG98+2rwF3Hppu3+8DkqfdKJzAwKKjT+WUJz4XHNVQi7eVDBkH8MEegp
ntFFaIACZ0kNSctD9OGPofkCgrh/r+RviTD1lCxYLWfSVEAceOwTSBC8nRPNZysq
60/WHumYuOkQqaN+LCLNHie4HryP5DBq2O9nmVglRzj9IDvcXronC0ug7VLEcfMZ
crId3FQUU/rgZE/VbwvfWxflSyj32QHMRpd1yFadeOWBt08cRkj0zMF0rUeeoJJy
JGXbhEV9Irtga2iss2FDijBzHMJIVu/Rfq9boV4YAip5dE0jKZyy6X+pLxFpxUlz
Etbsrzn9W0Z55srHDOCeYDyGm4p6rNDQTOTJFswLUXmW1A7M/Vx9ZuMR2tT0vv9D
WeJkGX764VHEgHABfsdRsvSm1xOPy+Du10gUkPyGT/HHcAdhwww=
=MuI6
-----END PGP SIGNATURE-----

View File

@ -1,2 +1,2 @@
64263feac7b00952e9ec3b6c1fd11316faa58ff673c6bd085fac9f6f8d8389f6 .gitignore
f99e09f2f6ac5f6b37969e70b796c3bafa102bd9c6f79c77b98d27ed1bd74f97 sig
9c0292898230fb016b00b0f4c72e79b839bb5395f299feb97222e3035e05c6eb sig

74
sig
View File

@ -58,22 +58,30 @@ get_temp(){
)"
}
gpg_env(){
GNUPGHOME=$(get_temp); export GNUPGPHOME
killall gpg-agent 2> /dev/null
gpg-agent --daemon --extra-socket "$GNUPGHOME/S.gpg-agent" 2> /dev/null
echo "export PATH=$GNUPGHOME:$PATH \
export GNUPGHOME=$GNUPGHOME; \
export GPG_AGENT_INFO=$GNUPGHOME/S.gpg-agent"
get_files(){
if command -v git >/dev/null; then
git ls-files | grep -v ".${PROGRAM}"
else
find . \
-type f \
-not -path "./.git/*" \
-not -path "./.${PROGRAM}/*"
fi
}
gpg_cleanup(){
gpgconf --kill gpg-agent
rm -rf "$GNUPGHOME"
cmd_manifest() {
mkdir -p ".${PROGRAM}"
printf "$(get_files | xargs openssl sha256 -r)" \
| sed -e 's/ \*/ /g' -e 's/ \.\// /g' \
| LC_ALL=C sort -k2 \
> ".${PROGRAM}/manifest.txt"
}
verify_file() {
local filename="${1?}"
[ $# -eq 2 ] || die \
"Usage: verify_file <threshold> <file>"
local threshold="${1}"
local filename="${2}"
local sig_count=0
local seen_fingerprints=""
local fingerprint
@ -109,49 +117,15 @@ verify_file() {
}
}
verify_files() {
[ $# -lt 3 ] || die \
"Usage: verify-files <threshold> <pubkey_dir> <file> (, <file, ...)"
local threshold="${1}"
local pubkey_dir="${2}"
local target_files="${*:3}"
eval "$(gpg_env)"
gpg --import "${pubkey_dir}"/*.asc 2>/dev/null
for target_file in ${target_files}; do
verify_file "${target_file}"
done
gpg_cleanup
}
get_files(){
if command -v git >/dev/null; then
git ls-files | grep -v ".${PROGRAM}"
else
find . \
-type f \
-not -path "./.git/*" \
-not -path "./.${PROGRAM}/*"
fi
}
cmd_manifest() {
mkdir -p ".${PROGRAM}"
printf "$(get_files | xargs openssl sha256 -r)" \
| sed -e 's/ \*/ /g' -e 's/ \.\// /g' \
| LC_ALL=C sort -k2 \
> ".${PROGRAM}/manifest.txt"
}
cmd_verify() {
#TODO: support --min to override the default minimum of 3
local min=3
#TODO: support --group for a gpg-group
local group=""
( [ -d ".${PROGRAM}" ] && ls .${PROGRAM}/*.asc >/dev/null 2>&1 ) \
|| die "Error: No signatures"
cmd_manifest
for file in .${PROGRAM}/*.asc; do
gpg --verify "$file" .${PROGRAM}/manifest.txt
done
verify_file "${min}" .${PROGRAM}/manifest.txt
}
cmd_add(){