use multisig verification flow
This commit is contained in:
parent
04ddb126c8
commit
9ae18ca169
|
@ -1,16 +1,16 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+t85AACgkQjkeh7DWh
|
||||
VR1vrA//VhXO6PH8kpNQe/fLyrIuUf4M67/oW1/wGmOmFKU8iQ26qMCFP6CtnsNP
|
||||
1mkkbUyhLeR17ktRlxR7s3Kqu1h83YTG8IpEGirGJApAbyxmB65D0iypZCxolYGy
|
||||
9exiv3gOSPsvEgpskYnL4kYyoOf6z6EH/Zlhj9nfDC62n6ZfZUQSXZWhUKKfE2d9
|
||||
OK2yEFxd3wd+If3JMnxV49+nItlymBD8avJcnSo209rXk0iHXjbK4yPvy/FoH3aR
|
||||
bgUtzckF3rQ1hmCda487TOBXVnR6NdM7x/+gApqwuODuBYluYIVjW8kvv5FdpTes
|
||||
veX5ISBitkRJuy8lvw6mbCbId2ulw7Ml/DLK/3QWWARxIN6hjRAns6wNrV9c7x3u
|
||||
D4PWcgsbB7AOIK8Ia4+YWWGEy7gVKVRNDZSm4ZaK5TpYTUh8zXwKpy3qEQJjO7nl
|
||||
Pfcf+15DT358MltcqAtYoBJCfnCtv/G4mnvLjeBopusY6letqW6TG7f7IJCEJRoO
|
||||
bHiRtWHq+lwIXTDHOXCjYhFK3HrkViEl5vEXWMmdtcVvax9i3vl/jlHHjT3XsYJY
|
||||
fV2COE7H1a1ETeUmL0E98YQdKe+3q5Y+kdRpdcxTtvH9e6yP31E0AeBX+Lbwb3Yp
|
||||
kWvmZiA4SNahhakNqgoVyvL8nQw18kpCIIrZBkFkxaKOC7PmDNo=
|
||||
=pv+J
|
||||
iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+t+2oACgkQjkeh7DWh
|
||||
VR2IXhAAjmTd0B6opCTpBLztUvFugGMTQ9RoTxJnK3tubVyr0iM5qwMeg4odVvew
|
||||
6pDtOG5prIqaj1cx97ehwN/zs76HCRUYOguZ4y7RTnOW+tvrz1DOmqT61AyJK1Lz
|
||||
8lPhtR6HsomPznrBRQBz91JC8BPsVKnmXAtJyQlhY6kk6uRIyUVCvuHcz8i2H/Ao
|
||||
GmPlbP6B0uDwiXhK0zF0v3wccoIIIylMsOW2hUHdJ1FKIn6DX795MmDK8SfPqFkE
|
||||
t0UfHiAraG98+2rwF3Hppu3+8DkqfdKJzAwKKjT+WUJz4XHNVQi7eVDBkH8MEegp
|
||||
ntFFaIACZ0kNSctD9OGPofkCgrh/r+RviTD1lCxYLWfSVEAceOwTSBC8nRPNZysq
|
||||
60/WHumYuOkQqaN+LCLNHie4HryP5DBq2O9nmVglRzj9IDvcXronC0ug7VLEcfMZ
|
||||
crId3FQUU/rgZE/VbwvfWxflSyj32QHMRpd1yFadeOWBt08cRkj0zMF0rUeeoJJy
|
||||
JGXbhEV9Irtga2iss2FDijBzHMJIVu/Rfq9boV4YAip5dE0jKZyy6X+pLxFpxUlz
|
||||
Etbsrzn9W0Z55srHDOCeYDyGm4p6rNDQTOTJFswLUXmW1A7M/Vx9ZuMR2tT0vv9D
|
||||
WeJkGX764VHEgHABfsdRsvSm1xOPy+Du10gUkPyGT/HHcAdhwww=
|
||||
=MuI6
|
||||
-----END PGP SIGNATURE-----
|
||||
|
|
|
@ -1,2 +1,2 @@
|
|||
64263feac7b00952e9ec3b6c1fd11316faa58ff673c6bd085fac9f6f8d8389f6 .gitignore
|
||||
f99e09f2f6ac5f6b37969e70b796c3bafa102bd9c6f79c77b98d27ed1bd74f97 sig
|
||||
9c0292898230fb016b00b0f4c72e79b839bb5395f299feb97222e3035e05c6eb sig
|
||||
|
|
74
sig
74
sig
|
@ -58,22 +58,30 @@ get_temp(){
|
|||
)"
|
||||
}
|
||||
|
||||
gpg_env(){
|
||||
GNUPGHOME=$(get_temp); export GNUPGPHOME
|
||||
killall gpg-agent 2> /dev/null
|
||||
gpg-agent --daemon --extra-socket "$GNUPGHOME/S.gpg-agent" 2> /dev/null
|
||||
echo "export PATH=$GNUPGHOME:$PATH \
|
||||
export GNUPGHOME=$GNUPGHOME; \
|
||||
export GPG_AGENT_INFO=$GNUPGHOME/S.gpg-agent"
|
||||
get_files(){
|
||||
if command -v git >/dev/null; then
|
||||
git ls-files | grep -v ".${PROGRAM}"
|
||||
else
|
||||
find . \
|
||||
-type f \
|
||||
-not -path "./.git/*" \
|
||||
-not -path "./.${PROGRAM}/*"
|
||||
fi
|
||||
}
|
||||
|
||||
gpg_cleanup(){
|
||||
gpgconf --kill gpg-agent
|
||||
rm -rf "$GNUPGHOME"
|
||||
cmd_manifest() {
|
||||
mkdir -p ".${PROGRAM}"
|
||||
printf "$(get_files | xargs openssl sha256 -r)" \
|
||||
| sed -e 's/ \*/ /g' -e 's/ \.\// /g' \
|
||||
| LC_ALL=C sort -k2 \
|
||||
> ".${PROGRAM}/manifest.txt"
|
||||
}
|
||||
|
||||
verify_file() {
|
||||
local filename="${1?}"
|
||||
[ $# -eq 2 ] || die \
|
||||
"Usage: verify_file <threshold> <file>"
|
||||
local threshold="${1}"
|
||||
local filename="${2}"
|
||||
local sig_count=0
|
||||
local seen_fingerprints=""
|
||||
local fingerprint
|
||||
|
@ -109,49 +117,15 @@ verify_file() {
|
|||
}
|
||||
}
|
||||
|
||||
verify_files() {
|
||||
[ $# -lt 3 ] || die \
|
||||
"Usage: verify-files <threshold> <pubkey_dir> <file> (, <file, ...)"
|
||||
|
||||
local threshold="${1}"
|
||||
local pubkey_dir="${2}"
|
||||
local target_files="${*:3}"
|
||||
|
||||
eval "$(gpg_env)"
|
||||
gpg --import "${pubkey_dir}"/*.asc 2>/dev/null
|
||||
for target_file in ${target_files}; do
|
||||
verify_file "${target_file}"
|
||||
done
|
||||
|
||||
gpg_cleanup
|
||||
}
|
||||
|
||||
get_files(){
|
||||
if command -v git >/dev/null; then
|
||||
git ls-files | grep -v ".${PROGRAM}"
|
||||
else
|
||||
find . \
|
||||
-type f \
|
||||
-not -path "./.git/*" \
|
||||
-not -path "./.${PROGRAM}/*"
|
||||
fi
|
||||
}
|
||||
|
||||
cmd_manifest() {
|
||||
mkdir -p ".${PROGRAM}"
|
||||
printf "$(get_files | xargs openssl sha256 -r)" \
|
||||
| sed -e 's/ \*/ /g' -e 's/ \.\// /g' \
|
||||
| LC_ALL=C sort -k2 \
|
||||
> ".${PROGRAM}/manifest.txt"
|
||||
}
|
||||
|
||||
cmd_verify() {
|
||||
#TODO: support --min to override the default minimum of 3
|
||||
local min=3
|
||||
#TODO: support --group for a gpg-group
|
||||
local group=""
|
||||
( [ -d ".${PROGRAM}" ] && ls .${PROGRAM}/*.asc >/dev/null 2>&1 ) \
|
||||
|| die "Error: No signatures"
|
||||
cmd_manifest
|
||||
for file in .${PROGRAM}/*.asc; do
|
||||
gpg --verify "$file" .${PROGRAM}/manifest.txt
|
||||
done
|
||||
verify_file "${min}" .${PROGRAM}/manifest.txt
|
||||
}
|
||||
|
||||
cmd_add(){
|
||||
|
|
Loading…
Reference in New Issue