add safe verification steps

This commit is contained in:
Lance Vick 2020-11-16 04:36:05 -08:00
parent 93750523de
commit e0976d007e
Signed by: lrvick
GPG Key ID: 8E47A1EC35A1551D
3 changed files with 26 additions and 16 deletions

View File

@ -1,16 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+ybrMACgkQjkeh7DWh
VR2SLQ/9GvI+oEB6ZbnI0MZNGbei5mpZoqkXrLS53rWF23/W+1ZqZpUjj7dFGHNx
BIHmYMFZV4BYmMzw9UUyzX0X3lHpV41GSKV27NC3ngQGE0YJNRWjqYdcCdHE5gwN
y6r3IA4ANzuC44sCcFTDh9yaEt7fTnfDL1BqvppX1DOzUukPnbNxJ21elLM9FDEZ
M3EEwQJ6NwGOC17PmCD28/rwVZNjUe2LYkMQEDHd1+2ssC1g1kMOee7EdQG56/Zh
1gs3eB5eBHhAmBBmx/mRUT8BiBYv7dKyzGSvC366afPrkBDXalAn9RQUU10sZFf6
P55wYDBrXu2aEKJ5n8AdTpiHUZ5zRwaSU1hPwXLZuhAFeZovSHT6LbFs4z2YLe0H
wWT5aRJ3rp5C3kA3LMJvO/mHmGYoyTzvlMBcgB2E3gKuUVg1yg0vc/af5H29wyEx
1CylAtWIgAQz9t+kybG1QWq5qfnVLN5M37I6mjXUhmrfiC26S25k8wdDt/CQvf4e
J+yMeKsRDg1XaImH34cQpbD0ycLMfr8KZmLJHmiXoDn8ViELFqoa81UlvwXmKDOC
C0hjnDvgNgHV75iDTKFMXZjfRwe5y1ZXeRLRaUyysZt3MlUTCyMvkysWdbiqyv+G
7rO3OKYwXun3HBQpwwFU0ZEBgcY1rHnzVwQoGz8vnkawGIp5fXQ=
=opFX
iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+ycikACgkQjkeh7DWh
VR2x4g/+Iuq/AC15pKnbXgY9dayv/+79ZV6e2okprWx9zOiDn6Oxi9z6lvk6kKKg
MiZfDbjfcEbvF4kd63eUbwvJgOJVhvraG0TyrnAtm2dymGorTmUZeDpf+HShl7Gm
ZkVYLmK2AGzXr1MRRx+Ll8qT0EErKNFlhNFT27a4pGwLtmmkLfKXARdNvzbMRVjY
DMrxbwXxJfY+EiLXKBIDos8665I96dmdUwZUYhn8515Y/mUp/Rk0fJoNl312X/Y+
bRBDFTrfoka/Ux1ccB4w8ER85hS60eLmr1ImmdsqH+1TYf3BqsQ7WRqPkbcrVBbf
dc6/ZMXa0MB5D2hlTPCfcVAkQ3at94qq9Ed3j3YNjCLE2t+KksBa4JgtQb8wWLYP
j14alqgUNvtSwEm7urWfIl9lX5LftLteDBZcuDN56Oo6bLP3pbynOyp8xS5t8daq
IvJKcwJugiFmkkArOi9+TLDLk5/jtczdprmt0xIy8/s4s1vSGOYJE8ivgm3k/PAC
dJyxS6K3nbEByJbpwEkkzIViNl4NlaeJK1Ow0U7YNGWEc1jlgv1WZzt4+Kx8I7B/
X6zo+wNuLHri2vs1aUJVCFmIQ0rTrVYXYjaboBrfZM671XyU7W3lvdBDUBpCkQnL
9GTw7+Zzq78u7nePUL3cL1eNn8RWWjNad0PIAuOjF7K0mFJHlxI=
=eFzX
-----END PGP SIGNATURE-----

View File

@ -1,2 +1,3 @@
64263feac7b00952e9ec3b6c1fd11316faa58ff673c6bd085fac9f6f8d8389f6 .gitignore
00b0e173649476d58154f0d078814cad9a6c8d5a3187fc615e3d0b3c76c2f8ca README.md
b470a31ed13fb1177a0ffae1872f3e24f9aa8292090f4d838ad2a4bc639f8404 sig

View File

@ -19,7 +19,16 @@ The simple GPG signature toolchain for directories or git repos.
git clone git@gitlab.com/pchq/sig.git sig
```
2. Manually verify
2. Manually generate manifest
```
git ls-files \
| grep -v .sig \
| xargs openssl sha256 -r \
| sed -e 's/ \*/ /g' -e 's/ \.\// /g'
```
3. Manually verify manifest
```
for file in .sig/*.asc; do gpg --verify $file .sig/manifest.txt; done
@ -27,13 +36,13 @@ The simple GPG signature toolchain for directories or git repos.
less sig
```
3. Self verify
4. Self verify
```
./sig verify --threshold 3
```
4. Copy to $PATH
5. Copy to $PATH
```
cp sig ~/.local/bin/