diff options
| author |  steering7253 | 2026-05-18 07:09:31 -0600 |
|---|---|---|
| committer | steering7253 | 2026-05-18 07:09:31 -0600 |
| commit | 383d3222b1d2c776bf4dc097203a2ebf58b7b470 (patch) | |
| tree | 34d6885ece3d33f3d0f2fb53859203eec9daca3c /gpg-verify | |
| parent | gpg-verify fixups (diff) | |
use gpgv betterer
Diffstat (limited to 'gpg-verify')
| -rwxr-xr-x | gpg-verify | 10 |
1 files changed, 7 insertions, 3 deletions
@@ -12,20 +12,24 @@ nonce="$2" key="$3" sig="$4" +cd /opt/autopeer +NOTIFY_TO="$(python3 -c 'import config; print(config.NOTIFY_TO)')" echo "[autopeer $(hostname -f)] pgp: $username $key" | socat stdio "$NOTIFY_TO" keyring="$(mktemp)" curl -sL "$key" | gpg -o - --dearmor >"$keyring" || exit 7 -gpgv_out="$(gpgv --keyring "$keyring" <(echo "$sig" | sed 's/-----BEGIN PGP SIGNATURE-----/&\n\n/') <(echo "$nonce") 2>&1)" -verified_key="$(echo "$gpgv_out" |& grep -oP 'gpgv:\s*using \S+ key \K.*')" +gpgv_out="$(gpgv --status-fd 1 --keyring "$keyring" <(echo "$sig" | sed 's/-----BEGIN PGP SIGNATURE-----/&\n\n/') <(echo "$nonce"))" +#[GNUPG:] VALIDSIG 1449565B711BABA3BC5347AE66B26E9D823D8647 2026-05-18 1779109475 0 4 0 22 10 00 1449565B711BABA3BC5347AE66B26E9D823D8647 echo "keyring: $keyring" echo "$gpgv_out" -if ! echo "$gpgv_out" | grep -qP 'gpgv: Good signature from'; then +if ! echo "$gpgv_out" | grep -qP '^\[GNUPG:\] VALIDSIG '; then exit 3 fi +verified_key="$(echo "$gpgv_out" | grep -P '^\[GNUPG:\] VALIDSIG ' | cut -d' ' -f3)" + if [ -z "$verified_key" ]; then exit 4 fi |