initial commit
Signed-off-by: Gus Kenion <gkenion@noreply@src.opensuse.org>
This commit is contained in:
Gus Kenion
commit
69e206f575
79
git_multisig.sh
Normal file
79
git_multisig.sh
Normal file
@ -0,0 +1,79 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
run_id=`date -u '+%Y%m%d%H%M%S'`
|
||||||
|
|
||||||
|
add_sig ()
|
||||||
|
{
|
||||||
|
local git_hash=$2
|
||||||
|
local key_id=$3
|
||||||
|
|
||||||
|
# Fetch existing data from git
|
||||||
|
|
||||||
|
local message=`git cat-file -p ${git_hash} | sed -n '/-----BEGIN PGP/,/-----END PGP/b;p'`
|
||||||
|
|
||||||
|
# Output dearmored keys to files because bash variables don't play nicely with binary blobs
|
||||||
|
prev_sig_filename="prev.sig.${run_id}.tmp.gpg"
|
||||||
|
git cat-file -p ${git_hash} | sed -n '/-----BEGIN PGP/,/-----END PGP/p' | sed 's/gpgsig //g' | gpg --dearmor > ${prev_sig_filename}
|
||||||
|
|
||||||
|
new_sig_filename="new.sig.${run_id}.tmp.gpg"
|
||||||
|
echo -e "${message}" | gpg -u ${key_id} -o ${new_sig_filename} --detach-sig
|
||||||
|
local res=$?
|
||||||
|
if [ $res -ne 0 ]
|
||||||
|
then
|
||||||
|
echo "Failed to generate new signature!"
|
||||||
|
exit $res
|
||||||
|
fi
|
||||||
|
|
||||||
|
local combined_sig=`cat ${prev_sig_filename} ${new_sig_filename} | gpg --enarmor`
|
||||||
|
res=$?
|
||||||
|
if [ $res -ne 0 ]
|
||||||
|
then
|
||||||
|
echo "Failed to combine signatures!"
|
||||||
|
exit $res
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
# Delete temporary signature files
|
||||||
|
rm ${prev_sig_filename} ${new_sig_filename}
|
||||||
|
|
||||||
|
echo -e "${message}\n${combined_sig}"
|
||||||
|
|
||||||
|
# Hash and write git object
|
||||||
|
echo -e "${message}\n${combined_sig}" | git hash-object -t commit -w --stdin
|
||||||
|
|
||||||
|
return $?
|
||||||
|
}
|
||||||
|
|
||||||
|
verify_sig ()
|
||||||
|
{
|
||||||
|
local keyring_path=$2
|
||||||
|
local git_hash=$3
|
||||||
|
|
||||||
|
local message_filename=msg.${run_id}.tmp.txt
|
||||||
|
git cat-file -p ${git_hash} | sed -n '/-----BEGIN PGP/,/-----END PGP/b;p' > ${message_filename}
|
||||||
|
|
||||||
|
local sig_filename=verify.sig.${run_id}.tmp.asc
|
||||||
|
git cat-file -p ${git_hash} | sed -n '/-----BEGIN PGP/,/-----END PGP/p' | sed 's/gpgsig //g' > ${sig_filename}
|
||||||
|
|
||||||
|
gpgv2 --keyring ${keyring_path} ${sig_filename} ${message_filename}
|
||||||
|
local res=$?
|
||||||
|
|
||||||
|
rm ${message_filename} ${sig_filename}
|
||||||
|
exit $res
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
USAGE="Usage: $0 add {hash of commit to sign} {key to use}\nOR\n$0 verify {path to keyring} {commit hash}"
|
||||||
|
|
||||||
|
if [ $1 = "add" ]
|
||||||
|
then
|
||||||
|
add_sig $*
|
||||||
|
exit $?
|
||||||
|
elif [ $1 = "verify" ]
|
||||||
|
then
|
||||||
|
verify_sig $*
|
||||||
|
exit $?
|
||||||
|
else
|
||||||
|
echo "$USAGE"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
Loading…
x
Reference in New Issue
Block a user