initial commit
Signed-off-by: Gus Kenion <gkenion@noreply@src.opensuse.org>
This commit is contained in:
Gus Kenion
commit
69e206f575
79
git_multisig.sh
Normal file
79
git_multisig.sh
Normal file
@ -0,0 +1,79 @@
|
||||
#!/bin/bash
|
||||
|
||||
run_id=`date -u '+%Y%m%d%H%M%S'`
|
||||
|
||||
add_sig ()
|
||||
{
|
||||
local git_hash=$2
|
||||
local key_id=$3
|
||||
|
||||
# Fetch existing data from git
|
||||
|
||||
local message=`git cat-file -p ${git_hash} | sed -n '/-----BEGIN PGP/,/-----END PGP/b;p'`
|
||||
|
||||
# Output dearmored keys to files because bash variables don't play nicely with binary blobs
|
||||
prev_sig_filename="prev.sig.${run_id}.tmp.gpg"
|
||||
git cat-file -p ${git_hash} | sed -n '/-----BEGIN PGP/,/-----END PGP/p' | sed 's/gpgsig //g' | gpg --dearmor > ${prev_sig_filename}
|
||||
|
||||
new_sig_filename="new.sig.${run_id}.tmp.gpg"
|
||||
echo -e "${message}" | gpg -u ${key_id} -o ${new_sig_filename} --detach-sig
|
||||
local res=$?
|
||||
if [ $res -ne 0 ]
|
||||
then
|
||||
echo "Failed to generate new signature!"
|
||||
exit $res
|
||||
fi
|
||||
|
||||
local combined_sig=`cat ${prev_sig_filename} ${new_sig_filename} | gpg --enarmor`
|
||||
res=$?
|
||||
if [ $res -ne 0 ]
|
||||
then
|
||||
echo "Failed to combine signatures!"
|
||||
exit $res
|
||||
fi
|
||||
|
||||
|
||||
# Delete temporary signature files
|
||||
rm ${prev_sig_filename} ${new_sig_filename}
|
||||
|
||||
echo -e "${message}\n${combined_sig}"
|
||||
|
||||
# Hash and write git object
|
||||
echo -e "${message}\n${combined_sig}" | git hash-object -t commit -w --stdin
|
||||
|
||||
return $?
|
||||
}
|
||||
|
||||
verify_sig ()
|
||||
{
|
||||
local keyring_path=$2
|
||||
local git_hash=$3
|
||||
|
||||
local message_filename=msg.${run_id}.tmp.txt
|
||||
git cat-file -p ${git_hash} | sed -n '/-----BEGIN PGP/,/-----END PGP/b;p' > ${message_filename}
|
||||
|
||||
local sig_filename=verify.sig.${run_id}.tmp.asc
|
||||
git cat-file -p ${git_hash} | sed -n '/-----BEGIN PGP/,/-----END PGP/p' | sed 's/gpgsig //g' > ${sig_filename}
|
||||
|
||||
gpgv2 --keyring ${keyring_path} ${sig_filename} ${message_filename}
|
||||
local res=$?
|
||||
|
||||
rm ${message_filename} ${sig_filename}
|
||||
exit $res
|
||||
}
|
||||
|
||||
|
||||
USAGE="Usage: $0 add {hash of commit to sign} {key to use}\nOR\n$0 verify {path to keyring} {commit hash}"
|
||||
|
||||
if [ $1 = "add" ]
|
||||
then
|
||||
add_sig $*
|
||||
exit $?
|
||||
elif [ $1 = "verify" ]
|
||||
then
|
||||
verify_sig $*
|
||||
exit $?
|
||||
else
|
||||
echo "$USAGE"
|
||||
exit 1
|
||||
fi
|
||||
Loading…
x
Reference in New Issue
Block a user