[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gnu-arch-users] Re: Archive signing mini-howto
From: |
Daniel Schoemer |
Subject: |
[Gnu-arch-users] Re: Archive signing mini-howto |
Date: |
Tue, 28 Sep 2004 10:05:21 +0200 |
User-agent: |
slrn/0.9.8.0 (Linux) |
James Blackwell wrote:
>
> I'm working on a minihowto dealing with signing archives. I'd like to
> include a safer script that the one I've been handing out; one that is
> smart enough to handle multiple archives:
>
> However, that would require a slight change to the signature code --
> namely, that =default.check be called with an argument, which would be the
> archive name.
>
> [...]
>
> This, on the other hand, sets up default keyrings by default. This
> encourages people to actually use signed archives properly. Then, they can
> add keys to each keyring (which is automatically created by gnupg) as they
> need.
Sounds great.
I've slightly modified your =default.check. It is now compatible to sh
(`..` instead of $(..)) and it can be used even if called without an
argument so it can be used right now. In this case, gpg uses the
default keyring.
,-- ~/.arch-params/signing/=default.check
#!/bin/sh
tmp=`mktemp /tmp/tla-gpgoutputXXXXXX`
G_OPTS1="--batch --verify"
test -n "$1" && G_OPTS2="--no-default-keyring --keyring $1.gpg"
if ! gpg --batch $G_OPTS1 $G_OPTS2 1>"$tmp" 2>&1; then
cat "$tmp"
rm -f "$tmp"
exit 1
fi
rm -f "$tmp"
`----
Daniel Schoemer