diff options
| author | agc <agc> | 2015-01-30 18:55:01 +0000 |
|---|---|---|
| committer | agc <agc> | 2015-01-30 18:55:01 +0000 |
| commit | f26e0db16d8e978a688187188732f34d643fb8a9 (patch) | |
| tree | 7a5d77aa006338c3f553f5e588c74a3aeb0febf4 /security | |
| parent | 3fef5d54d8c059ae6283f04ad038766b3515dd8d (diff) | |
| download | pkgsrc-f26e0db16d8e978a688187188732f34d643fb8a9.tar.gz | |
Missed file in previous - sync with reality...
Diffstat (limited to 'security')
| -rwxr-xr-x | security/netpgpverify/files/chk.sh | 22 |
1 files changed, 9 insertions, 13 deletions
diff --git a/security/netpgpverify/files/chk.sh b/security/netpgpverify/files/chk.sh index 8af99f1a360..cdd2aed566e 100755 --- a/security/netpgpverify/files/chk.sh +++ b/security/netpgpverify/files/chk.sh @@ -1,8 +1,8 @@ #! /bin/sh -# $NetBSD: chk.sh,v 1.1 2014/02/04 02:11:18 agc Exp $ +# $NetBSD: chk.sh,v 1.2 2015/01/30 18:55:01 agc Exp $ -# Copyright (c) 2013,2014 Alistair Crooks <agc@NetBSD.org> +# Copyright (c) 2013,2014,2015 Alistair Crooks <agc@NetBSD.org> # All rights reserved. # # Redistribution and use in source and binary forms, with or without @@ -34,12 +34,10 @@ die() { os=EdgeBSD osrev=6 arch=amd64 -pkgsrc=pkgsrc-2013Q2 -keyring="" +pkgsrc=pkgsrc-2013Q1 while [ $# -gt 0 ]; do case "$1" in --arch|-a) arch=$2; shift ;; - --keyring|-k) keyring=$2; shift ;; --os|-o) os=$2; shift ;; --pkgsrc) pkgsrc=$2; shift ;; -v) set -x ;; @@ -48,12 +46,8 @@ while [ $# -gt 0 ]; do shift done -case "${keyring}" in -"") keyring=$HOME/.gnupg/pubring.gpg ;; -esac - #fetch file -repo=ftp://ftp.edgebsd.org/pub/pkgsrc/packages/${os}/${arch}/${os}-${osrev}/${pkgsrc}/All/ +repo=ftp://ftp.edgebsd.org/pub/pkgsrc/packages/${os}/${os}-${osrev}/${arch}/${pkgsrc}/All/ if [ ! -f $1 ]; then case "${repo}" in @@ -98,9 +92,10 @@ printf "end pkgsrc signature\n" >> ${dir}/calc diff ${dir}/+PKG_HASH ${dir}/calc || die "Bad hashes generated" # use netpgpverify to verify the signature -if [ -x /usr/pkg/bin/netpgpverify ]; then +if [ -x /usr/bin/netpgpverify -o -x /usr/pkg/bin/netpgpverify ]; then + echo "=== Using netpgpverify to verify the package signature ===" # check the signature in +PKG_GPG_SIGNATURE - cp ${keyring} ${dir}/pubring.gpg + cp ${here}/pubring.pub ${dir}/pubring.gpg # calculate the sig file we want to verify echo "-----BEGIN PGP SIGNED MESSAGE-----" > ${dir}/${name}.sig echo "Hash: ${digest}" >> ${dir}/${name}.sig @@ -108,7 +103,8 @@ if [ -x /usr/pkg/bin/netpgpverify ]; then cat ${dir}/+PKG_HASH ${dir}/+PKG_GPG_SIGNATURE >> ${dir}/${name}.sig (cd ${dir} && netpgpverify -k pubring.gpg ${name}.sig) || die "Bad signature" else - gpg --recv 0x6F3AF5E2 + echo "=== Using gpg to verify the package signature ===" + gpg --recv --keyserver pgp.mit.edu 0x6F3AF5E2 (cd ${dir} && gpg --verify --homedir=${dir} ./+PKG_GPG_SIGNATURE ./+PKG_HASH) || die "Bad signature" fi echo "Signatures match on ${name} package" |