Llewellyn/Tomb
1
0
Fork 0
mirror of https://github.com/Llewellynvdm/Tomb.git synced 2024-11-22 12:35:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #353 from roddhjav/master

Browse Source 
Ensure the gpg key is trusted.
This commit is contained in:
Jaromil 2019-06-28 09:12:28 +02:00 committed by GitHub
commit 1a93481480
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
extras/test/20_recipients.sh
View File

@ -48,4 +48,10 @@ test_expect_success 'Testing tomb with GnuPG keys and shared tomb' '
tt_close tt_close
' '
test_export "untrusted"
test_expect_success 'Testing tomb creation with untrusted GnuPG keys' '
tt_dig -s 20 &&
test_must_fail tt_forge -g -r $KEY_UNTRUSTED
'
test_done test_done

BIN
extras/test/gnupg/private-keys-v1.d/072F571EEF62D50039BD0ADE5D7BBCD2BCE6D82E.key Normal file
View File

Binary file not shown.

BIN
extras/test/gnupg/private-keys-v1.d/116B5302CA58AD75CDFFCD421870E66CDB13FE8A.key Normal file
View File

Binary file not shown.

BIN
extras/test/gnupg/private-keys-v1.d/20A0287823F73C780E326F45E44CA9132F0EE154.key Normal file
View File

Binary file not shown.

BIN
extras/test/gnupg/private-keys-v1.d/C3783BFBB0C0935A0EA020CC8A2991C0B294FB76.key Normal file
View File

Binary file not shown.

BIN
extras/test/gnupg/private-keys-v1.d/EB03B55FA102233176E47F9D5C1BC2AE424B686F.key Normal file
View File

Binary file not shown.

BIN
extras/test/gnupg/private-keys-v1.d/EB2C102DDE4A5253F1BA77EED834D27359CF735B.key Normal file
View File

Binary file not shown.

BIN
extras/test/gnupg/pubring.gpg
View File

Binary file not shown.

BIN
extras/test/gnupg/secring.gpg
View File

Binary file not shown.

BIN
extras/test/gnupg/trustdb.gpg
View File

Binary file not shown.

1
extras/test/setup
View File

@ -67,6 +67,7 @@ export KEY1="A4857CD176B31435F9709D25F0E573B8289439CD"
export KEY2="0B2235E660753AB0475FB3E23DC836481F44B31E" export KEY2="0B2235E660753AB0475FB3E23DC836481F44B31E"
export SUBKEY1="D89BE71A935779961C130E50D9D7ACED39D3991C!" export SUBKEY1="D89BE71A935779961C130E50D9D7ACED39D3991C!"
export SUBKEY2="843077BF7FD4A9C7BBFC3A69F065568B4F7D6CA9!" export SUBKEY2="843077BF7FD4A9C7BBFC3A69F065568B4F7D6CA9!"
export KEY_UNTRUSTED="E6195F61F5EBA81FE4B1565AAC844B92004240CD"
chmod 700 "$GNUPGHOME" chmod 700 "$GNUPGHOME"

8
tomb
View File

@ -953,16 +953,22 @@ _ensure_dependencies() {
is_valid_recipients() { is_valid_recipients() {
typeset -a recipients typeset -a recipients
recipients=($@) recipients=($@)
trusted=(m f u w s)
_verbose "is_valid_recipients" _verbose "is_valid_recipients"
# All the keys ID must be valid (the public keys must be present in the database) # All the keys ID must be valid (the public keys must be present in the database)
for gpg_id in ${recipients[@]}; do for gpg_id in ${recipients[@]}; do
gpg --with-colons --batch --list-keys "$gpg_id" &> /dev/null trust="$(gpg --with-colons --batch --list-keys "$gpg_id" 2> /dev/null |
awk 'BEGIN { FS=":" } /^pub/ { print $2; exit}')"
[[ $? != 0 ]] && { [[ $? != 0 ]] && {
_warning "Not a valid GPG key ID: ::1 gpgid:: " $gpg_id _warning "Not a valid GPG key ID: ::1 gpgid:: " $gpg_id
return 1 return 1
} }
[[ ${trusted[(r)$trust]} != $trust ]] && {
_warning "The key ::1 gpgid:: is not trusted enough" $gpg_id
return 1
}
done done
# At least one private key must be present # At least one private key must be present