mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2024-11-25 14:17:41 +00:00
Merge pull request #353 from roddhjav/master
Ensure the gpg key is trusted.
This commit is contained in:
commit
1a93481480
@ -48,4 +48,10 @@ test_expect_success 'Testing tomb with GnuPG keys and shared tomb' '
|
|||||||
tt_close
|
tt_close
|
||||||
'
|
'
|
||||||
|
|
||||||
|
test_export "untrusted"
|
||||||
|
test_expect_success 'Testing tomb creation with untrusted GnuPG keys' '
|
||||||
|
tt_dig -s 20 &&
|
||||||
|
test_must_fail tt_forge -g -r $KEY_UNTRUSTED
|
||||||
|
'
|
||||||
|
|
||||||
test_done
|
test_done
|
||||||
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -67,6 +67,7 @@ export KEY1="A4857CD176B31435F9709D25F0E573B8289439CD"
|
|||||||
export KEY2="0B2235E660753AB0475FB3E23DC836481F44B31E"
|
export KEY2="0B2235E660753AB0475FB3E23DC836481F44B31E"
|
||||||
export SUBKEY1="D89BE71A935779961C130E50D9D7ACED39D3991C!"
|
export SUBKEY1="D89BE71A935779961C130E50D9D7ACED39D3991C!"
|
||||||
export SUBKEY2="843077BF7FD4A9C7BBFC3A69F065568B4F7D6CA9!"
|
export SUBKEY2="843077BF7FD4A9C7BBFC3A69F065568B4F7D6CA9!"
|
||||||
|
export KEY_UNTRUSTED="E6195F61F5EBA81FE4B1565AAC844B92004240CD"
|
||||||
|
|
||||||
chmod 700 "$GNUPGHOME"
|
chmod 700 "$GNUPGHOME"
|
||||||
|
|
||||||
|
8
tomb
8
tomb
@ -953,16 +953,22 @@ _ensure_dependencies() {
|
|||||||
is_valid_recipients() {
|
is_valid_recipients() {
|
||||||
typeset -a recipients
|
typeset -a recipients
|
||||||
recipients=($@)
|
recipients=($@)
|
||||||
|
trusted=(m f u w s)
|
||||||
|
|
||||||
_verbose "is_valid_recipients"
|
_verbose "is_valid_recipients"
|
||||||
|
|
||||||
# All the keys ID must be valid (the public keys must be present in the database)
|
# All the keys ID must be valid (the public keys must be present in the database)
|
||||||
for gpg_id in ${recipients[@]}; do
|
for gpg_id in ${recipients[@]}; do
|
||||||
gpg --with-colons --batch --list-keys "$gpg_id" &> /dev/null
|
trust="$(gpg --with-colons --batch --list-keys "$gpg_id" 2> /dev/null |
|
||||||
|
awk 'BEGIN { FS=":" } /^pub/ { print $2; exit}')"
|
||||||
[[ $? != 0 ]] && {
|
[[ $? != 0 ]] && {
|
||||||
_warning "Not a valid GPG key ID: ::1 gpgid:: " $gpg_id
|
_warning "Not a valid GPG key ID: ::1 gpgid:: " $gpg_id
|
||||||
return 1
|
return 1
|
||||||
}
|
}
|
||||||
|
[[ ${trusted[(r)$trust]} != $trust ]] && {
|
||||||
|
_warning "The key ::1 gpgid:: is not trusted enough" $gpg_id
|
||||||
|
return 1
|
||||||
|
}
|
||||||
done
|
done
|
||||||
|
|
||||||
# At least one private key must be present
|
# At least one private key must be present
|
||||||
|
Loading…
Reference in New Issue
Block a user