mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2024-09-27 20:29:01 +00:00
Ensure GPG key is trusted. See #340
This commit is contained in:
parent
0e9fe51b50
commit
6b4bd69dbc
@ -48,4 +48,10 @@ test_expect_success 'Testing tomb with GnuPG keys and shared tomb' '
|
|||||||
tt_close
|
tt_close
|
||||||
'
|
'
|
||||||
|
|
||||||
|
test_export "untrusted"
|
||||||
|
test_expect_success 'Testing tomb creation with untrusted GnuPG keys' '
|
||||||
|
tt_dig -s 20 &&
|
||||||
|
test_must_fail tt_forge -g -r $KEY_UNTRUSTED
|
||||||
|
'
|
||||||
|
|
||||||
test_done
|
test_done
|
||||||
|
8
tomb
8
tomb
@ -953,16 +953,22 @@ _ensure_dependencies() {
|
|||||||
is_valid_recipients() {
|
is_valid_recipients() {
|
||||||
typeset -a recipients
|
typeset -a recipients
|
||||||
recipients=($@)
|
recipients=($@)
|
||||||
|
trusted=(m f u w s)
|
||||||
|
|
||||||
_verbose "is_valid_recipients"
|
_verbose "is_valid_recipients"
|
||||||
|
|
||||||
# All the keys ID must be valid (the public keys must be present in the database)
|
# All the keys ID must be valid (the public keys must be present in the database)
|
||||||
for gpg_id in ${recipients[@]}; do
|
for gpg_id in ${recipients[@]}; do
|
||||||
gpg --with-colons --batch --list-keys "$gpg_id" &> /dev/null
|
trust="$(gpg --with-colons --batch --list-keys "$gpg_id" 2> /dev/null |
|
||||||
|
awk 'BEGIN { FS=":" } /^pub/ { print $2; exit}')"
|
||||||
[[ $? != 0 ]] && {
|
[[ $? != 0 ]] && {
|
||||||
_warning "Not a valid GPG key ID: ::1 gpgid:: " $gpg_id
|
_warning "Not a valid GPG key ID: ::1 gpgid:: " $gpg_id
|
||||||
return 1
|
return 1
|
||||||
}
|
}
|
||||||
|
[[ ${trusted[(r)$trust]} != $trust ]] && {
|
||||||
|
_warning "The key ::1 gpgid:: is not trusted enough" $gpg_id
|
||||||
|
return 1
|
||||||
|
}
|
||||||
done
|
done
|
||||||
|
|
||||||
# At least one private key must be present
|
# At least one private key must be present
|
||||||
|
Loading…
Reference in New Issue
Block a user