diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2012-10-13 04:25:52 -0400 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2012-10-13 04:25:52 -0400 |
| commit | 7f279c1cc8ce27966ba741bc4da0c2b9eb84ed9d (patch) | |
| tree | e701903ac6401bd67684e98236911672cf2bdb6c | |
| parent | Grsec/PaX: 2.9.1-{2.6.32.60,3.2.31,3.6.1}-201210111929 (diff) | |
| download | hardened-patchset-7f279c1cc8ce27966ba741bc4da0c2b9eb84ed9d.tar.gz hardened-patchset-7f279c1cc8ce27966ba741bc4da0c2b9eb84ed9d.tar.bz2 hardened-patchset-7f279c1cc8ce27966ba741bc4da0c2b9eb84ed9d.zip | |
scripts/just_fetch.pl: add gpg verification
| -rwxr-xr-x | scripts/just_fetch.pl | 62 |
1 files changed, 53 insertions, 9 deletions
diff --git a/scripts/just_fetch.pl b/scripts/just_fetch.pl index 370be36..3e37e4b 100755 --- a/scripts/just_fetch.pl +++ b/scripts/just_fetch.pl @@ -11,10 +11,16 @@ my @upstream_url = ) ; my $file_pattern = "grsecurity-"; -my @allowed_suffixes = ( ".patch", ".patch.sig" ) ; + +my @gpg_suffixes = ( ".patch.sig" ) ; +my @allowed_suffixes = ( ".patch" ) ; +push( @allowed_suffixes, @gpg_suffixes ) ; my %currently_available = () ; +my $GPG = "/usr/bin/gpg" ; +my $RM = "/bin/rm"; + sub sane { @@ -61,7 +67,7 @@ sub get_currently_available sub download_newly_available { - my $downloads = "" ; + my @downloads = () ; foreach my $file_name ( sort keys %currently_available ) { @@ -71,7 +77,7 @@ sub download_newly_available if ( getstore( $file_url, $file_name ) ) { print "OK\n" ; - $downloads .= "\t$file_name\n" ; + push(@downloads,$file_name); } else { @@ -79,18 +85,21 @@ sub download_newly_available } } - return $downloads ; + return @downloads ; } sub print_successful_downloads { - my ( $downloads ) = @_ ; + my @downloads = @_ ; - if( $downloads ne "" ) + if( $#downloads >= 0 ) { print "\n\nSuccessfully downloaded files from upstream:\n\n" ; - print $downloads ; + foreach( @downloads ) + { + print "\t". $_ . "\n" ; + } print "\n\n" ; } else @@ -100,13 +109,48 @@ sub print_successful_downloads } } +sub test_gpg_sigs +{ + my @downloads = @_ ; + + print "\n\nTesting gpg sigs ...\n\n" ; + foreach my $d ( @downloads ) + { + foreach my $s ( @gpg_suffixes ) + { + if( $d =~ /$s$/) + { + system("$GPG --verify $d >/dev/null 2>&1") ; + my $err = $? >> 8 ; + if( $err != 0 ) + { + if( $err == 1 ) + { + print "\tBAD signiture for $d\n" ; + } + else + { + print "\tUNKNOWN error for $d: $err\n" ; + } + } + else + { + print "\tGOOD signiture for $d\n" ; + system("$RM -f $d"); + } + } + } + } +} + sub main { get_currently_available() ; - my $downloads = download_newly_available() ; + my @downloads = download_newly_available() ; - print_successful_downloads( $downloads ) ; + print_successful_downloads( @downloads ) ; + test_gpg_sigs( @downloads ) ; } main() ; |