Handle armor and raw sigs. Guard pledge/unveil with build guards.
This commit is contained in:
parent
3dd0109398
commit
afe281b4e5
39
main.go
39
main.go
|
@ -5,20 +5,19 @@ import (
|
|||
"fmt"
|
||||
"io"
|
||||
"os"
|
||||
"strings"
|
||||
|
||||
"golang.org/x/crypto/openpgp"
|
||||
"golang.org/x/sys/unix"
|
||||
)
|
||||
|
||||
func verify(pubKey, file, sig io.Reader) (*openpgp.Entity, error) {
|
||||
kr, err := openpgp.ReadArmoredKeyRing(pubKey)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
func verifyArmored(kr openpgp.KeyRing, file, sig io.Reader) (*openpgp.Entity, error) {
|
||||
return openpgp.CheckArmoredDetachedSignature(kr, file, sig)
|
||||
}
|
||||
|
||||
func verify(kr openpgp.KeyRing, file, sig io.Reader) (*openpgp.Entity, error) {
|
||||
return openpgp.CheckDetachedSignature(kr, file, sig)
|
||||
}
|
||||
|
||||
func open(path string) io.Reader {
|
||||
f, err := os.Open(path)
|
||||
if err != nil {
|
||||
|
@ -35,14 +34,28 @@ func main() {
|
|||
flag.StringVar(&pub, "pub", "", "path to pub file")
|
||||
flag.Parse()
|
||||
|
||||
unix.PledgePromises("stdio tty unveil rpath")
|
||||
pledge("stdio tty unveil rpath")
|
||||
|
||||
unix.Unveil(sig, "r")
|
||||
unix.Unveil(file, "r")
|
||||
unix.Unveil(pub, "r")
|
||||
unix.UnveilBlock()
|
||||
unveil(sig, "r")
|
||||
unveil(file, "r")
|
||||
unveil(pub, "r")
|
||||
unveilBlock()
|
||||
|
||||
kr, err := openpgp.ReadArmoredKeyRing(open(pub))
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
var ent *openpgp.Entity
|
||||
|
||||
switch {
|
||||
case strings.HasSuffix(sig, ".sig"):
|
||||
ent, err = verify(kr, open(file), open(sig))
|
||||
case strings.HasSuffix(sig, ".asc"):
|
||||
ent, err = verifyArmored(kr, open(file), open(sig))
|
||||
}
|
||||
|
||||
ent, err := verify(open(pub), open(file), open(sig))
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
os.Exit(1)
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
//+build !openbsd
|
||||
|
||||
package main
|
||||
|
||||
func pledge(promises string) {}
|
||||
func unveil(path string, flags string) {}
|
||||
func unveilBlock() {}
|
|
@ -0,0 +1,28 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"log"
|
||||
|
||||
"golang.org/x/sys/unix"
|
||||
)
|
||||
|
||||
func pledge(promises string) {
|
||||
err := unix.PledgePromises(promises)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
}
|
||||
|
||||
func unveil(path string, flags string) {
|
||||
err := unix.Unveil(path, flags)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
}
|
||||
|
||||
func unveilBlock() {
|
||||
err := unix.UnveilBlock()
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue