Implement signature verification in update-profile script.
parent
edc7ba56f1
commit
c8f6b69615
GPG Key ID:
1573F6D8EFE4D0CF
|
|
@ -6,10 +6,41 @@ if [ ! -d ~/.local/profile-git ]; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
(
|
(
|
||||||
|
|
||||||
cd ~/.local/profile-git
|
cd ~/.local/profile-git
|
||||||
git pull
|
echo "Fetching updates for profile..."
|
||||||
|
git fetch
|
||||||
|
|
||||||
|
# Synchronizing valid GPG keys
|
||||||
|
export GNUPGHOME="$HOME/.local/profile-data/gnupg"
|
||||||
|
mkdir -p "${GNUPGHOME}"
|
||||||
|
gpg --fingerprint
|
||||||
|
gpg --recv-keys \
|
||||||
|
B5108C5A158A6608AD3361DA1573F6D8EFE4D0CF \
|
||||||
|
04ADEF85EA6AEC6F75941E84468BBEEBB9EC6AEA
|
||||||
|
|
||||||
|
echo "Validating updates..."
|
||||||
|
git rev-list --format=oneline origin..HEAD | while IFS= read -r line; do
|
||||||
|
sha="$(echo "$line" | awk '{print $1}')"
|
||||||
|
title="$(echo "$line" | cut -f 1 -d ' ' --complement)"
|
||||||
|
printf " … $title\r "
|
||||||
|
if ! git verify-commit "$sha" >/dev/null 2>&1; then
|
||||||
|
echo "✘"
|
||||||
|
echo "Found incorrectly signed commit, NOT applying. Contact the maintainer on the issue tracker."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
echo "✔"
|
||||||
|
done
|
||||||
|
|
||||||
|
echo "All commits passed, now applying updates..."
|
||||||
|
git rebase master
|
||||||
|
|
||||||
|
echo "Running package installation..."
|
||||||
cd packages
|
cd packages
|
||||||
./packages.sh
|
./packages.sh
|
||||||
|
|
||||||
|
echo "Running profile installation..."
|
||||||
cd ..
|
cd ..
|
||||||
./install.sh
|
./install.sh
|
||||||
|
|
||||||
)
|
)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue