summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFlorian Pritz <bluewind@xinu.at>2021-05-16 11:02:02 +0200
committerFlorian Pritz <bluewind@xinu.at>2021-05-16 11:02:09 +0200
commitd7d00394ce02b8b2d4b6ffdda84d724e5a18b287 (patch)
treed93719e79aec6d64f11bfe84370ea69ebf67b9ca
parentdc486d6710ae5ae4bccd913eeb75c67694c7da4e (diff)
downloadbin-d7d00394ce02b8b2d4b6ffdda84d724e5a18b287.tar.gz
bin-d7d00394ce02b8b2d4b6ffdda84d724e5a18b287.tar.xz
masterkey.pl: Add validation commands
https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/wikis/best-practices#validating-a-key-pair Signed-off-by: Florian Pritz <bluewind@xinu.at>
-rwxr-xr-xmasterkey.pl15
1 files changed, 15 insertions, 0 deletions
diff --git a/masterkey.pl b/masterkey.pl
index fe9b7d6..f3b18cf 100755
--- a/masterkey.pl
+++ b/masterkey.pl
@@ -100,6 +100,10 @@ on behalf of {$sender_name} ({$sender_key})
my $mail_body = $templates{$command}{'body'};
my $token = random_string('.' x 25);
+ if ($command eq 'verification') {
+ validate_key_parameters($id);
+ }
+
my $msg = build_email($command, $opts{from}, quotemeta($opts{'from-address'}), $id, $recipient_address_regex, $mail_subject, $mail_body, $token);
if ($command eq 'verification') {
@@ -170,6 +174,17 @@ fun gpg_get_user($key, $email_regex) {
return $user;
}
+fun validate_key_parameters($key) {
+ system("sq-keyring-linter <(gpg --export '$key')");
+ system("gpg --export '$key' | hokey lint");
+
+ print "Are there validation errors in the output above or is anything else wrong with the key? (Y/n) ";
+ my $answer = <STDIN>;
+ chomp($answer);
+
+ die "Key has validation errors" unless $answer eq 'n' or $answer eq 'N';
+}
+
fun build_email($command, $sender_key, $sender_address_regex, $recipient_key, $recipient_address_regex, $subject, $body, $token) {
# get from gpg keys
my ($sender_name, $sender_addr) = gpg_get_user($sender_key, $sender_address_regex)->@{qw(name email)};