From d7d00394ce02b8b2d4b6ffdda84d724e5a18b287 Mon Sep 17 00:00:00 2001 From: Florian Pritz Date: Sun, 16 May 2021 11:02:02 +0200 Subject: masterkey.pl: Add validation commands https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/wikis/best-practices#validating-a-key-pair Signed-off-by: Florian Pritz --- masterkey.pl | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/masterkey.pl b/masterkey.pl index fe9b7d6..f3b18cf 100755 --- a/masterkey.pl +++ b/masterkey.pl @@ -100,6 +100,10 @@ on behalf of {$sender_name} ({$sender_key}) my $mail_body = $templates{$command}{'body'}; my $token = random_string('.' x 25); + if ($command eq 'verification') { + validate_key_parameters($id); + } + my $msg = build_email($command, $opts{from}, quotemeta($opts{'from-address'}), $id, $recipient_address_regex, $mail_subject, $mail_body, $token); if ($command eq 'verification') { @@ -170,6 +174,17 @@ fun gpg_get_user($key, $email_regex) { return $user; } +fun validate_key_parameters($key) { + system("sq-keyring-linter <(gpg --export '$key')"); + system("gpg --export '$key' | hokey lint"); + + print "Are there validation errors in the output above or is anything else wrong with the key? (Y/n) "; + my $answer = ; + chomp($answer); + + die "Key has validation errors" unless $answer eq 'n' or $answer eq 'N'; +} + fun build_email($command, $sender_key, $sender_address_regex, $recipient_key, $recipient_address_regex, $subject, $body, $token) { # get from gpg keys my ($sender_name, $sender_addr) = gpg_get_user($sender_key, $sender_address_regex)->@{qw(name email)}; -- cgit v1.2.3-24-g4f1b