From d7d00394ce02b8b2d4b6ffdda84d724e5a18b287 Mon Sep 17 00:00:00 2001
From: Florian Pritz <bluewind@xinu.at>
Date: Sun, 16 May 2021 11:02:02 +0200
Subject: masterkey.pl: Add validation commands

https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/wikis/best-practices#validating-a-key-pair
Signed-off-by: Florian Pritz <bluewind@xinu.at>
---
 masterkey.pl | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'masterkey.pl')

diff --git a/masterkey.pl b/masterkey.pl
index fe9b7d6..f3b18cf 100755
--- a/masterkey.pl
+++ b/masterkey.pl
@@ -100,6 +100,10 @@ on behalf of {$sender_name} ({$sender_key})
 			my $mail_body = $templates{$command}{'body'};
 			my $token = random_string('.' x 25);
 
+			if ($command eq 'verification') {
+				validate_key_parameters($id);
+			}
+
 			my $msg = build_email($command, $opts{from}, quotemeta($opts{'from-address'}), $id, $recipient_address_regex, $mail_subject, $mail_body, $token);
 
 			if ($command eq 'verification') {
@@ -170,6 +174,17 @@ fun gpg_get_user($key, $email_regex) {
 	return $user;
 }
 
+fun validate_key_parameters($key) {
+	system("sq-keyring-linter <(gpg --export '$key')");
+	system("gpg --export '$key' | hokey lint");
+
+	print "Are there validation errors in the output above or is anything else wrong with the key? (Y/n) ";
+	my $answer = <STDIN>;
+	chomp($answer);
+
+	die "Key has validation errors" unless $answer eq 'n' or $answer eq 'N';
+}
+
 fun build_email($command, $sender_key, $sender_address_regex, $recipient_key, $recipient_address_regex, $subject, $body, $token) {
 	# get from gpg keys
 	my ($sender_name, $sender_addr) = gpg_get_user($sender_key, $sender_address_regex)->@{qw(name email)};
-- 
cgit v1.2.3-24-g4f1b