diff options
| author | Timo Weingärtner <timo@tiwe.de> | 2024-10-24 11:18:07 +0200 |
|---|---|---|
| committer | Timo Weingärtner <timo@tiwe.de> | 2024-10-24 11:18:07 +0200 |
| commit | 43718b8be48640580bf9cc0d57e98b8f5d166998 (patch) | |
| tree | 9640cb9d37e96be95e9ac2420b8c7b69c41be61d /plugins/curl | |
| parent | 86ff9a1cd6428d469d1015a8b7b781501eb0ad49 (diff) | |
| parent | da301a83b9bf37988bcb4b3029ee2dcd85983995 (diff) | |
| download | openssh-known-hosts-43718b8be48640580bf9cc0d57e98b8f5d166998.tar.gz | |
Merge tag '0.6.3' into debian
release 0.6.3
Diffstat (limited to 'plugins/curl')
| -rwxr-xr-x | plugins/curl | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/plugins/curl b/plugins/curl index 9c47601..3ae028c 100755 --- a/plugins/curl +++ b/plugins/curl @@ -5,8 +5,8 @@ # ENVIRONMENT VARIABLES: # URL URL to download known_hosts file from # CURL_OPTIONS options passed to curl -# SIGURL URL of the GnuPG signature -# KEYRING path to the keyring for use by gpgv +# SIGURL URL of the OpenPGP signature +# KEYRING path to the OpenPGP keyring with certificates # set -e @@ -14,8 +14,13 @@ set -e if [ "${SIGURL}" ]; then curl -fRz "./current" -m 300 ${CURL_OPTIONS} -o new.sig "${SIGURL}" -o new "${URL}" [ -e new ] || exit 0 - gpgv --keyring "${KEYRING}" --status-fd 2 new.sig || exit 1 - # return 1 because it's not clear what other codes may used + if command -v sopv >/dev/null; then + sopv verify new.sig "${KEYRING}" <new || exit 1 + else + gpgv --keyring "${KEYRING}" --status-fd 2 new.sig new || exit 1 + fi + # return 1 because it's not clear what other codes may be safe to + # use that do not overlap with codes from curl. else curl -fRz "./current" -m 300 ${CURL_OPTIONS} -o new "${URL}" fi |