diff options
author | Guillem Jover <guillem@hadrons.org> | 2024-09-30 01:39:13 +0200 |
---|---|---|
committer | Timo Weingärtner <timo@tiwe.de> | 2024-10-24 10:55:14 +0200 |
commit | b29ad4a5696aa1cbf85b77ae64c99865e57d2d6b (patch) | |
tree | c56cdc1d288f1221170ef222b9becd1d0e5d9248 /plugins | |
parent | 31b9dc01eb871055de006a3fb94fdaea2059966a (diff) | |
download | openssh-known-hosts-b29ad4a5696aa1cbf85b77ae64c99865e57d2d6b.tar.gz |
Add sopv support
This is a subset of the Stateless OpenPGP CLI
<https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/>,
that can easily replace the GnuPG usage.
There are multiple implementations providing this interface.
Diffstat (limited to 'plugins')
-rwxr-xr-x | plugins/curl | 6 | ||||
-rwxr-xr-x | plugins/rsync | 6 |
2 files changed, 10 insertions, 2 deletions
diff --git a/plugins/curl b/plugins/curl index 29c0ace..3ae028c 100755 --- a/plugins/curl +++ b/plugins/curl @@ -14,7 +14,11 @@ set -e if [ "${SIGURL}" ]; then curl -fRz "./current" -m 300 ${CURL_OPTIONS} -o new.sig "${SIGURL}" -o new "${URL}" [ -e new ] || exit 0 - gpgv --keyring "${KEYRING}" --status-fd 2 new.sig new || exit 1 + if command -v sopv >/dev/null; then + sopv verify new.sig "${KEYRING}" <new || exit 1 + else + gpgv --keyring "${KEYRING}" --status-fd 2 new.sig new || exit 1 + fi # return 1 because it's not clear what other codes may be safe to # use that do not overlap with codes from curl. else diff --git a/plugins/rsync b/plugins/rsync index 6aec09c..1ee6831 100755 --- a/plugins/rsync +++ b/plugins/rsync @@ -15,7 +15,11 @@ rsync -vt --timeout=300 "${URL}" new if [ "${SIGURL}" ]; then rsync -vt --timeout=300 "${SIGURL}" new.sig - gpgv --keyring "${KEYRING}" --status-fd 2 new.sig new || exit 1 + if command -v sopv >/dev/null; then + sopv verify new.sig "${KEYRING}" <new || exit 1 + else + gpgv --keyring "${KEYRING}" --status-fd 2 new.sig new || exit 1 + fi # return 1 because it's not clear what other codes may be safe to # use that do not overlap with codes from rsync. fi |