summaryrefslogtreecommitdiff
path: root/plugins
diff options
context:
space:
mode:
authorTimo Weingärtner <timo@tiwe.de>2024-10-24 11:18:07 +0200
committerTimo Weingärtner <timo@tiwe.de>2024-10-24 11:18:07 +0200
commit43718b8be48640580bf9cc0d57e98b8f5d166998 (patch)
tree9640cb9d37e96be95e9ac2420b8c7b69c41be61d /plugins
parent86ff9a1cd6428d469d1015a8b7b781501eb0ad49 (diff)
parentda301a83b9bf37988bcb4b3029ee2dcd85983995 (diff)
downloadopenssh-known-hosts-43718b8be48640580bf9cc0d57e98b8f5d166998.tar.gz
Merge tag '0.6.3' into debian
release 0.6.3
Diffstat (limited to 'plugins')
-rwxr-xr-xplugins/curl13
-rwxr-xr-xplugins/psql2
-rwxr-xr-xplugins/rsync13
3 files changed, 19 insertions, 9 deletions
diff --git a/plugins/curl b/plugins/curl
index 9c47601..3ae028c 100755
--- a/plugins/curl
+++ b/plugins/curl
@@ -5,8 +5,8 @@
# ENVIRONMENT VARIABLES:
# URL URL to download known_hosts file from
# CURL_OPTIONS options passed to curl
-# SIGURL URL of the GnuPG signature
-# KEYRING path to the keyring for use by gpgv
+# SIGURL URL of the OpenPGP signature
+# KEYRING path to the OpenPGP keyring with certificates
#
set -e
@@ -14,8 +14,13 @@ set -e
if [ "${SIGURL}" ]; then
curl -fRz "./current" -m 300 ${CURL_OPTIONS} -o new.sig "${SIGURL}" -o new "${URL}"
[ -e new ] || exit 0
- gpgv --keyring "${KEYRING}" --status-fd 2 new.sig || exit 1
- # return 1 because it's not clear what other codes may used
+ if command -v sopv >/dev/null; then
+ sopv verify new.sig "${KEYRING}" <new || exit 1
+ else
+ gpgv --keyring "${KEYRING}" --status-fd 2 new.sig new || exit 1
+ fi
+ # return 1 because it's not clear what other codes may be safe to
+ # use that do not overlap with codes from curl.
else
curl -fRz "./current" -m 300 ${CURL_OPTIONS} -o new "${URL}"
fi
diff --git a/plugins/psql b/plugins/psql
index a7c0a72..2e194f6 100755
--- a/plugins/psql
+++ b/plugins/psql
@@ -4,7 +4,7 @@
#
# uses psql to download a TABLE (or VIEW) of the form:
# CREATE TABLE known_hosts (
-# namelist text, # comma seperated
+# namelist text, # comma separated
# type text,
# key text
# );
diff --git a/plugins/rsync b/plugins/rsync
index 1a57660..1ee6831 100755
--- a/plugins/rsync
+++ b/plugins/rsync
@@ -4,8 +4,8 @@
#
# ENVIRONMENT VARIABLES:
# URL URL to download known_hosts file from
-# SIGURL URL of the GnuPG signature
-# KEYRING path to the keyring for use by gpgv
+# SIGURL URL of the OpenPGP signature
+# KEYRING path to the OpenPGP keyring with certificates
#
set -e
@@ -15,8 +15,13 @@ rsync -vt --timeout=300 "${URL}" new
if [ "${SIGURL}" ]; then
rsync -vt --timeout=300 "${SIGURL}" new.sig
- gpgv --keyring "${KEYRING}" --status-fd 2 new.sig || exit 1
- # return 1 because it's not clear what other codes may used
+ if command -v sopv >/dev/null; then
+ sopv verify new.sig "${KEYRING}" <new || exit 1
+ else
+ gpgv --keyring "${KEYRING}" --status-fd 2 new.sig new || exit 1
+ fi
+ # return 1 because it's not clear what other codes may be safe to
+ # use that do not overlap with codes from rsync.
fi
# vim:set ft=sh: