summaryrefslogtreecommitdiff
path: root/plugins
diff options
context:
space:
mode:
authorGuillem Jover <guillem@hadrons.org>2024-09-30 01:39:13 +0200
committerTimo Weingärtner <timo@tiwe.de>2024-10-24 10:55:14 +0200
commitb29ad4a5696aa1cbf85b77ae64c99865e57d2d6b (patch)
treec56cdc1d288f1221170ef222b9becd1d0e5d9248 /plugins
parent31b9dc01eb871055de006a3fb94fdaea2059966a (diff)
downloadopenssh-known-hosts-b29ad4a5696aa1cbf85b77ae64c99865e57d2d6b.tar.gz
Add sopv support
This is a subset of the Stateless OpenPGP CLI <https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/>, that can easily replace the GnuPG usage. There are multiple implementations providing this interface.
Diffstat (limited to 'plugins')
-rwxr-xr-xplugins/curl6
-rwxr-xr-xplugins/rsync6
2 files changed, 10 insertions, 2 deletions
diff --git a/plugins/curl b/plugins/curl
index 29c0ace..3ae028c 100755
--- a/plugins/curl
+++ b/plugins/curl
@@ -14,7 +14,11 @@ set -e
if [ "${SIGURL}" ]; then
curl -fRz "./current" -m 300 ${CURL_OPTIONS} -o new.sig "${SIGURL}" -o new "${URL}"
[ -e new ] || exit 0
- gpgv --keyring "${KEYRING}" --status-fd 2 new.sig new || exit 1
+ if command -v sopv >/dev/null; then
+ sopv verify new.sig "${KEYRING}" <new || exit 1
+ else
+ gpgv --keyring "${KEYRING}" --status-fd 2 new.sig new || exit 1
+ fi
# return 1 because it's not clear what other codes may be safe to
# use that do not overlap with codes from curl.
else
diff --git a/plugins/rsync b/plugins/rsync
index 6aec09c..1ee6831 100755
--- a/plugins/rsync
+++ b/plugins/rsync
@@ -15,7 +15,11 @@ rsync -vt --timeout=300 "${URL}" new
if [ "${SIGURL}" ]; then
rsync -vt --timeout=300 "${SIGURL}" new.sig
- gpgv --keyring "${KEYRING}" --status-fd 2 new.sig new || exit 1
+ if command -v sopv >/dev/null; then
+ sopv verify new.sig "${KEYRING}" <new || exit 1
+ else
+ gpgv --keyring "${KEYRING}" --status-fd 2 new.sig new || exit 1
+ fi
# return 1 because it's not clear what other codes may be safe to
# use that do not overlap with codes from rsync.
fi