diff options
Diffstat (limited to 'plugins')
| -rwxr-xr-x | plugins/curl | 13 | ||||
| -rwxr-xr-x | plugins/psql | 2 | ||||
| -rwxr-xr-x | plugins/rsync | 13 |
3 files changed, 19 insertions, 9 deletions
diff --git a/plugins/curl b/plugins/curl index 9c47601..3ae028c 100755 --- a/plugins/curl +++ b/plugins/curl @@ -5,8 +5,8 @@ # ENVIRONMENT VARIABLES: # URL URL to download known_hosts file from # CURL_OPTIONS options passed to curl -# SIGURL URL of the GnuPG signature -# KEYRING path to the keyring for use by gpgv +# SIGURL URL of the OpenPGP signature +# KEYRING path to the OpenPGP keyring with certificates # set -e @@ -14,8 +14,13 @@ set -e if [ "${SIGURL}" ]; then curl -fRz "./current" -m 300 ${CURL_OPTIONS} -o new.sig "${SIGURL}" -o new "${URL}" [ -e new ] || exit 0 - gpgv --keyring "${KEYRING}" --status-fd 2 new.sig || exit 1 - # return 1 because it's not clear what other codes may used + if command -v sopv >/dev/null; then + sopv verify new.sig "${KEYRING}" <new || exit 1 + else + gpgv --keyring "${KEYRING}" --status-fd 2 new.sig new || exit 1 + fi + # return 1 because it's not clear what other codes may be safe to + # use that do not overlap with codes from curl. else curl -fRz "./current" -m 300 ${CURL_OPTIONS} -o new "${URL}" fi diff --git a/plugins/psql b/plugins/psql index a7c0a72..2e194f6 100755 --- a/plugins/psql +++ b/plugins/psql @@ -4,7 +4,7 @@ # # uses psql to download a TABLE (or VIEW) of the form: # CREATE TABLE known_hosts ( -# namelist text, # comma seperated +# namelist text, # comma separated # type text, # key text # ); diff --git a/plugins/rsync b/plugins/rsync index 1a57660..1ee6831 100755 --- a/plugins/rsync +++ b/plugins/rsync @@ -4,8 +4,8 @@ # # ENVIRONMENT VARIABLES: # URL URL to download known_hosts file from -# SIGURL URL of the GnuPG signature -# KEYRING path to the keyring for use by gpgv +# SIGURL URL of the OpenPGP signature +# KEYRING path to the OpenPGP keyring with certificates # set -e @@ -15,8 +15,13 @@ rsync -vt --timeout=300 "${URL}" new if [ "${SIGURL}" ]; then rsync -vt --timeout=300 "${SIGURL}" new.sig - gpgv --keyring "${KEYRING}" --status-fd 2 new.sig || exit 1 - # return 1 because it's not clear what other codes may used + if command -v sopv >/dev/null; then + sopv verify new.sig "${KEYRING}" <new || exit 1 + else + gpgv --keyring "${KEYRING}" --status-fd 2 new.sig new || exit 1 + fi + # return 1 because it's not clear what other codes may be safe to + # use that do not overlap with codes from rsync. fi # vim:set ft=sh: |