emdee
/
base_role
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
base_role/overlay/Gentoo/usr/local/sbin/gentoo_check_manifest.bash

40 lines
1.5 KiB
Bash
Executable File
Raw Blame History

# This is recent - Pentoo not Funtoo
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
BASE_PORTDIR=/usr/portage
keyf=/usr/share/openpgp-keys/gentoo-release.asc
[ -f $keyf ] || exit 1
gpg2 --disable-dirmngr --list-keys --with-sig-check --keyring $keyf >/tmp/G$$.log # 2>&1 || exit 1
# gpg: 1 bad signature on Clipos
# gpg: 1 bad signature on Pentoo19
if grep 'bad signature' /tmp/G$$.log ; then
echo ERROR: bad signature /tmp/G$$.log # exit 2
# sig-3 BB572E0E2D182910 2009-08-25 Gentoo Linux Release Engineering (Automated Weekly Release Key) <releng@gentoo.org>
gpg2 --disable-dirmngr --batch --delete-key BB572E0E2D182910
fi
# numbers 1-3 for certificate check level (see --ask-cert-level)
grep '^sig-[0-9]' /tmp/G$$.log && { echo WARN: bad signature ; exit 3 ;}
# gpg: 104 signatures not checked due to missing keys
[ -f $BASE_PORTDIR/Manifest ] || exit 0
# on stderr!
gpg2 --verify --keyring $keyf $BASE_PORTDIR/Manifest >/tmp/K$$.log 2>&1 || exit 3
# DCD05B71EAB94199527F44ACDB6B8C1F96D8BF6D
# grep 'This key has expired' /tmp/K$$.log && exit 3
grep 'using RSA key' /tmp/K$$.log || exit 4
grep 'Primary key fingerprint:' /tmp/K$$.log | sed -e 's/.*: //' -e 's/ //g' > /tmp/K$$.key || exit 5
if route | grep -q ^default ; then
. /root/bin/tor.sh
wget -O /tmp/K$$.html https://www.gentoo.org/downloads/signatures/ || exit 0
grep "`cat /tmp/K$$.key`" /tmp/K$$.html || {
echo ERROR: failed 'Primary key fingerprint:' "`cat /tmp/K$$.key`"
exit 5
}
fi
exit 0
Reference in New Issue View Git Blame Copy Permalink