40 lines
1.5 KiB
Bash
40 lines
1.5 KiB
Bash
|
# This is recent - Pentoo not Funtoo
|
||
|
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||
|
|
||
|
BASE_PORTDIR=/usr/portage
|
||
|
|
||
|
keyf=/usr/share/openpgp-keys/gentoo-release.asc
|
||
|
[ -f $keyf ] || exit 1
|
||
|
|
||
|
gpg2 --disable-dirmngr --list-keys --with-sig-check --keyring $keyf >/tmp/G$$.log # 2>&1 || exit 1
|
||
|
# gpg: 1 bad signature on Clipos
|
||
|
# gpg: 1 bad signature on Pentoo19
|
||
|
if grep 'bad signature' /tmp/G$$.log ; then
|
||
|
echo ERROR: bad signature /tmp/G$$.log # exit 2
|
||
|
# sig-3 BB572E0E2D182910 2009-08-25 Gentoo Linux Release Engineering (Automated Weekly Release Key) <releng@gentoo.org>
|
||
|
gpg2 --disable-dirmngr --batch --delete-key BB572E0E2D182910
|
||
|
fi
|
||
|
|
||
|
# numbers 1-3 for certificate check level (see --ask-cert-level)
|
||
|
grep '^sig-[0-9]' /tmp/G$$.log && { echo WARN: bad signature ; exit 3 ;}
|
||
|
# gpg: 104 signatures not checked due to missing keys
|
||
|
|
||
|
[ -f $BASE_PORTDIR/Manifest ] || exit 0
|
||
|
# on stderr!
|
||
|
gpg2 --verify --keyring $keyf $BASE_PORTDIR/Manifest >/tmp/K$$.log 2>&1 || exit 3
|
||
|
# DCD05B71EAB94199527F44ACDB6B8C1F96D8BF6D
|
||
|
# grep 'This key has expired' /tmp/K$$.log && exit 3
|
||
|
grep 'using RSA key' /tmp/K$$.log || exit 4
|
||
|
grep 'Primary key fingerprint:' /tmp/K$$.log | sed -e 's/.*: //' -e 's/ //g' > /tmp/K$$.key || exit 5
|
||
|
|
||
|
if route | grep -q ^default ; then
|
||
|
. /root/bin/tor.sh
|
||
|
wget -O /tmp/K$$.html https://www.gentoo.org/downloads/signatures/ || exit 0
|
||
|
grep "`cat /tmp/K$$.key`" /tmp/K$$.html || {
|
||
|
echo ERROR: failed 'Primary key fingerprint:' "`cat /tmp/K$$.key`"
|
||
|
exit 5
|
||
|
}
|
||
|
fi
|
||
|
|
||
|
exit 0
|