Skip to content

Commit

Permalink
Makefile.am: make sign & verify tighter
Browse files Browse the repository at this point in the history 
Signed-off-by: Robin H. Johnson <[email protected]>
  • Loading branch information
@robbat2
robbat2 committed Nov 26, 2023
1 parent c7d6fa8 commit deb5b88
Showing 1 changed file with 20 additions and 4 deletions.
24 changes: 20 additions & 4 deletions Makefile.am
View file
Original file line number Diff line number Diff line change
Expand Up @@ -196,23 +196,39 @@ EXTRA_DIST = \
EXTENSIONS = gz bz2 lz lzma xz tarZ shar zip
HASHES = sha256 sha512

# Generate clearsigned checksum files.
# Generate detached signatures of the tarballs.
sign:
$(AM_V_GEN)for e in $(EXTENSIONS); do \
if [ -f radvd-$(VERSION).tar.$$e ]; then \
gpg --armor --sign --detach-sign radvd-$(VERSION).tar.$$e; \
for h in $(HASHES); do \
$${h}sum --tag radvd-$(VERSION).tar.$$e > radvd-$(VERSION).tar.$$e.$$h; \
$${h}sum --tag radvd-$(VERSION).tar.$$e > radvd-$(VERSION).tar.$$e.$$h || exit 1; \
gpg --clear-sign radvd-$(VERSION).tar.$$e.$$h || exit 1; \
mv -f radvd-$(VERSION).tar.$$e.$$h.asc radvd-$(VERSION).tar.$$e.$$h || exit 1; \
done; \
gpg -sba radvd-$(VERSION).tar.$$e; \
fi; \
done

# Verify clearsigned checksum files.
# Verify detached signatures of the tarballs.
#
# Be careful to verify the clearsign, take ONLY the signed part, and then
# verify the checksum contained in that (ignore checksums OUTSIDE the
# clearsigned part).
verify:
$(AM_V_GEN)for e in $(EXTENSIONS); do \
if [ -f radvd-$(VERSION).tar.$$e ]; then \
gpg --verify radvd-$(VERSION).tar.$$e.asc; \
for h in $(HASHES); do \
$${h}sum --tag -c radvd-$(VERSION).tar.$$e.$$h; \
rm -f radvd-$(VERSION).tar.$$e.$$h.verified || exit 1; \
gpg --output radvd-$(VERSION).tar.$$e.$$h.verified --verify radvd-$(VERSION).tar.$$e.$$h || exit 1; \
if ! $${h}sum -c radvd-$(VERSION).tar.$$e.$$h.verified ; then \
rm -f radvd-$(VERSION).tar.$$e.$$h.verified; \
exit 1; \
fi; \
rm -f radvd-$(VERSION).tar.$$e.$$h.verified; \
done; \
gpg --verify radvd-$(VERSION).tar.$$e.asc; \
fi; \
done

Expand Down

0 comments on commit deb5b88

Please sign in to comment.