Created
February 24, 2009 19:03
-
-
Save ingramj/69720 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/ruby | |
| # Takes a list of files and verifies the gpg signature on each, and makes | |
| # sure that it was signed by an allowed key id | |
| ALLOWED_KEY_IDS = ['C81FD50E'] | |
| ARGV.each do |e| | |
| result = `gpg --verify #{e} 2>&1` | |
| # If the the signature isn't verified, print and error and go the next file | |
| unless result.include?('Good signature') | |
| puts "Bad signature for #{e}" | |
| next | |
| end | |
| # The key ID is the last word on the first line. | |
| key_id = result.split("\n")[0].split(" ")[-1] | |
| unless ALLOWED_KEY_IDS.include?(key_id) | |
| puts "Verboten Key ID (#{key_id}) for #{e}" | |
| next | |
| end | |
| puts "Valid Key ID (#{key_id}) for #{e}" | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment