Script Index
Copyright
Copyright 2005 by the Source Mage Team
Synopsis
Functions that verify gpg signatures
Parameters:
- $1: signature of the file
- $2: file to verify
- $3: public keyring
Returns:
- 0 on success, non-zero on failure:
- 1 verification failure
- 3 no signature file
- 4 no file to verify
- 5 no keyring
- 200 gpg isnt installed
stdout
message when gpg is not installed
Description
Low level routine for verifying a file given a signature and keyring.
The keyring must contain the public key for the signature.
Parameters:
- $1: (optional) sorcery branch, if empty use $SORCERY_BRANCH
Returns:
- 0 on success, 1 on failure
stdout
full path to sorcery key (if successful)
Description
Get the sorcery gpg key file associated with a branch
Parameters:
- $1: grimoire branch (test, stable, games etc.)
Returns:
- 0 on success, 1 on failure
stdout
full path to grimoire key (if successful)
Description
Get the grimmoire gpg key file associated with a branch
Parameters:
- $1: file on local disk to verify
- $2: url from which to get the signature
- $3: (optional) grimoire branch, if empty derive it from the filename with ${SOURCE%%.*}
- $4: (optional) signature file, if empty download $SOURCE.$GPG_SIG_EXT from $2
Returns:
- 0 on success, non-zero on failure:
- 1 verification failed
- 201 verification is disabled
- 254 no keyring found
- 255 could not download signature
- anything else see gpg_verify_signature
stdout
possibly a failure message depending on what happens (nothing is output on success)
Description
Verify a grimoire tarball's gpg signature
Parameters:
- $1: file on local disk to verify
- $2: url from which to get the signature
- $3: (optional) signature file, if empty download $SOURCE.$GPG_SIG_EXT from $2
Returns:
- 0 on success, non-zero on failure:
- 1 verification failed
- 2 verification is disabled
- 254 no keyring found
- 255 could not download signature
- anything else see gpg_verify_signature
stdout
possibly a failure message depending on what happens (nothing is output on success)
Description
Verify a sorcery tarball's gpg signature
Parameters:
- $1: file on local disk to verify
- $2: url from which to get the signature
- $3: keyring to verify with
- $4: grimoire or sorcery, whatever it is thats being verified (used in an output message
- $5: (optional) signature file, if empty download $SOURCE.$GPG_SIG_EXT from $2
Returns:
- 0 on success, non-zero on failure:
- 1 verification failed
- 255 could not download signature
- anything else see gpg_verify_signature
stdout
possibly a failure message depending on what happens (nothing is output on success)
Description
Common code for verifying sorcery/grimoire tarballs
Parameters:
- $1: return code of gpg_verify_sorcery or gpg_verify_grimoire
Returns:
- 0 if the program should continue
- 1 if not
stdout
Some message thats supposed to inform the user of whats
going on, or possibly a query asking the user if they want
to continue even though gpg verification failed.
Description
Handles interpriting the output of gpg_verify_sorcery or
gpg_verify_grimoire.
Parameters:
- $1: algorithm to use
- $2: file to get hashsum of
stdout
output is exactly the same format as md5sum/sha1sum, just with
a different hashsum. "hashsumfilename". The hashsum is
printed with all lowercase letters.
Description
This assumes that the caller has already verified that gpg is
installed and supports the specified hash function.
Parameters:
stdout
All the hash algorithms supported by gpg, algorithms printed in
lower case.
Description
This assumes the caller has already verified that gpg is installed.
Parameters:
- $1: directory to verify
- $2: manifest file, the format is like what the md5sum tool would produce
- $3: algorithm to use, this can be anything supported by gpg
- $4: regular expression of files to ignore
Description
Verify a tree against a manifest file
Parameters:
Description
Verify a grimoire tree and ignore files sorcery adds post-download
Parameters:
Description
Ask the user what they want to do if verification of a grimoire tree
fails.