diff options
| author | Daniel Silverstone <dsilvers@digital-scurf.org> | 2016-08-29 12:42:36 +0100 |
|---|---|---|
| committer | Daniel Silverstone <dsilvers@digital-scurf.org> | 2016-08-29 12:42:36 +0100 |
| commit | 9da373a4a93b38d1d4b117cb1e9478c0abb7ecd0 (patch) | |
| tree | 2255b0b2d95c63b679992beb135b2f2da208eb35 | |
| parent | ebc68394fbb3e731959a0561c2ffa1c98e7256a8 (diff) | |
| download | gall-9da373a4a93b38d1d4b117cb1e9478c0abb7ecd0.tar.gz | |
Add validate signature function, needs testsv1.1
| -rw-r--r-- | lib/gall/util.lua | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/lib/gall/util.lua b/lib/gall/util.lua index 8aba18b..3622b4b 100644 --- a/lib/gall/util.lua +++ b/lib/gall/util.lua @@ -6,6 +6,9 @@ -- -- +local luxio = require 'luxio' +local sp = require 'luxio.subprocess' + local function deep_copy(t, memo) if not memo then memo = {} end if memo[t] then return memo[t] end @@ -25,6 +28,54 @@ local function deep_copy(t, memo) return ret end +local function validate_signature(obj, keyring) + local sig_pipe = {} + luxio.pipe(sig_pipe) + local null = luxio.open("/dev/null", luxio.O_RDONLY) + local proc = sp.spawn { + "gpgv", "--keyring", keyring, + "-q", "--status-fd", "1", "/proc/self/fd/" .. tostring(sig_pipe[1]), + "-", + stdin = sp.PIPE, + stdout = sp.PIPE, + stderr = null, + close_in_child = { + sig_pipe[2], null + } + } + luxio.close(sig_pipe[1]) + luxio.close(null) + -- gpgv first reads the signature file + luxio.write(sig_pipe[2], obj.signature) -- going to assume it got written + luxio.close(sig_pipe[2]) + -- gpgv next reads the certificate (which is sat on its stdin pipe) + luxio.write(proc.stdin, obj.signedcert) + luxio.close(proc.stdin) + -- Finally, we read the content of the stdout pipe + local gpgv_output, l = {} + repeat + l = luxio.read(proc.stdout, 4096) + if l then gpgv_output[#gpgv_output+1] = l end + until (not l) or (l == "") + gpgv_output = table.concat(gpgv_output, "") + luxio.close(proc.stdout) + local how, why = proc:wait() + if how ~= "exit" then + return nil, ("%s: %d"):format(how, why) + end + if why ~= 0 then + return false, gpgv_output + end + -- We are looking for a line which is of the form: + -- [GNUPG:] VALIDSIG 6CCCE5B17306BCDC179CF954C30DF439F2987D74 2016-08-28 1472393046 0 3 0 1 10 00 19568523759E2A2858F4606B3CCEBABE206C3B69 + local fprint = gpgv_output:match(" VALIDSIG ([0-9A-F]+) ") + if not fprint then + return false, gpgv_output + end + return fprint +end + return { deep_copy = deep_copy, + validate_signature = validate_signature, } |