tools/dist/getsigs.pl

   1 #!/usr/bin/perl
   2
   3 # Terribly ugly hack of a script to verify the signatures on the release
   4 # tarballs and produce the list of who signed them in the format we use for
   5 # the announcements.
   6 #
   7 # To use just run it in the directory with the signatures and tarballs and
   8 # pass the version of subversion you want to check.  It assumes gpg is on
   9 # you path, if it isn't you should fix that. :D
  10 #
  11 # Script will die if any gpg process returns an error.
  12
  13 my $version = $ARGV[0];
  14 my %good_sigs;
  15
  16 foreach my $filename (glob("subversion-*.asc")) {
  17     `cp $filename $filename.bak`;
  18
  19     while (int(`wc -l $filename`) > 0)
  20     {
  21         my $gpg_output = `gpg --logger-fd 1 --verify $filename`;
  22         if ($? >> 8 ) {
  23             # gpg exited with a non zero exit value, die with an error
  24             print $gpg_output;
  25             die "BAD SIGNATURE in $filename";
  26         }
  27         foreach my $line (split /\n/, $gpg_output) {
  28             # Extract the keyid from the GPG output.
  29             my ($keyid) = $line =~ /^gpg: Signature made .*? using \w+ key ID (\w+)/;
  30             if (defined($keyid)) {
  31                 # Put the resulting key in a hash to remove duplicates.
  32                 $good_sigs{$keyid}++;
  33             }
  34         }
  35
  36         `tail -n +8 $filename > tmp`;
  37         `mv tmp $filename`;
  38     }
  39
  40     `mv $filename.bak $filename`;
  41 }
  42
  43 foreach my $keyid (keys %good_sigs) {
  44     my $gpg_output = `gpg --fingerprint $keyid`;
  45     if ($? >> 8 ) {
  46         # gpg exited with a non zero exit value, die with an error
  47         print $gpg_output;
  48         die "UNABLE TO GET FINGERPRINT FOR $keyid";
  49     }
  50     my ($long_keyid, $fingerprint, $null, $name) = $gpg_output =~ /^pub\s+(\w+\/\w+)[^\n]*\n\s+Key\sfingerprint\s=((\s+[0-9A-F]{4}){10})\nuid\s+([^<\(]+)\s/;
  51     unless (defined($long_keyid) && defined($name) && defined($fingerprint)) {
  52         # Hmm some value didn't get filled in, error out.
  53         die "Empty value, possible error in gpg output parsing.";
  54     }
  55     print <<"EOL";
  56    $name [$long_keyid] with fingerprint:
  57    $fingerprint
  58 EOL
  59 }