bin/check-udfs-signature

   1 #!/bin/bash
   2
   3 set -eu
   4
   5 UDFS_DIR=wiki/src/upgrade/v2/
   6
   7 error=false
   8 while read -r upgradesYml; do
   9     if ! [ -f "${upgradesYml}.pgp" ]; then
  10         error=true
  11         echo "${upgradesYml}.pgp missing" >&2
  12     fi
  13 done < <(find "$UDFS_DIR" -type f -name upgrades.yml)
  14
  15 if $error; then
  16     exit 1
  17 fi
  18
  19 while read -r upgradesYml; do
  20     if ! sqop verify "${upgradesYml}.pgp" wiki/src/tails-signing.key \
  21         <"${upgradesYml}" &>/dev/null; then
  22         error=true
  23         echo "${upgradesYml}.pgp invalid signature" >&2
  24         exit 1
  25     fi
  26 done < <(find "$UDFS_DIR" -type f -name upgrades.yml)