ebd01c
#!/bin/bash
ebd01c
ebd01c
# Copyright 2018 B. Persson, Bjorn@Rombobeorn.se
ebd01c
#
ebd01c
# This material is provided as is, with absolutely no warranty expressed
ebd01c
# or implied. Any use is at your own risk.
ebd01c
#
ebd01c
# Permission is hereby granted to use or copy this shellscript
ebd01c
# for any purpose, provided the above notices are retained on all copies.
ebd01c
# Permission to modify the code and to distribute modified code is granted,
ebd01c
# provided the above notices are retained, and a notice that the code was
ebd01c
# modified is included with the above copyright notice.
ebd01c
ebd01c
ebd01c
function print_help {
ebd01c
    cat <<'EOF'
ebd01c
Usage: gpgverify --keyring=<pathname> --signature=<pathname> --data=<pathname>
ebd01c
ebd01c
gpgverify is a wrapper around gpgv designed for easy and safe scripting. It
ebd01c
verifies a file against a detached OpenPGP signature and a keyring. The keyring
ebd01c
shall contain all the keys that are trusted to certify the authenticity of the
ebd01c
file, and must not contain any untrusted keys.
ebd01c
ebd01c
The differences, compared to invoking gpgv directly, are that gpgverify accepts
ebd01c
the keyring in either ASCII-armored or unarmored form, and that it will not
ebd01c
accidentally use a default keyring in addition to the specified one.
ebd01c
ebd01c
Parameters:
ebd01c
  --keyring=<pathname>    keyring with all the trusted keys and no others
ebd01c
  --signature=<pathname>  detached signature to verify
ebd01c
  --data=<pathname>       file to verify against the signature
ebd01c
EOF
ebd01c
}
ebd01c
ebd01c
ebd01c
fatal_error() {
ebd01c
    message="$1"  # an error message
ebd01c
    status=$2     # a number to use as the exit code
ebd01c
    echo "gpgverify: $message" >&2
ebd01c
    exit $status
ebd01c
}
ebd01c
ebd01c
ebd01c
require_parameter() {
ebd01c
    term="$1"   # a term for a required parameter
ebd01c
    value="$2"  # Complain and terminate if this value is empty.
ebd01c
    if test -z "${value}" ; then
ebd01c
        fatal_error "No ${term} was provided." 2
ebd01c
    fi
ebd01c
}
ebd01c
ebd01c
ebd01c
check_status() {
ebd01c
    action="$1"  # a string that describes the action that was attempted
ebd01c
    status=$2    # the exit code of the command
ebd01c
    if test $status -ne 0 ; then
ebd01c
        fatal_error "$action failed." $status
ebd01c
    fi
ebd01c
}
ebd01c
ebd01c
ebd01c
# Parse the command line.
ebd01c
keyring=
ebd01c
signature=
ebd01c
data=
ebd01c
for parameter in "$@" ; do
ebd01c
    case "${parameter}" in
ebd01c
        (--help)
ebd01c
            print_help
ebd01c
            exit
ebd01c
            ;;
ebd01c
        (--keyring=*)
ebd01c
            keyring="${parameter#*=}"
ebd01c
            ;;
ebd01c
        (--signature=*)
ebd01c
            signature="${parameter#*=}"
ebd01c
            ;;
ebd01c
        (--data=*)
ebd01c
            data="${parameter#*=}"
ebd01c
            ;;
ebd01c
        (*)
ebd01c
            fatal_error "Unknown parameter: \"${parameter}\"" 2
ebd01c
            ;;
ebd01c
    esac
ebd01c
done
ebd01c
require_parameter 'keyring' "${keyring}"
ebd01c
require_parameter 'signature' "${signature}"
ebd01c
require_parameter 'data file' "${data}"
ebd01c
ebd01c
# Make a temporary working directory.
ebd01c
workdir="$(mktemp --directory)"
ebd01c
check_status 'Making a temporary directory' $?
ebd01c
workring="${workdir}/keyring.gpg"
ebd01c
ebd01c
# Decode any ASCII armor on the keyring. This is harmless if the keyring isn't
ebd01c
# ASCII-armored.
ebd01c
gpg2 --homedir="${workdir}" --yes --output="${workring}" --dearmor "${keyring}"
ebd01c
check_status 'Decoding the keyring' $?
ebd01c
ebd01c
# Verify the signature using the decoded keyring.
ebd01c
gpgv2 --homedir="${workdir}" --keyring="${workring}" "${signature}" "${data}"
ebd01c
check_status 'Signature verification' $?
ebd01c
ebd01c
# (--homedir isn't actually necessary. --dearmor processes only the input file,
ebd01c
# and if --keyring is used and contains a slash, then gpgv2 uses only that
ebd01c
# keyring. Thus neither command will look for a default keyring, but --homedir
ebd01c
# makes extra double sure that no default keyring will be touched in case
ebd01c
# another version of GPG works differently.)
ebd01c
ebd01c
# Clean up. (This is not done in case of an error that may need inspection.)
ebd01c
rm --recursive --force ${workdir}