27dae3
#!/bin/bash
27dae3
27dae3
# Copyright 2018 B. Persson, Bjorn@Rombobeorn.se
27dae3
#
27dae3
# This material is provided as is, with absolutely no warranty expressed
27dae3
# or implied. Any use is at your own risk.
27dae3
#
27dae3
# Permission is hereby granted to use or copy this shellscript
27dae3
# for any purpose, provided the above notices are retained on all copies.
27dae3
# Permission to modify the code and to distribute modified code is granted,
27dae3
# provided the above notices are retained, and a notice that the code was
27dae3
# modified is included with the above copyright notice.
27dae3
27dae3
27dae3
function print_help {
27dae3
    cat <<'EOF'
27dae3
Usage: gpgverify --keyring=<pathname> --signature=<pathname> --data=<pathname>
27dae3
27dae3
gpgverify is a wrapper around gpgv designed for easy and safe scripting. It
27dae3
verifies a file against a detached OpenPGP signature and a keyring. The keyring
27dae3
shall contain all the keys that are trusted to certify the authenticity of the
27dae3
file, and must not contain any untrusted keys.
27dae3
27dae3
The differences, compared to invoking gpgv directly, are that gpgverify accepts
27dae3
the keyring in either ASCII-armored or unarmored form, and that it will not
27dae3
accidentally use a default keyring in addition to the specified one.
27dae3
27dae3
Parameters:
27dae3
  --keyring=<pathname>    keyring with all the trusted keys and no others
27dae3
  --signature=<pathname>  detached signature to verify
27dae3
  --data=<pathname>       file to verify against the signature
27dae3
EOF
27dae3
}
27dae3
27dae3
27dae3
fatal_error() {
27dae3
    message="$1"  # an error message
27dae3
    status=$2     # a number to use as the exit code
27dae3
    echo "gpgverify: $message" >&2
27dae3
    exit $status
27dae3
}
27dae3
27dae3
27dae3
require_parameter() {
27dae3
    term="$1"   # a term for a required parameter
27dae3
    value="$2"  # Complain and terminate if this value is empty.
27dae3
    if test -z "${value}" ; then
27dae3
        fatal_error "No ${term} was provided." 2
27dae3
    fi
27dae3
}
27dae3
27dae3
27dae3
check_status() {
27dae3
    action="$1"  # a string that describes the action that was attempted
27dae3
    status=$2    # the exit code of the command
27dae3
    if test $status -ne 0 ; then
27dae3
        fatal_error "$action failed." $status
27dae3
    fi
27dae3
}
27dae3
27dae3
27dae3
# Parse the command line.
27dae3
keyring=
27dae3
signature=
27dae3
data=
27dae3
for parameter in "$@" ; do
27dae3
    case "${parameter}" in
27dae3
        (--help)
27dae3
            print_help
27dae3
            exit
27dae3
            ;;
27dae3
        (--keyring=*)
27dae3
            keyring="${parameter#*=}"
27dae3
            ;;
27dae3
        (--signature=*)
27dae3
            signature="${parameter#*=}"
27dae3
            ;;
27dae3
        (--data=*)
27dae3
            data="${parameter#*=}"
27dae3
            ;;
27dae3
        (*)
27dae3
            fatal_error "Unknown parameter: \"${parameter}\"" 2
27dae3
            ;;
27dae3
    esac
27dae3
done
27dae3
require_parameter 'keyring' "${keyring}"
27dae3
require_parameter 'signature' "${signature}"
27dae3
require_parameter 'data file' "${data}"
27dae3
27dae3
# Make a temporary working directory.
27dae3
workdir="$(mktemp --directory)"
27dae3
check_status 'Making a temporary directory' $?
27dae3
workring="${workdir}/keyring.gpg"
27dae3
27dae3
# Decode any ASCII armor on the keyring. This is harmless if the keyring isn't
27dae3
# ASCII-armored.
27dae3
gpg2 --homedir="${workdir}" --yes --output="${workring}" --dearmor "${keyring}"
27dae3
check_status 'Decoding the keyring' $?
27dae3
27dae3
# Verify the signature using the decoded keyring.
27dae3
gpgv2 --homedir="${workdir}" --keyring="${workring}" "${signature}" "${data}"
27dae3
check_status 'Signature verification' $?
27dae3
27dae3
# (--homedir isn't actually necessary. --dearmor processes only the input file,
27dae3
# and if --keyring is used and contains a slash, then gpgv2 uses only that
27dae3
# keyring. Thus neither command will look for a default keyring, but --homedir
27dae3
# makes extra double sure that no default keyring will be touched in case
27dae3
# another version of GPG works differently.)
27dae3
27dae3
# Clean up. (This is not done in case of an error that may need inspection.)
27dae3
rm --recursive --force ${workdir}