#!/bin/sh # Copyright 2002 Jose Nazario # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR # IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES # OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. # IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT # NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF # THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. usage () { echo "usage: extract " echo " archive and archive.sign must be in the same directory." echo "" echo "this is extract version 0.2" exit } # pre check if [ -x /usr/local/bin/gpg ] ; then true else echo "cannot find /usr/local/bin/gpg executable. quitting." exit fi # ensure we have something to do if [ $# -lt 1 ]; then echo "missing parameters" usage fi # ensure $1.sig exists. if [ -f $1.sign ]; then true else echo "missing .sign file: $1.sign" usage fi # if we haven't been here and done that, initialize the directory. if [[ -d ${HOME}/.gnupg/ ]]; then true else gpg --keyserver search.keyserver.net --recv-key 1373 fi # we have to do it this way, with a copy of the session, because the gnupg # authors seem to use an exit code of 2 for every operation. this makes it # impossible to determine the status of the verification/extraction from # the exit code. let verified=0 gpg --verify $1.sign $1 > /tmp/extract.out 2>&1 # all is good. if [[ -n `grep "Good signature" /tmp/extract.out` ]]; then verified=1 fi # we cannot figure this out, unable to fetch the key .. if [[ -n `grep "key not found" /tmp/extract.out` ]]; then # XXX some stupid error in this script ... dunno why if ${verified}; then break fi echo "key not found. fetching ..." export KEYID=`awk '{if ($0 ~/Signature/) print $NF}' /tmp/extract.out` echo "key id is ${KEYID}" gpg --keyserver pgp.mit.edu --recv-keys ${KEYID} echo "fetched ... starting over ..." rm -f /tmp/extract.out extract $@ fi if [ ${verified} -gt -1 ]; then # bad signature. throw error, quit. if [[ -n `grep "BAD" /tmp/extract.out` ]]; then echo "*** WARNING ****" echo "signature FAILED for $1" exit fi fi # cleanup rm /tmp/extract.out if [ ${verified} ]; then export MYPWD=`pwd` echo "GOOD SIG for $1 in ${MYPWD}" ##echo "we have a good signature! let's go!" ### exec tar -zxvf $1 fi