aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'local/require-signed-push')
-rwxr-xr-xlocal/require-signed-push22
1 files changed, 12 insertions, 10 deletions
diff --git a/local/require-signed-push b/local/require-signed-push
index 005f47e..5aaf554 100755
--- a/local/require-signed-push
+++ b/local/require-signed-push
@@ -36,7 +36,7 @@ fail_signed_push() {
git --no-pager show "$GIT_PUSH_CERT"
warn "====="
fi
- exit 1
+ silent_die
}
log_git_push() {
@@ -155,16 +155,19 @@ log_git_push
case ${VERIFY_SIGS} in
gentoo-devs)
if [[ ${GL_USER} != *@gentoo.org ]]; then
- echo "*** Pusher address is not @gentoo.org" >&2
- echo " (it is ${GL_USER})" >&2
- echo "*** Please report this to infra" >&2
- exit 1
+ warn "*** Pusher address is not @gentoo.org" >&2
+ warn " (it is ${GL_USER})" >&2
+ warn "*** Please report this to infra" >&2
+ silent_die
fi
# find key fingerprints in LDAP
- KEY_FPS=( $(ldapsearch "uid=${GL_USER%@gentoo.org}" -D '' -Z -LLL \
- gpgfingerprint -o ldif-wrap=no | \
- sed -n -e '/^gpgfingerprint: /{s/^.*://;s/ //g;p}') )
+ mapfile -t KEY_FPS <( \
+ ldapsearch -o ldif-wrap=no -x -D '' -Z -LLL \
+ "uid=${GL_USER%@gentoo.org}" \
+ gpgfingerprint \
+ | sed -n -e '/^gpgfingerprint: /{s/^.*://;s/ //g;p}'\
+ )
# match signing key to the primary key
PRIMARY_KEY=$(gpg --batch --with-colons --fingerprint "${GIT_PUSH_CERT_KEY}" \
| sed -n -e '/^pub/{n;/^fpr/p}' | cut -d: -f10)
@@ -180,8 +183,7 @@ case ${VERIFY_SIGS} in
no)
;;
*)
- echo "Invalid value of gentoo.verify-signatures" >&2
- exit 1
+ die "Invalid value of gentoo.verify-signatures"
esac
# Now validate