On 21 Feb 2003 16:30:02 +0100 Tollef Fog Heen <[EMAIL PROTECTED]> wrote:
> optimally, what I'd like > is getting anna to support gpg and verify the full integrity of the > install. One would then only have to trust the integrity of the > initial boot media; a compromised mirror would be detected > immediately. Attached is program that uses libopencdk to verify the Release/Release.gpg file, its only experimental code though. The code is small, but as it needs libgcrypt (which needs opencdk and zlib) it makes it a 350kB binary, 171kB gzip'ed, which is pretty big for our purposes. Glenn
/* * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include <sys/types.h> #include <errno.h> #include <stdio.h> #include <string.h> #include <opencdk.h> extern int verify_gpg_file(const char *sign_file) { CDK_KEYDB_HD pub_db; CDK_HD hd; int rc; const unsigned long ftpmaster2003[2] = { 0xB629A24C, 0x38C6029A }; const unsigned long ftpmaster2002[2] = { 0xAA7DEB7B, 0x722F1AED }; printf("Verifying gpg signature of %s\n", sign_file); cdk_set_log_level(CDK_LOG_DEBUG); rc = cdk_keydb_new(&pub_db, CDK_DBTYPE_PK_KEYRING, "/home/bug1/.gnupg/pubring.gpg", 29); if (rc) { fprintf(stderr, "keydb new: `%s'\n", cdk_strerror(rc)); return 0; } cdk_handle_new(&hd); cdk_handle_set_keydb(hd, pub_db); /* Check the signature */ rc = cdk_file_verify(hd, sign_file, NULL); printf("cdk_file_verify result is %d\n", rc); /* Process the results */ rc = cdk_sig_get_ulong_attr(hd, 0, CDK_ATTR_STATUS); switch(rc) { case CDK_SIGSTAT_GOOD: { const unsigned long *keyid; keyid = cdk_sig_get_data_attr(hd, 0, CDK_ATTR_KEYID); /* TODO: should detect the key id using a seperate keyring ? */ printf(" Good signature by %08lX%08lX\n", keyid[0], keyid[1]); if ((keyid[0] == ftpmaster2002[0]) && (keyid[1] != ftpmaster2002[1])) { printf(" Key signed with expired key\n"); } else if ((keyid[0] != ftpmaster2003[0]) || (keyid[1] != ftpmaster2003[1])) { printf(" Danger Will Robinson, Danger!\n"); printf(" Who the hell is %08lX %08lX ?", keyid[0], keyid[1]); printf(" It should be signed by B629A24C 38C6029A\n"); printf(" This other guy might be trying sneak in a trojaned package!\n"); printf(" Danger Will Robinson, Danger!\n"); exit(-1); } break; } case CDK_SIGSTAT_BAD: printf(" Verification failed, signature doesnt match file\n"); break; case CDK_SIGSTAT_NOKEY: printf(" Verification failed, unknown keyid\n"); break; } /* Cleanup */ cdk_handle_free(hd); return(rc); } int main(int argc, char **argv) { verify_gpg_file(argv[1]); }
pgp00000.pgp
Description: PGP signature