PGP: 0x1F81112D62A9ADCE / 3586 3350 BFEA C101 DB1A 4AF0 1F81 112D 62A9 ADCE
On Sat, Feb 8, 2020, at 10:13 AM, Klemens Nanni wrote:
> On Sat, Feb 08, 2020 at 07:26:33AM -0700, Aaron Bieber wrote:
> > Here is a tool I built to simplify the verification of gnupg signatures.
> What does ogvt stand for?
Originally “OpenBSD Gnupg Verification Tool” but that makes it sound like it
verifies
only gnupg, so now it’s:
OpenBSD Gnupg-signature Verification Tool.
:P
>
> > It's pretty straight forward, it takes a file, a pubkey and a signature. If
> > everything matches you get a list of the valid identities and a "Signature
> > OK"
> > message.
> Can you wip up a small manual?
Sure thing!
>
> > The goal for this is to open up the door to validating signatures from
> > upstream by allowing us to store a public key in a port
> > (mail/mutt/files/pubkey for example).
> That will only be possible on archs with lang/go but still better than
> nothing, thanks for your work!
>
> > For a functional example see sthen@'s modification that uses gpg:
> > https://marc.info/?t=157687704400002&r=1&w=2
> >
> > If you add mutt's pubkey in mail/mutt/files/pubkey and replace the line that
> > calls gpg2 with:
> > ogvt -sig $$file -file ${DISTFILES} -pub ${FILESDIR}/pubkey|| OK=false; \
> >
> > One can validate the signature with 'make checksum'
> Perhaps a separate verify target that only does cryptographic signatures?
Ya, that was mentioned in the previous thread as well - as you said, we can
work out the
rest in tree.
>
> > Cluesticks? OKs?
> Works as advertised, we can shake stuff out in-tree.
> OK kn
>
Woo, ty! I’ll commit it later today!
>
