1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
package slackware_com
import (
"bytes"
_ "embed"
"io"
"os"
"os/exec"
)
//go:embed "security@slackware.com.asc"
var slackwareGPGKey string
type GnuPGVerifier struct {
w *io.PipeWriter
result <-chan struct {
bool
error
}
}
func RunSignatureVerifier(signature string) *GnuPGVerifier {
var v GnuPGVerifier
r, w := io.Pipe()
v.w = w
result := make(chan struct {
bool
error
}, 1)
v.result = result
go v.executeCMD(result, r, signature)
return &v
}
func (g *GnuPGVerifier) executeCMD(c chan<- struct {
bool
error
}, r io.ReadCloser, signature string) {
defer close(c)
defer r.Close()
sigFile, err := os.CreateTemp("", "gpg-signature.*")
if err != nil {
c <- struct {
bool
error
}{false, err}
return
}
defer sigFile.Close()
defer os.Remove(sigFile.Name())
sigFile.WriteString(signature)
sigFile.Close()
var keyRing bytes.Buffer
cmd := exec.Command("gpg2", "--dearmor")
cmd.Stdin = bytes.NewBufferString(slackwareGPGKey)
cmd.Stdout = &keyRing
err = cmd.Run()
if err != nil {
c <- struct {
bool
error
}{false, err}
return
}
keyRingFile, err := os.CreateTemp("", "gpg-keyring.*.gpg")
if err != nil {
c <- struct {
bool
error
}{false, err}
return
}
defer keyRingFile.Close()
defer os.Remove(keyRingFile.Name())
keyRingFile.Write(keyRing.Bytes())
keyRingFile.Close()
cmd = exec.Command("gpg2",
"--no-default-keyring",
"--keyring", keyRingFile.Name(),
"--verify", sigFile.Name(), "-",
)
cmd.Stdin = r
err = cmd.Run()
c <- struct {
bool
error
}{err == nil, err}
}
func (g *GnuPGVerifier) Write(buf []byte) (int, error) {
return g.w.Write(buf)
}
func (g *GnuPGVerifier) IsValid() (bool, error) {
g.w.Close()
res := <-g.result
return res.bool, res.error
}
|