diff options
| author | Tzafrir Cohen <tzafrir.cohen@xorcom.com> | 2009-01-05 19:42:10 +0000 |
|---|---|---|
| committer | Tzafrir Cohen <tzafrir.cohen@xorcom.com> | 2009-01-05 19:42:10 +0000 |
| commit | f6c6fd27a4634464f7ace0c135699cce02c43817 (patch) | |
| tree | 5b1903b655ad21ad6144436257ae272066f092ea /rapid-tunneling | |
| parent | d7b80cace5be8b0e263cec1e36f0553842a6e991 (diff) | |
GPG signature of tarball; path changes
* The tarball sent by the support user is now signed: an extra sig.asc
gpg ascii-armoured signature of the contents of all the other file
(alphabetical order).
* Client verifies that before touching the data further.
* Hence packages depend on gnupg.
* Error code from gpg errors: 7.
* Scripts used by the server are now in /usr/share/rapid-tunneling/bin .
* Server support user sources /usr/share/rapid-tunneling/support_env .
* Fixed purging for Debian -server package.
* rtadm's config file is /etc/rapid-tunneling/rtadm .
git-svn-id: svn+ssh://xorcom/home/svn/debs/components/rapid-tunneling@6550 283159da-0705-0410-b60c-f2062b4bb6ad
Diffstat (limited to 'rapid-tunneling')
| -rwxr-xr-x | rapid-tunneling | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/rapid-tunneling b/rapid-tunneling index c563b75..8699ced 100755 --- a/rapid-tunneling +++ b/rapid-tunneling @@ -10,6 +10,15 @@ fi tmpdir=`mktemp -d` mkdir $tmpdir/recv $tmpdir/send tar xzf "$1" -C $tmpdir/recv + +# The signed data is everything except the signature itself: +(cd $tmpdir/recv; grep -- . * | grep -v ^sig.asc:) >$tmpdir/recv_data +if ! gpg --quiet --verify $tmpdir/recv/sig.asc $tmpdir/recv_data; then + echo >&2 "$0: gpg signature verification failed." + echo >&2 "$0: Maybe someone's playing dirty tricks? Aborting." + exit 7 +fi + user=`cat $tmpdir/recv/user` host=`cat $tmpdir/recv/host` port=`cat $tmpdir/recv/port` |