bin/interpret-mail: require a valid signature from an admin to do anything

author: Erich Eckner <git@eckner.net> 2017-08-29 13:31:40 +0200
committer: Erich Eckner <git@eckner.net> 2017-08-29 13:31:40 +0200
commit: 71c8b3293944620afb8977b5c663a5916c53974f (patch)
tree: c33c934cf6a5e9a12564577264cee216730b482c /bin
parent: 491308bd4941793699e1185bdb623935f3cdd999 (diff)
download: builder-71c8b3293944620afb8977b5c663a5916c53974f.tar.xz
1 files changed, 16 insertions, 1 deletions
diff --git a/bin/interpret-mail b/bin/interpret-mail
index ff40b22..12b0520 100755
--- a/bin/interpret-mail
+++ b/bin/interpret-mail
@@ -28,7 +28,22 @@ if ! sed -n '
       p
     }
   ' "${tmp_dir}/mail" | \
-    chronic gpg --batch -q -d -o "${tmp_dir}/plain-content"; then
+    chronic gpg --batch --status-file "${tmp_dir}/gpg-status" -q -d -o "${tmp_dir}/plain-content"; then
+  exit
+fi
+
+if [ -z "$(
+  (
+    grep '^\[GNUPG:] VALIDSIG ' "${tmp_dir}/gpg-status" | \
+      cut -d' ' -f3 | \
+      sort -u
+    printf '%s\n' "${admin_gpg_keys}" | \
+      sort -u
+  ) | \
+    sort | \
+    uniq -d
+  )" ]; then
+  >&2 echo 'No valid signature found.'
   exit
 fi
author	Erich Eckner <git@eckner.net>	2017-08-29 13:31:40 +0200
committer	Erich Eckner <git@eckner.net>	2017-08-29 13:31:40 +0200
commit	71c8b3293944620afb8977b5c663a5916c53974f (patch)
tree	c33c934cf6a5e9a12564577264cee216730b482c /bin
parent	491308bd4941793699e1185bdb623935f3cdd999 (diff)
download	builder-71c8b3293944620afb8977b5c663a5916c53974f.tar.xz