summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xbin/return-assignment20
1 files changed, 20 insertions, 0 deletions
diff --git a/bin/return-assignment b/bin/return-assignment
index e9df686..1acf3fd 100755
--- a/bin/return-assignment
+++ b/bin/return-assignment
@@ -197,6 +197,26 @@ if [ -n "${missing_files}" ]; then
exit 3
fi
+# check if the signatures are valid
+signatures=$(
+ find . -maxdepth 1 -name '*.pkg.tar.xz' \
+ -printf 'package file %f\n' \
+ -exec gpg --batch --status-fd 1 -q --homedir /etc/pacman.d/gnupg --verify '{}.sig' '{}' \; 2> /dev/null
+)
+if [ -z "$(
+ echo "${signatures}" | \
+ cut -d' ' -f2 | \
+ grep -x 'file\|TRUST_FULLY' | \
+ sort | \
+ uniq -c | \
+ awk '{print $1}' | \
+ uniq -d
+)" ]; then
+ >&2 echo 'Signature(s) is/are not fully trusted:'
+ >&2 echo "${signatures}"
+ exit 3
+fi
+
# check if the sent packages are the expected ones
packages=$(
find . -maxdepth 1 -name '*.pkg.tar.xz' -printf '%f\n'