From 71c8b3293944620afb8977b5c663a5916c53974f Mon Sep 17 00:00:00 2001
From: Erich Eckner <git@eckner.net>
Date: Tue, 29 Aug 2017 13:31:40 +0200
Subject: bin/interpret-mail: require a valid signature from an admin to do
 anything

---
 bin/interpret-mail | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

(limited to 'bin/interpret-mail')

diff --git a/bin/interpret-mail b/bin/interpret-mail
index ff40b22..12b0520 100755
--- a/bin/interpret-mail
+++ b/bin/interpret-mail
@@ -28,7 +28,22 @@ if ! sed -n '
       p
     }
   ' "${tmp_dir}/mail" | \
-    chronic gpg --batch -q -d -o "${tmp_dir}/plain-content"; then
+    chronic gpg --batch --status-file "${tmp_dir}/gpg-status" -q -d -o "${tmp_dir}/plain-content"; then
+  exit
+fi
+
+if [ -z "$(
+  (
+    grep '^\[GNUPG:] VALIDSIG ' "${tmp_dir}/gpg-status" | \
+      cut -d' ' -f3 | \
+      sort -u
+    printf '%s\n' "${admin_gpg_keys}" | \
+      sort -u
+  ) | \
+    sort | \
+    uniq -d
+  )" ]; then
+  >&2 echo 'No valid signature found.'
   exit
 fi
 
-- 
cgit v1.2.3-54-g00ecf