blob: aa889ee795df10e58ded3f9bb61d5edb01dc769b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
#!/bin/sh
# Get the online version of the GnuPG software version database
# Copyright (C) 2014 Werner Koch
#
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
# The URL of the file to retrieve.
urlbase="https://www.gnupg.org/"
WGET=wget
GPGV=gpgv
srcdir=$(dirname "$0")
distsigkey="$srcdir/../g10/distsigkey.gpg"
# Convert a 3 part version number it a numeric value.
cvtver () {
awk 'NR==1 {split($NF,A,".");X=1000000*A[1]+1000*A[2]+A[3];print X;exit 0}'
}
# Prints usage information.
usage()
{
cat <<EOF
Usage: $(basename $0) [OPTIONS]
Get the online version of the GnuPG software version database
Options:
--skip-download Assume download has already been done.
--help Print this help.
EOF
exit $1
}
#
# Parse options
#
skip_download=no
while test $# -gt 0; do
case "$1" in
# Set up `optarg'.
--*=*)
optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'`
;;
*)
optarg=""
;;
esac
case $1 in
--help|-h)
usage 0
;;
--skip-download)
skip_download=yes
;;
*)
usage 1 1>&2
;;
esac
shift
done
# Get GnuPG version from VERSIOn file. For a GIT checkout this means
# that ./autogen.sh must have been run first. For a regular tarball
# VERSION is always available.
if [ ! -f "$srcdir/../VERSION" ]; then
echo "VERSION file missing - run autogen.sh first." >&2
exit 1
fi
version=$(cat "$srcdir/../VERSION")
version_num=$(echo "$version" | cvtver)
#
# Download the list and verify.
#
if [ $skip_download = yes ]; then
if [ ! -f swdb.lst ]; then
echo "swdb.lst is missing." >&2
exit 1
fi
if [ ! -f swdb.lst.sig ]; then
echo "swdb.lst.sig is missing." >&2
exit 1
fi
else
if ! $WGET -q -O swdb.lst "$urlbase/swdb.lst" ; then
echo "download of swdb.lst failed." >&2
exit 1
fi
if ! $WGET -q -O swdb.lst.sig "$urlbase/swdb.lst.sig" ; then
echo "download of swdb.lst.sig failed." >&2
exit 1
fi
fi
if ! $GPGV --keyring "$distsigkey" swdb.lst.sig swdb.lst; then
echo "list of software versions is not valid!" >&2
exit 1
fi
#
# Check that the online version of GnuPG is not less than this version
# to help detect rollback attacks.
#
gnupg_ver=$(awk '$1=="gnupg21_ver" {print $2;exit}' swdb.lst)
if [ -z "$gnupg_ver" ]; then
echo "GnuPG 2.1 version missing in swdb.lst!" >&2
exit 1
fi
gnupg_ver_num=$(echo "$gnupg_ver" | cvtver)
if [ $(( $gnupg_ver_num >= $version_num )) = 0 ]; then
echo "GnuPG version in swdb.lst is less than this version!" >&2
echo " This version: $version" >&2
echo " SWDB version: $gnupg_ver" >&2
exit 1
fi
|
