Fixup and enable GPG verification

Signed-off-by: Tad <tad@spotco.us>
2024-09-28 20:26:23 +00:00 · 2022-08-24 15:50:36 -04:00 · 2022-08-24 15:50:36 -04:00 · 4bfedbc42d
commit 4bfedbc42d
parent 4973d22c3a
4 changed files with 18 additions and 12 deletions
--- a/Manifests/Manifest_LAOS-19.1.xml
+++ b/Manifests/Manifest_LAOS-19.1.xml
@ -47,8 +47,8 @@

 <!-- START OF ADDITIONAL REPOS -->
 	<!-- GrapheneOS -->
-	<project path="external/hardened_malloc" name="GrapheneOS/hardened_malloc" remote="github" revision="12.1" />
-	<project path="external/SecureCamera" name="GrapheneOS/platform_external_Camera" remote="github" revision="12.1" />
+	<project path="external/hardened_malloc" name="GrapheneOS/hardened_malloc" remote="github" revision="0d6d63cbe7cb6326bb06e1161b680cb3229f25a0" />
+	<project path="external/SecureCamera" name="GrapheneOS/platform_external_Camera" remote="github" revision="13" />
 <!-- END OF ADDITIONAL REPOS -->

 <!-- START OF DEVICE REPOS -->
--- a/Misc/pubring.kbx
+++ b/Misc/pubring.kbx
--- a/Scripts/Common/Functions.sh
+++ b/Scripts/Common/Functions.sh
@ -89,9 +89,9 @@ applyPatch() {
 export -f applyPatch;

 gpgVerifyDirectory() {
-	if [ -r "$HOME/.gnupg" ]; then
+	if [ -r "$DOS_TMP_GNUPG/pubring.kbx" ]; then
 		for sig in $1/*.asc; do
-			if gpg --verify $sig &>/dev/null; then
+			if gpg --homedir "$DOS_TMP_GNUPG" --verify $sig &>/dev/null; then
 				echo -e "\e[0;32mGPG Verified Successfully: $sig\e[0m";
 			else
 				echo -e "\e[0;31mWARNING: GPG Verification Failed: $sig\e[0m";
@ -99,7 +99,7 @@ gpgVerifyDirectory() {
 			fi;
 		done;
 	else
-		echo -e "\e[0;33mWARNING: ~/.gnupg is unavailable, GPG verification of $1 will not be performed!\e[0m";
+		echo -e "\e[0;33mWARNING: keyring is unavailable, GPG verification of $1 will not be performed!\e[0m";
 	fi;
 }
 export -f gpgVerifyDirectory;
--- a/Scripts/init.sh
+++ b/Scripts/init.sh
@ -111,12 +111,12 @@ export DOS_THEME_700="E64A19"; #Deep Orange 700
 umask 0022;

 gpgVerifyGitHead() {
-	if [ -r "$HOME/.gnupg" ]; then
-		if git -C $1 verify-commit HEAD; then
+	if [ -r "$DOS_TMP_GNUPG/pubring.kbx" ]; then
+		if git -C "$1" verify-commit HEAD &>/dev/null; then
 			echo -e "\e[0;32mGPG Verified Git HEAD Successfully: $1\e[0m";
 		else
 			echo -e "\e[0;31mWARNING: GPG Verification of Git HEAD Failed: $1\e[0m";
-			sleep 60;
+			#sleep 60;
 		fi;
 		#git -C $1 log --show-signature -1;
 	else
@ -143,6 +143,12 @@ fi;
 export DOS_TMP_DIR="/tmp/dos_tmp";
 mkdir -p "$DOS_TMP_DIR";
 export DOS_HOSTS_FILE="$DOS_TMP_DIR/hosts";
+export DOS_TMP_GNUPG="$DOS_TMP_DIR/gnupg-$RANDOM";
+mkdir -p "$DOS_TMP_GNUPG";
+export GNUPGHOME="$DOS_TMP_GNUPG";
+chmod 700 "$DOS_TMP_GNUPG";
+export DOS_VERIFICATION_KEYRING=$DOS_WORKSPACE_ROOT"Misc/pubring.kbx";
+cp "$DOS_VERIFICATION_KEYRING" "$DOS_TMP_GNUPG/";

 export DOS_PREBUILT_APPS=$DOS_WORKSPACE_ROOT"PrebuiltApps/";
 export DOS_PATCHES_COMMON=$DOS_WORKSPACE_ROOT"Patches/Common/";
@ -172,10 +178,10 @@ export LC_ALL=C;
 export LANG=en_US.UTF-8;

 #START OF VERIFICATION
-#gpgVerifyGitHead $DOS_WORKSPACE_ROOT;
-#gpgVerifyGitHead $DOS_PREBUILT_APPS;
-#gpgVerifyGitHead $DOS_PATCHES_LINUX_CVES;
-#gpgVerifyGitHead $DOS_WALLPAPERS;
+gpgVerifyGitHead $DOS_WORKSPACE_ROOT;
+gpgVerifyGitHead $DOS_PREBUILT_APPS;
+gpgVerifyGitHead $DOS_PATCHES_LINUX_CVES;
+gpgVerifyGitHead $DOS_WALLPAPERS;
 #END OF VERIFICATION

 source "$DOS_SCRIPTS_COMMON/Shell.sh";