diff options
| -rwxr-xr-x | local/require-signed-push | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/local/require-signed-push b/local/require-signed-push index 005f47e..5aaf554 100755 --- a/local/require-signed-push +++ b/local/require-signed-push @@ -36,7 +36,7 @@ fail_signed_push() { git --no-pager show "$GIT_PUSH_CERT" warn "=====" fi - exit 1 + silent_die } log_git_push() { @@ -155,16 +155,19 @@ log_git_push case ${VERIFY_SIGS} in gentoo-devs) if [[ ${GL_USER} != *@gentoo.org ]]; then - echo "*** Pusher address is not @gentoo.org" >&2 - echo " (it is ${GL_USER})" >&2 - echo "*** Please report this to infra" >&2 - exit 1 + warn "*** Pusher address is not @gentoo.org" >&2 + warn " (it is ${GL_USER})" >&2 + warn "*** Please report this to infra" >&2 + silent_die fi # find key fingerprints in LDAP - KEY_FPS=( $(ldapsearch "uid=${GL_USER%@gentoo.org}" -D '' -Z -LLL \ - gpgfingerprint -o ldif-wrap=no | \ - sed -n -e '/^gpgfingerprint: /{s/^.*://;s/ //g;p}') ) + mapfile -t KEY_FPS <( \ + ldapsearch -o ldif-wrap=no -x -D '' -Z -LLL \ + "uid=${GL_USER%@gentoo.org}" \ + gpgfingerprint \ + | sed -n -e '/^gpgfingerprint: /{s/^.*://;s/ //g;p}'\ + ) # match signing key to the primary key PRIMARY_KEY=$(gpg --batch --with-colons --fingerprint "${GIT_PUSH_CERT_KEY}" \ | sed -n -e '/^pub/{n;/^fpr/p}' | cut -d: -f10) @@ -180,8 +183,7 @@ case ${VERIFY_SIGS} in no) ;; *) - echo "Invalid value of gentoo.verify-signatures" >&2 - exit 1 + die "Invalid value of gentoo.verify-signatures" esac # Now validate |