Skip to content

Instantly share code, notes, and snippets.

@ingramj
Created February 24, 2009 19:03
Show Gist options
  • Save ingramj/69720 to your computer and use it in GitHub Desktop.
Save ingramj/69720 to your computer and use it in GitHub Desktop.
#!/usr/bin/ruby
# Takes a list of files and verifies the gpg signature on each, and makes
# sure that it was signed by an allowed key id
ALLOWED_KEY_IDS = ['C81FD50E']
ARGV.each do |e|
result = `gpg --verify #{e} 2>&1`
# If the the signature isn't verified, print and error and go the next file
unless result.include?('Good signature')
puts "Bad signature for #{e}"
next
end
# The key ID is the last word on the first line.
key_id = result.split("\n")[0].split(" ")[-1]
unless ALLOWED_KEY_IDS.include?(key_id)
puts "Verboten Key ID (#{key_id}) for #{e}"
next
end
puts "Valid Key ID (#{key_id}) for #{e}"
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment