[PC-BSD Commits] r4652 - in pcbsd/trunk/system-overlay/usr/PCBSD/SystemUpdater: bin conf

svn at pcbsd.org svn at pcbsd.org
Wed Oct 14 10:07:34 PDT 2009 

Author: kris
Date: 2009-10-14 10:07:34 -0700 (Wed, 14 Oct 2009)
New Revision: 4652

Added:
   pcbsd/trunk/system-overlay/usr/PCBSD/SystemUpdater/conf/security.key
Modified:
   pcbsd/trunk/system-overlay/usr/PCBSD/SystemUpdater/bin/readSysUpdates.sh
   pcbsd/trunk/system-overlay/usr/PCBSD/SystemUpdater/bin/readSysUpdatesUser.sh
Log:

Added gpg verification to our system updater for 8.0, for an added layer of security



Modified: pcbsd/trunk/system-overlay/usr/PCBSD/SystemUpdater/bin/readSysUpdates.sh
===================================================================
--- pcbsd/trunk/system-overlay/usr/PCBSD/SystemUpdater/bin/readSysUpdates.sh	2009-10-14 15:38:40 UTC (rev 4651)
+++ pcbsd/trunk/system-overlay/usr/PCBSD/SystemUpdater/bin/readSysUpdates.sh	2009-10-14 17:07:34 UTC (rev 4652)
@@ -39,6 +39,11 @@
     rm ${PDATALOC}
 fi
 
+# Make sure we import the security key
+if [ -e "${PROGDIR}/conf/security.key" ]
+then
+   gpg --import ${PROGDIR}/conf/security.key >/dev/null 2>/dev/null
+fi
 
 # Make the installed directory for this version
 if [ ! -d "${PROGDIR}/system-updates/installed/${SYSVER}" ]
@@ -66,12 +71,17 @@
 do
    if [ ! -e "${PROGDIR}/system-updates/installed/${SYSVER}/${i}" ]
    then
-      PATCHFOUND="`expr ${PATCHFOUND} + 1`" 
-      if [ -e "${PROGDIR}/system-updates/ignored/${SYSVER}/${i}" ]
+      # Now lets check if this .upd file is valid via the .sig file
+      gpg --verify ${i}.sig >/dev/null 2>/dev/null 
+      if [ "$?" = "0" ]
       then
-        echo "PATCHIGNORE: ${SYSVER}/${i}" >> /tmp/.pcbsdavailupdates
-      else
-        echo "PATCH: ${SYSVER}/${i}" >> /tmp/.pcbsdavailupdates
+        PATCHFOUND="`expr ${PATCHFOUND} + 1`" 
+        if [ -e "${PROGDIR}/system-updates/ignored/${SYSVER}/${i}" ]
+        then
+          echo "PATCHIGNORE: ${SYSVER}/${i}" >> /tmp/.pcbsdavailupdates
+        else
+          echo "PATCH: ${SYSVER}/${i}" >> /tmp/.pcbsdavailupdates
+        fi
       fi
    fi
 done 

Modified: pcbsd/trunk/system-overlay/usr/PCBSD/SystemUpdater/bin/readSysUpdatesUser.sh
===================================================================
--- pcbsd/trunk/system-overlay/usr/PCBSD/SystemUpdater/bin/readSysUpdatesUser.sh	2009-10-14 15:38:40 UTC (rev 4651)
+++ pcbsd/trunk/system-overlay/usr/PCBSD/SystemUpdater/bin/readSysUpdatesUser.sh	2009-10-14 17:07:34 UTC (rev 4652)
@@ -3,7 +3,6 @@
 # Requires $1 to be set to PC-BSD Version, and $2 to be patch .tgz location
 ############################################################################
 
-
 # Set the program location
 PROGDIR="/usr/PCBSD/SystemUpdater" ; export PROGDIR
 
@@ -32,6 +31,12 @@
     #rm ${TGZFILE}
 fi
 
+# Make sure we import the security key
+if [ -e "${PROGDIR}/conf/security.key" ]
+then
+   gpg --import ${PROGDIR}/conf/security.key >/dev/null 2>/dev/null
+fi
+
 # CD to the patch directory for this version
 cd ${PDIR}/
 
@@ -43,7 +48,12 @@
 do
    if [ ! -e "${PROGDIR}/system-updates/installed/${SYSVER}/${i}" -a ! -e "${PROGDIR}/system-updates/ignored/${SYSVER}/${i}" ]
    then
-      PATCHFOUND="`expr ${PATCHFOUND} + 1`" 
+     # Now lets check if this .upd file is valid via the .sig file
+     gpg --verify ${i}.sig >/dev/null 2>/dev/null
+     if [ "$?" = "0" ]
+     then
+       PATCHFOUND="`expr ${PATCHFOUND} + 1`" 
+     fi
    fi
 done

More information about the Commits mailing list