forked from vectordotdev/vector
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcheck-blog-signatures.rb
executable file
·52 lines (44 loc) · 1.49 KB
/
check-blog-signatures.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
#!/usr/bin/env ruby
# check-blog-signatures.rb
#
# SUMMARY
#
# Checks that all blog articles are cryptographically
# signed by their respective authors
require "json"
require "open3"
require "net/http"
require_relative "setup"
require_relative "util/metadata"
require_relative "util/printer"
# load metadata
metadata = Metadata.load!(META_ROOT, DOCS_ROOT, GUIDES_ROOT, PAGES_ROOT)
# the base directory with GPG keyrings
gpg_base_dir = "#{ROOT_DIR}/target/gpg/github"
# remove all previously imported GPG keys
FileUtils::remove_dir gpg_base_dir, true
# check signatures for all blog posts
metadata.posts.each do |post|
Printer.say("Checking #{post.path}...")
github_username = post.author_github.rpartition("/").last
# directory with keyring for the given author
keyring_dir = "#{gpg_base_dir}/#{github_username}"
if not Dir.exists? keyring_dir
FileUtils::mkpath keyring_dir
# fetch author's GPG public keys added to GitHub
uri = URI("https://api.github.com/users/#{github_username}/gpg_keys")
gpg_keys = JSON.parse Net::HTTP.get(uri)
# import each of the author's keys to GPG keyring
gpg_keys.each do |gpg_key|
Open3.popen3("gpg", "--homedir", keyring_dir, "--import") do |i, o, e, t|
i.write gpg_key["raw_key"]
end
end
end
# verify the signature for the post
res = system("gpg", "--homedir", keyring_dir, "--verify", "#{ROOT_DIR}/#{post.path}.sig")
if not res
Printer.error!("Cannot verify GPG signature for #{post.path}")
exit 1
end
end