/usr/share/dupload/gpg-check is in dupload 2.9.1ubuntu1.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 | #!/bin/sh
# Verify that a changes has been signed and that the signatures are good
# (using GPG)
FILE=$1
# If no gpg is found just exit
[ ! -x "`which gpg`" ] && exit 0
# If the file is not found just exit with error
[ ! -r "$FILE" ] && exit 2
echo -n Checking signatures before upload...
# Use the exit status to determine if the signature is ok or not
gpg --verify "$FILE" >/dev/null 2>&1
ret=$?
if [ $ret -eq 1 ]; then
echo "GPG verification of $FILE failed!"
exit 1
elif [ $ret -eq 2 ]; then
if grep -- '-----BEGIN PGP' "$FILE" >/dev/null 2>&1; then
echo "GPG signature couldn't be checked, probably because of missing key"
exit 0
else
echo "GPG signature is missing"
exit 1
fi
fi
echo ...signatures are ok
exit 0
|