Browse Source

Adding packaging; consistency updates in canary text and verification

main 0.1
DarkFeather 4 months ago
parent
commit
aacbe044e3
Signed by: DarkFeather GPG Key ID: 1CC1E3F4ED06F296
4 changed files with 113 additions and 27 deletions
  1. +2
    -0
      .gitignore
  2. +24
    -0
      Makefile
  3. +46
    -0
      PKGBUILD
  4. +41
    -27
      warrant_canary

+ 2
- 0
.gitignore View File

@ -1 +1,3 @@
tests/__pycache__/
pkg/**
*.pkg.tar.zst

+ 24
- 0
Makefile View File

@ -0,0 +1,24 @@
pkgdirname != basename `git config remote.origin.url` | sed 's/.git$$//'
compile:
@echo Nothing to do
install: clean
mkdir -p ${pkgdir}/opt/aninix/${pkgdirname}/
rsync -avzp ./*canary* ${pkgdir}/opt/aninix/${pkgdirname}/
test: compile
python3 -m pytest
clean:
cat .gitignore | xargs rm -Rf
diff:
@echo Nothing to do.
reverse:
@echo Nothing to do.
checkperm:
@echo Nothing to do.

+ 46
- 0
PKGBUILD View File

@ -0,0 +1,46 @@
depends=('bash>=4.4' 'gnupg>=2.2' 'curl>=7.72' 'Uniglot')
makedepends=('make>=4.2')
checkdepends=()
optdepends=()
pkgname="$(git config remote.origin.url | rev | cut -f 1 -d '/' | rev | sed 's/.git$//')"
pkgver="$(git describe --tag --abbrev=0)"."$(git rev-parse --short HEAD)"
pkgrel=1
pkgrel() {
echo $(( `git log "$(git describe --tag --abbrev=0)"..HEAD | grep -c commit` + 1 ))
}
epoch="$(git log | grep -c commit)"
pkgdesc="$(head -n 1 README.md)"
arch=("x86_64")
url="$(git config remote.origin.url | sed 's/.git$//')"
license=('custom')
groups=()
provides=("${pkgname}")
conflicts=()
replaces=("${pkgname,,}", "aninix-${pkgname,,}")
backup=()
options=()
install=
changelog=
source=()
noextract=()
md5sums=()
validpgpkeys=()
prepare() {
git pull
}
build() {
make -C ..
}
check() {
chmod -R u+r ../pkg
make -C .. test
}
package() {
export pkgdir="${pkgdir}"
make -C .. install
install -D -m644 ../LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
}

+ 41
- 27
warrant_canary View File

@ -1,14 +1,19 @@
#!/bin/bash
source /opt/aninix/Uniglot/Bash/header
unset canaryText
# cscanary=https://cryptostorm.is/canary.txt
# cskeyserver=pgp.mit.edu
# cskey=E9C7C942
keyserver=pool.sks-keyservers.net
key=1CC1E3F4ED06F296
canary=https://foundation.aninix.net/AniNIX/WarrantCanary/raw/branch/master/canary.asc
canary=https://foundation.aninix.net/AniNIX/WarrantCanary/raw/branch/main/canary.asc
unset gitCommit
alJazeera='https://www.aljazeera.com/xml/rss/all.xml'
alJazeeraDate="$(date +%Y/%m/%d | sed -s 's#/0#/#g')"
npr='https://feeds.npr.org/1004/rss.xml'
nprdate="$(date +%Y/%m/%d)"
function Usage() {
# Show helptext
@ -21,18 +26,6 @@ function Usage() {
exit $retcode
}
## Visual Functions ##
# These function creates a visual indicator that a step has happened.
# Borrowed from https://foundation.aninix.net/AniNIX/Uniglot for portability.
function header () {
tput setaf 1; tput bold; echo $@; tput sgr0; return
}
function errorheader () {
tput setaf 1 1>&2; tput bold 1>&2; echo "ERROR:" $@ 1>&2; tput sgr0 1>&2; return
}
function infoheader() {
tput setaf 3; tput bold; echo $@; tput sgr0; return
}
function ConfirmGPGKeys() {
# Try to make sure we either have or can pull the key
@ -49,14 +42,13 @@ function RecentNews() {
# Pull the first recent news article from an RSS feed.
# param rssFeed: the url to pull
rssFeed="$1"
curl -s "$rssFeed" | tr '<' '\n' | egrep -m 5 link | tail -n 1 | cut -f 2 -d '>' | cut -f 1 -d '?'
date="$2"
curl -s "$rssFeed" | grep "$date" | egrep -m 5 link | tail -n 1 | cut -f 2 -d '>' | cut -f 1 -d '?'
}
function CanarySeed() {
header Creating and signing a canary message
time=`date +%s`
cat > ./canary << EOM
function CreateCanary() {
rm ./canary.asc
cat > ./canary << EOM
As of $(date +%F), aninix.net has not received any National Security Letters or FISA court orders, and we have not been subject to any gag order(s) by a FISA court, or any other similar court(s) of any government. AniNIX has never placed any backdoors in our hardware or software and has not received any requests to do so. AniNIX has never disclosed any user communications to any third party. No searches or seizures of any kind have ever been performed on AniNIX assets.
The next two updates should be on or before:
@ -64,22 +56,43 @@ The next two updates should be on or before:
* `date -d @$(( $time + 15552000 )) +%F`
Recent news:
* $(RecentNews "$alJazeera")
* $(RecentNews "$npr")
* $(RecentNews "$alJazeera" "$alJazeeraDate")
* $(RecentNews "$npr" "$nprdate")
To verify this message, on the terminal import our public key from $keyserver and verify the canary:
$ gpg --keyserver $keyserver --recv-key $key
$ gpg2 --fingerprint $key
$(gpg2 --fingerprint $key)
$ gpg --verify <(curl -s $canary) 2>&1 | grep 'Good signature'
gpg: Good signature from "Shikoba Kage <darkfeather@aninix.net>"
gpg: Good signature from "DarkFeather <ircs://aninix.net:6697/DarkFeather>" [ultimate]
There will most likely be other lines in the output from that last command, but as long as it says "Good signature", the verification worked correctly.
EOM
gpg --default-key "$key" --personal-digest-preferences sha512 --clear-sign ./canary
retcode=$?
if [ $retcode -eq 0 ]; then header Success; else errorheader Fail; fi
exit $retcode
}
function CanarySeed() {
header Creating and signing a canary message
time=`date +%s`
# Create the canary.
CreateCanary
# Try signing
gpg --default-key "$key" --personal-digest-preferences sha512 --clear-sign ./canary
retcode=$?
if [ $retcode -eq 0 ]; then header Success; else errorheader Fail; exit "$retcode"; fi
# Git commit for consistent history
if [ -n "$gitCommit" ]; then
git add canary canary.asc
git commit -m "Canary update for $(date +%F)"
git push
echo
git log -n 1
fi
# Exit
exit 0
}
function CanaryVerify() {
@ -102,9 +115,10 @@ function CanaryVerify() {
}
# Parse arguments
while getopts 'c:hk:K:svV' OPTION; do
while getopts 'c:ghk:K:svV' OPTION; do
case "$OPTION" in
c) canary="$OPTARG" ;;
g) gitCommit=1 ;;
h) echo Use this script to seed or verify a warrant canary; Usage 0 ;;
k) key="$OPTARG" ;;
K) keyserver="$OPTARG" ;;


Loading…
Cancel
Save