3 cat <<EOT > signatures.txt
11 This page lists the fingerprints of all public keys in use by the LEDE project
12 and is automatically generated from the developer keys present in the
13 https://git.lede-project.org/?p=keyring.git[keyring.git] repository.
15 Refer to our link:signing.html[signing documentation page] to learn more about
16 file verification and key generation.
20 mkdir
-p "tmp.$$/gpg" ||
{
21 echo "Canot create temporary directory." >&2
25 trap "rm -fr tmp.$$" INT TERM
26 git clone https
://git.lede-project.org
/keyring.git
"tmp.$$/git"
29 cat <<EOT >> signatures.txt
30 === GnuPG key fingerprints
32 GnuPG keys are mainly used to verify the integrity of firmware image downloads.
34 Signature verification ensures that image downloads have not been tampered with
35 and that the third-party download mirrors serve genuine content.
42 while read field rest
; do
45 output
="User ID: $(echo "$rest" | sed -e 's/([^()]*) //; s/@/ -at- /; s/^\(.*\) </*\1* </') +\n$output"
48 oIFS
="$IFS"; IFS
=" /]"; set -- $rest; IFS
="$oIFS"
49 type="$1"; keyid
="$2"; created
="$3"; expires
="$5"
52 pub
) output
="${output}Public Key: " ;;
53 sub
) output
="${output}Signing Subkey: " ;;
56 output
="${output}*0x$keyid* ("
59 *[rR
]) output
="${output}${type%[rR]} Bit RSA" ;;
60 *[dD
]) output
="${output}${type%[dD]} Bit DSA" ;;
61 *[gG
]) output
="${output}${type%[gG]} Bit ElGamal" ;;
64 output
="${output}, created $created${expires:+, expires $expires}) +\n";
67 fingerprint
="${rest##* = }"
68 output
="${output}Fingerprint: +$fingerprint+ +\n"
76 grep -rE "^Comment: " "tmp.$$/git/gpg"/*.asc | \
77 sed -e 's!^\([^:]*\):Comment: \(.*\)$!\2|\1!' | \
83 keyid
=$
(gpg
--status-fd 1 --homedir "tmp.$$/gpg" --import "$keyfile" 2>/dev
/null | \
84 sed -ne 's!^.* IMPORTED \([A-F0-9]\+\) .*$!\1!p')
86 relfile
="gpg/${keyfile##*/gpg/}"
87 modtime
="$(cd "tmp.$$
/git
/"; git log -1 --format="%ci
" -- "$relfile")"
94 $(gpg --homedir "tmp.$$/gpg" --fingerprint --fingerprint "$keyid" 2>/dev/null | format_key)
96 [small]#https://git.lede-project.org/?p=keyring.git;a=history;f=$relfile[Last change: $modtime] | https://git.lede-project.org/?p=keyring.git;a=blob_plain;f=$relfile[Download]#
102 cat <<EOT >> signatures.txt
103 === _usign_ public keys
105 The _usign_ EC keys are used to sign repository indexes in order to ensure that
106 packages fetched and installed via _opkg_ are unmodified and genuine.
108 Those keys are usually installed by default and bundled as
109 https://git.lede-project.org/?p=source.git;a=tree;f=package/system/lede-keyring[lede-keyring]
114 grep -rE "^untrusted comment: " "tmp.$$/git/usign"/[a-f0-9
]* | \
115 sed -e 's!^\([^:]*\):untrusted comment: \(.*\)$!\2|\1!' | \
118 keyfile
="${line##*|}"
121 relfile
="usign/${keyfile##*/usign/}"
122 modtime
="$(cd "tmp.$$
/git
/"; git log -1 --format="%ci
" -- "$relfile")"
129 * Key-ID: +${keyfile##*/}+
130 * Key-Data: +$(grep -vE "^untrusted comment: " "$keyfile")+
132 [small]#https://git.lede-project.org/?p=keyring.git;a=history;f=$relfile[Last change: $modtime] | https://git.lede-project.org/?p=keyring.git;a=blob_plain;f=$relfile[Download]#