Basic integrity check - GPG verify Release files.

1 files changed, 8 insertions, 0 deletions

diff --git a/apt-panopticon.lua b/apt-panopticon.lua
index bf6f2bc..99f9418 100755
--- a/apt-panopticon.lua
+++ b/apt-panopticon.lua
@@ -75,6 +75,7 @@ local releaseFiles =
 {
     -- Release file.
     "/Release",                         -- 3.7 MB
+    "/Release.gpg",                     --
 --    "/InRelease",                     -- 3.7 MB
 --    "/main/binary-all/Packages.xz",   -- 2.6 GB for all that changed recently.
     -- Contents files.                  -- 3.3 GB
@@ -624,6 +625,13 @@ local postDownload = function(host, r, k)
             " && [ ! -f results/" .. host .. "/merged/dists/" .. r .. k .. " ]; then cp" ..
                     "   results/" .. host .. "/merged/dists/" .. r .. k .. ".old" ..
                     "   results/" .. host .. "/merged/dists/" .. r .. k .. "; fi")
+    if testing("Integrity") then
+        if ".gpg" == k:sub(-4, -1) then
+            local status, out = execute("gpgv --keyring /usr/share/keyrings/devuan-keyring.gpg results/" .. host .. "/merged/dists/" .. r .. k .. 
+                                        " results/" .. host .. "/merged/dists/" .. r .. k:sub(1, -5) .. " 2>/dev/null")
+            if "0" ~= status then E("GPG check failed - " .. host .. "/merged/dists/" .. r .. k, "http", "Integrity", host) end
+        end
+    end
 end
 
 local downloadLock = "flock -n results/curl-"