From 3b7c66c9b0501c74916906c06a1b6f2d16c57779 Mon Sep 17 00:00:00 2001
From: onefang
Date: Tue, 26 Nov 2019 01:03:55 +1000
Subject: Basic integrity check - GPG verify Release files.

---
 apt-panopticon.lua | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/apt-panopticon.lua b/apt-panopticon.lua
index bf6f2bc..99f9418 100755
--- a/apt-panopticon.lua
+++ b/apt-panopticon.lua
@@ -75,6 +75,7 @@ local releaseFiles =
 {
     -- Release file.
     "/Release",				-- 3.7 MB
+    "/Release.gpg",			--
 --    "/InRelease",			-- 3.7 MB
 --    "/main/binary-all/Packages.xz",	-- 2.6 GB for all that changed recently.
     -- Contents files.			-- 3.3 GB
@@ -624,6 +625,13 @@ local postDownload = function(host, r, k)
 	    " && [ ! -f results/" .. host .. "/merged/dists/" .. r .. k .. " ]; then cp" ..
 		    "   results/" .. host .. "/merged/dists/" .. r .. k .. ".old" ..
 		    "   results/" .. host .. "/merged/dists/" .. r .. k .. "; fi")
+    if testing("Integrity") then
+	if ".gpg" == k:sub(-4, -1) then
+	    local status, out = execute("gpgv --keyring /usr/share/keyrings/devuan-keyring.gpg results/" .. host .. "/merged/dists/" .. r .. k .. 
+					" results/" .. host .. "/merged/dists/" .. r .. k:sub(1, -5) .. " 2>/dev/null")
+	    if "0" ~= status then E("GPG check failed - " .. host .. "/merged/dists/" .. r .. k, "http", "Integrity", host) end
+	end
+    end
 end
 
 local downloadLock = "flock -n results/curl-"
-- 
cgit v1.1