Building on the work of #1 and #31 it is possible to further refactor the gpg verification code and add additional verification mechanisms other than using the python gpgme binding. With these changes, it is possible to pass a gpg keyring to bmaptool. So now I can instruct consumers of my disk images to run this:
And they will have the assurance that whatever they download, extract and copy to their disk was signed by the same gpg keys as their Debian OS. For even more paranoid people there is the --fingerprint option which forces the bmap file to be signed by the given fingerprint.
Should bmaptool error out if the user supplied the --keyring or --fingerprint options but then bmaptool did not manage to discover a gpg signature? I think doing so would be a sane default, agreed?
Building on the work of #1 and #31 it is possible to further refactor the gpg verification code and add additional verification mechanisms other than using the python gpgme binding. With these changes, it is possible to pass a gpg keyring to bmaptool. So now I can instruct consumers of my disk images to run this:
And they will have the assurance that whatever they download, extract and copy to their disk was signed by the same gpg keys as their Debian OS. For even more paranoid people there is the --fingerprint option which forces the bmap file to be signed by the given fingerprint.
What do you think?