feat(user/bk-find-git-verify):Add script to verify many git sigs
[BK-2020-03.git] / user / bk-find-git-verify
1 #!/usr/bin/env bash
2 # Finds and verifies signatures of git repositories in specified dir
3 # Usage: bk-find-git-verify [DIR]
4 # Depends: GNU parallel 20210822, sort (GNU coreutils) 8.32
5 # Version: 0.0.1
6
7 # Define functions
8 yell() { echo "$0: $*" >&2; } # print script path and all args to stderr
9 die() { yell "$*"; exit 111; } # same as yell() but non-zero exit status
10 try() { "$@" || die "cannot $*"; } # runs args as command, reports args if command fails
11 git_verify_ops() {
12 # usage: git_verify_ops arg1
13 # input: arg1 git work tree root dir
14 # output: none
15 # depends: yell(), die(), try()
16 local list_tags;
17
18 # Check input
19 ## End function early if arg1 not a dir
20 if [[ ! $# -eq 1 ]]; then yell "ERROR:Incorrect number of args:$#"; return 1; fi;
21 if [[ ! -d "$1" ]]; then yell "ERROR:Not a dir:$1"; return 1; fi;
22 ## TODO: Check if "$1" is git repo
23 yell "DEBUG:Running git_verify_ops on dir:$1";
24
25 # Change work dir to target repo
26 pushd "$1" 1>/dev/random 2>&1;
27
28 # Get list of git tags
29 list_tags="$(git tag --list)";
30
31 # Verify git commit signatures
32 yell "Starting git log of dir:$1";
33 git log --show-signature 1>/dev/random 2>&1;
34 yell "Ending git log of dir:$1";
35
36 # Verify each tag
37 while read -r tag; do
38 yell "DEBUG:Verifying tag:$tag";
39 git verify-tag "$tag" 1>/dev/random 2>&1;
40 done < <(printf "%s" "$list_tags");
41
42 # Return to original work dir
43 popd 1>/dev/random 2>&1;
44
45 # End function;
46 return 0;
47 }; # Verify signatures on git commits and tags
48 main() {
49 # depends: yell(), die(), try()
50 # Check input
51 if [[ ! $# -eq 1 ]]; then die "FATAL:Incorrect arg count:$#"; fi;
52 if [[ ! -d "$1" ]]; then die "FATAL:Not a dir:$1"; fi;
53
54 # Get list of dirs containing '.git' directory
55 dir_list="$(find "$1" -type d -name ".git" 2>/dev/random | parallel dirname '{}' | sort -u)";
56
57 # Perform git verify operations on each directory
58 printf "%s" "$dir_list" | parallel git_verify_ops '{}';
59 }; # main program
60
61 # Export functions
62 export -f yell die try git_verify_ops
63
64 # Run program
65 main "$@";