Re: [PHP] [gnupg] HOW to check signed files from withing PHP

2008-06-23 Thread Per Jessen 
Michelle Konzack wrote:

 Currently I do things like:
 
 [ '/var/www/debian.devel/htdocs/index.php'
 ]
 
 $DIR_BASE=/var/www/customers/konzack
 $DIR_HOST=$DIR_BASE/debian.devel
 $DIR_TMP=$DIR_BASE/TMP
 $DIR_GPG=$DIR_BASE/GNUPG
 
 exec(sed '^/Format:/,/^$/!d' $DIR_TMP/$UPLOAD_ID/$CHANGES |grep '.'
 $DIR_TMP/$UPLOAD_ID/$CHANGES.txt); exec(sed '/^-BEGIN PHP
 SIGNATURE/,/^-END PHP SIGNATURE/p' $DIR_TMP/$UPLOAD_ID/$CHANGES
 $DIR_TMP/$UPLOAD_ID/$CHANGES.sig); exec(gpg --homedir
 $DIR_GPG/GNUPG --verify $DIR_TMP/$UPLOAD_ID/$CHANGES.sig
 $DIR_TMP/$UPLOAD_ID/$CHANGES.txt; FOO; GPGRET); if ($GPGRET) {
   $FLAG = true;
 } else {
   echo I do not like this files...\n;
   exec(rm --force $DIR_TMP/$UPLOAD_ID/* ; rmdir
   --ignore-fail-on-non-empty $DIR_TMP/$ID) $FLAG = false;
 }
 
 
 What I realy dislike are the exec() calls.
 
 Any native PHP5 suggestions which are working faster with less
 resources?

Why bother with php - just combine the whole thing into one
shell-script. 


/Per Jessen, Zürich


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] [gnupg] HOW to check signed files from withing PHP

2008-06-21 Thread Michelle Konzack 

*   Do not Cc: me, because I READ THIS LIST, if I write here   *
*Keine Cc: am mich, ich LESE DIESE LISTE wenn ich hier schreibe*


Hello,

on my Devel site, someone can upload Debian Sources/Packages but  they
must be signed.

OK the first file looks like

---[ command 'tddebdevel --get-changes tdddbidate' ]-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Wed, 31 May 2006 17:11:22 +0200
Source: tddebidate
Binary: tddebidate
Architecture: source all
Version: 0.4.7
Distribution: unstable
Urgency: low
Maintainer: Michelle Konzack [EMAIL PROTECTED]
Changed-By: Michelle Konzack [EMAIL PROTECTED]
Description:
 tddebidate - Show Debian packages by install date/time
Changes:
 tddebidate (0.4.7) unstable; urgency=low
 .
   * Correcting weiredbehaviour of translated TEXT strings in Xdialog
Files:
 0de5e54938bd20a1d0e2ace0eec55708 513 admin extra tddebidate_0.4.7.dsc
 0f6c5b8d180989dac99f0f6fcc3d4a13 6973 admin extra tddebidate_0.4.7.tar.gz
 d2a9d9bc0ac86d861613c1e4d27d8920 8456 admin extra tddebidate_0.4.7_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFEfch5C0FPBMSS+BIRAsYUAJsEwzmzWljrQtGmH+tgmScxOLx8jACfYgFO
FVhP6Wpw75B7TD+QRbGxtsg=
=T2pr
-END PGP SIGNATURE-


and the seconed (.dsc file) is similar.

Does anyone know a tool which is able to check  this  signature  IF  the
PHP5 script runs on the Web-Server?

Currently I do things like:

[ '/var/www/debian.devel/htdocs/index.php' ]

$DIR_BASE=/var/www/customers/konzack
$DIR_HOST=$DIR_BASE/debian.devel
$DIR_TMP=$DIR_BASE/TMP
$DIR_GPG=$DIR_BASE/GNUPG

exec(sed '^/Format:/,/^$/!d' $DIR_TMP/$UPLOAD_ID/$CHANGES |grep '.' 
$DIR_TMP/$UPLOAD_ID/$CHANGES.txt);
exec(sed '/^-BEGIN PHP SIGNATURE/,/^-END PHP SIGNATURE/p' 
$DIR_TMP/$UPLOAD_ID/$CHANGES $DIR_TMP/$UPLOAD_ID/$CHANGES.sig);
exec(gpg --homedir $DIR_GPG/GNUPG --verify $DIR_TMP/$UPLOAD_ID/$CHANGES.sig 
$DIR_TMP/$UPLOAD_ID/$CHANGES.txt; FOO; GPGRET);
if ($GPGRET) {
  $FLAG = true;
} else {
  echo I do not like this files...\n;
  exec(rm --force $DIR_TMP/$UPLOAD_ID/* ; rmdir --ignore-fail-on-non-empty 
$DIR_TMP/$ID)
  $FLAG = false;
}


What I realy dislike are the exec() calls.

Any native PHP5 suggestions which are working faster with less resources?

Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
24V Electronic Engineer
Tamay Dogan Network
Debian GNU/Linux Consultant


-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/
# Debian GNU/Linux Consultant #
Michelle Konzack   Apt. 917  ICQ #328449886
+49/177/935194750, rue de Soultz MSN LinuxMichi
+33/6/61925193 67100 Strasbourg/France   IRC #Debian (irc.icq.com)


signature.pgp
Description: Digital signature