1use crate::errors::*;
2use std::path::Path;
3use std::process::Stdio;
4use tokio::process::Command;
5
6pub async fn verify_sig<P: AsRef<Path>>(sig: P, artifact: P, keyring: P) -> Result<()> {
7 let mut cmd = Command::new("sqv")
8 .arg("--keyring")
9 .arg(keyring.as_ref())
10 .arg("--")
11 .arg(sig.as_ref())
12 .arg(artifact.as_ref())
13 .stdout(Stdio::null())
14 .spawn()
15 .context("Failed to run `sqv`")?;
16
17 let exit = cmd
18 .wait()
19 .await
20 .context("Failed to wait for `sqv` child process")?;
21
22 if exit.success() {
23 Ok(())
24 } else {
25 bail!("Verification of pgp signature didn't succeed");
26 }
27}
28
29#[cfg(test)]
30mod tests {
31 use super::*;
32
33 #[tokio::test]
34 async fn test_verify() -> Result<()> {
35 verify_sig(
36 "data/Release.gpg",
37 "data/Release",
38 "data/pubkey_5384CE82BA52C83A.gpg",
39 )
40 .await
41 }
42}