more robust checking of signature on dotfiles

author: Sean Whitton <spwhitton@spwhitton.name> 2019-07-25 11:56:49 +0100
committer: Sean Whitton <spwhitton@spwhitton.name> 2019-07-25 11:56:49 +0100
commit: 4838d8a37bdd2d36421772186b9c846eb2d37f68 (patch)
tree: 4595da81ab0483be1470bc6e490bba2afae7d0c8 /bin/git-dotfiles-update-master
parent: bc92e5f3de33d7966c098bfb0c49d6b408508597 (diff)
download: dotfiles-4838d8a37bdd2d36421772186b9c846eb2d37f68.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/bin/git-dotfiles-update-master b/bin/git-dotfiles-update-master
index cf3bf8e9..731cd2f4 100755
--- a/bin/git-dotfiles-update-master
+++ b/bin/git-dotfiles-update-master
@@ -18,8 +18,8 @@ set -e
 . $HOME/.shenv
 
 git fetch origin
-if git verify-commit --raw origin/master 2>&1 \
-       | grep "VALIDSIG .* 8DC2487E51ABDD90B5C4753F0F56D0553B6D411B"; then
+if git verify-commit-by-fp \
+       8DC2487E51ABDD90B5C4753F0F56D0553B6D411B origin/master; then
     # we only fast-forward master, to avoid the possibility of an
     # attacker causing us to check out an older signed commit than the
     # one we have now
author	Sean Whitton <spwhitton@spwhitton.name>	2019-07-25 11:56:49 +0100
committer	Sean Whitton <spwhitton@spwhitton.name>	2019-07-25 11:56:49 +0100
commit	4838d8a37bdd2d36421772186b9c846eb2d37f68 (patch)
tree	4595da81ab0483be1470bc6e490bba2afae7d0c8 /bin/git-dotfiles-update-master
parent	bc92e5f3de33d7966c098bfb0c49d6b408508597 (diff)
download	dotfiles-4838d8a37bdd2d36421772186b9c846eb2d37f68.tar.gz