local/require-signed-push: cleanup & shellcheckgithooks-20220111T185119Z

Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>

1 files changed, 12 insertions, 10 deletions

diff --git a/local/require-signed-push b/local/require-signed-push
index 005f47e..5aaf554 100755
--- a/local/require-signed-push
+++ b/local/require-signed-push
@@ -36,7 +36,7 @@ fail_signed_push() {
 		git --no-pager show "$GIT_PUSH_CERT"
 		warn "====="
 	fi
-	exit 1
+	silent_die
 }
 
 log_git_push() {
@@ -155,16 +155,19 @@ log_git_push
 case ${VERIFY_SIGS} in
 	gentoo-devs)
 		if [[ ${GL_USER} != *@gentoo.org ]]; then
-			echo "*** Pusher address is not @gentoo.org" >&2
-			echo "    (it is ${GL_USER})" >&2
-			echo "*** Please report this to infra" >&2
-			exit 1
+			warn "*** Pusher address is not @gentoo.org" >&2
+			warn "    (it is ${GL_USER})" >&2
+			warn "*** Please report this to infra" >&2
+			silent_die
 		fi
 
 		# find key fingerprints in LDAP
-		KEY_FPS=( $(ldapsearch "uid=${GL_USER%@gentoo.org}" -D '' -Z -LLL \
-			gpgfingerprint -o ldif-wrap=no | \
-			sed -n -e '/^gpgfingerprint: /{s/^.*://;s/ //g;p}') )
+		mapfile -t KEY_FPS <( \
+			ldapsearch -o ldif-wrap=no -x -D '' -Z -LLL \
+					"uid=${GL_USER%@gentoo.org}" \
+					gpgfingerprint \
+			| sed -n -e '/^gpgfingerprint: /{s/^.*://;s/ //g;p}'\
+		)
 		# match signing key to the primary key
 		PRIMARY_KEY=$(gpg --batch --with-colons --fingerprint "${GIT_PUSH_CERT_KEY}" \
 			| sed -n -e '/^pub/{n;/^fpr/p}' | cut -d: -f10)
@@ -180,8 +183,7 @@ case ${VERIFY_SIGS} in
 	no)
 		;;
 	*)
-		echo "Invalid value of gentoo.verify-signatures" >&2
-		exit 1
+		die "Invalid value of gentoo.verify-signatures"
 esac
 
 # Now validate