X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=fsf-keyring.sh;fp=fsf-keyring.sh;h=413a24a6465bfa4503758e1df2fa186198ae2ed4;hb=098d6762156c1a3faf666486e61af166fa68e571;hp=bc4fd57395ca70aaaf9a0d0d639d77bcc7351493;hpb=7e846d87b28e06d4cd566557d332023952bd7fa3;p=fsf-keyring.git

diff --git a/fsf-keyring.sh b/fsf-keyring.sh
index bc4fd57..413a24a 100755
--- a/fsf-keyring.sh
+++ b/fsf-keyring.sh
@@ -10,6 +10,8 @@ shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
 set -eE -o pipefail
 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
+dos_attack_bytes=1000000
+
 refresh-gpg-key() {
 
   key=$1
@@ -63,15 +65,12 @@ for KEY in $KEYS ; do
   fi
 done
 
-gpg --armor --export $KEYS > fsf-keyring.gpg
+gpg --armor --export $KEYS > key-export
+
+(( "$(stat -c %s key-export)" > "${dos_attack_bytes}" )) && echo -e "\n\nerror: keyring is very large. did we get a signature DoS attack?\n\n" && exit 1
+
+mv key-export fsf-keyring.gpg
 
-echo "Please verify in another terminal window that the keyring doesn't contain many spam signatures before signing:"
-echo
-echo "ls -lh fsf-keyring.gpg"
-echo
-echo "Press [enter] to continue."
-echo
-read
 gpg --armor --sign ./fsf-keyring.gpg
 mv fsf-keyring.gpg.asc fsf-keyring.gpg
 rm -f fsf-keyring.gpg~