From 098d6762156c1a3faf666486e61af166fa68e571 Mon Sep 17 00:00:00 2001
From: Andrew Engelbrecht <andrew@fsf.org>
Date: Mon, 1 Aug 2022 16:15:54 -0400
Subject: [PATCH] automatically check for oversized keyring

---
 fsf-keyring.sh | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/fsf-keyring.sh b/fsf-keyring.sh
index bc4fd57..413a24a 100755
--- a/fsf-keyring.sh
+++ b/fsf-keyring.sh
@@ -10,6 +10,8 @@ shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
 set -eE -o pipefail
 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
+dos_attack_bytes=1000000
+
 refresh-gpg-key() {
 
   key=$1
@@ -63,15 +65,12 @@ for KEY in $KEYS ; do
   fi
 done
 
-gpg --armor --export $KEYS > fsf-keyring.gpg
+gpg --armor --export $KEYS > key-export
+
+(( "$(stat -c %s key-export)" > "${dos_attack_bytes}" )) && echo -e "\n\nerror: keyring is very large. did we get a signature DoS attack?\n\n" && exit 1
+
+mv key-export fsf-keyring.gpg
 
-echo "Please verify in another terminal window that the keyring doesn't contain many spam signatures before signing:"
-echo
-echo "ls -lh fsf-keyring.gpg"
-echo
-echo "Press [enter] to continue."
-echo
-read
 gpg --armor --sign ./fsf-keyring.gpg
 mv fsf-keyring.gpg.asc fsf-keyring.gpg
 rm -f fsf-keyring.gpg~
-- 
2.25.1