update-smart-drivedb should authenticate the downloaded file

[Christian Franke]

The update-smart-drivedb script does not authenticate the downloaded drivedb.h file. At least the smartmontools packages from Debian and Ubuntu do no longer provide this script due to security concerns (see ​Debian Bug 804299).

A check with GnuPG could be added as follows:

• Add missing drivedb branches for recent release (e.g. RELEASE_6_5_DRIVEDB) and for current trunk (RELEASE_6_6_DRIVEDB). Then the fallback to a download from trunk is no longer needed.

• Create a new signing key for drive database files.

• Add signature files drivedb.h.raw.asc to each maintained branch. These are generated from versions of drivedb.h with unexpanded SVN "$Id$" strings. No such file is needed for the trunk​.

• Modify the update-smart-drivedb​ script such that it downloads drivedb.h and drivedb.h.raw.asc always from the correct branch and then verifies the signature with GPG. The public key could be kept in the script itself.

When changes to the trunk version of the database are later merged to all maintained branches, the signature files could be updated with the same commit. Only these commits will require access to the private key.

[Christian Franke]

r4358, r4359, r4360.

[Christian Franke]

r4364.

[Christian Franke]

The new update script could also be used for older smartmontools releases.
Example (see also r4362):

$ ./configure --prefix=/usr [...--other...] --with-update-smart-drivedb=5.43
...
$ make update-smart-drivedb update-smart-drivedb.8
...
$ sudo ./update-smart-drivedb
/usr/share/smartmontools/drivedb.h updated from branches/RELEASE_5_43_DRIVEDB