mirror of
https://git.savannah.gnu.org/git/parallel.git
synced 2024-11-25 23:47:53 +00:00
0install: check gpg signature when publishing new version
This commit is contained in:
parent
ac34b44162
commit
10a42484da
|
@ -6,12 +6,27 @@ if [ -z "${version}" ]; then
|
||||||
echo "usage: update <version>"
|
echo "usage: update <version>"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
set -ex
|
set -eux
|
||||||
url="http://ftp.gnu.org/gnu/parallel/parallel-${version}.tar.bz2"
|
url="http://ftpmirror.gnu.org/parallel/parallel-${version}.tar.bz2"
|
||||||
file="/tmp/parallel-${version}.tgz"
|
file="/tmp/parallel-${version}.tgz"
|
||||||
wget "$url" -O "${file}"
|
wget "$url" -O "${file}"
|
||||||
|
wget "$url.sig" -O "${file}.sig"
|
||||||
|
|
||||||
|
# verify published signature comes from expected GPG key
|
||||||
|
gpg -n --verify "${file}.sig" "${file}" 2>&1 | tee "${file}.gpglog"
|
||||||
|
set +x
|
||||||
|
KEYID="$(grep '^Primary key fingerprint:' "${file}.gpglog" | tr -d ' ' | cut -f 2 -d : )"
|
||||||
|
fingerprint="BE9CB49381DE3166A3BC66C12C6229E2FFFFFFF1"
|
||||||
|
if [ "$KEYID" != "$fingerprint" ]; then
|
||||||
|
echo "Signature verification FAILED:"
|
||||||
|
cat "${file}.gpglog"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
set -x
|
||||||
|
|
||||||
( cd "$(dirname "$0")" && \
|
( cd "$(dirname "$0")" && \
|
||||||
0publish \
|
0install run http://0install.net/2006/interfaces/0publish \
|
||||||
--add-version ${version} \
|
--add-version ${version} \
|
||||||
--archive-url="${url}" \
|
--archive-url="${url}" \
|
||||||
--archive-file="${file}" \
|
--archive-file="${file}" \
|
||||||
|
|
Loading…
Reference in a new issue