tange/parallel
1
0
Fork 0
mirror of https://git.savannah.gnu.org/git/parallel.git synced 2024-11-22 05:57:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

0install: check gpg signature when publishing new version

Browse source
This commit is contained in:
Tim Cuthbertson 2013-04-26 20:46:20 +10:00
parent ac34b44162
commit 10a42484da
1 changed files with 18 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
packager/0install/update
View file

@ -6,12 +6,27 @@ if [ -z "${version}" ]; then
echo "usage: update <version>" echo "usage: update <version>"
exit 1 exit 1
fi fi
set -ex set -eux
url="http://ftp.gnu.org/gnu/parallel/parallel-${version}.tar.bz2" url="http://ftpmirror.gnu.org/parallel/parallel-${version}.tar.bz2"
file="/tmp/parallel-${version}.tgz" file="/tmp/parallel-${version}.tgz"
wget "$url" -O "${file}" wget "$url" -O "${file}"
wget "$url.sig" -O "${file}.sig"
# verify published signature comes from expected GPG key
gpg -n --verify "${file}.sig" "${file}" 2>&1 | tee "${file}.gpglog"
set +x
KEYID="$(grep '^Primary key fingerprint:' "${file}.gpglog" | tr -d ' ' | cut -f 2 -d : )"
fingerprint="BE9CB49381DE3166A3BC66C12C6229E2FFFFFFF1"
if [ "$KEYID" != "$fingerprint" ]; then
echo "Signature verification FAILED:"
cat "${file}.gpglog"
exit 1
fi
set -x
( cd "$(dirname "$0")" && \ ( cd "$(dirname "$0")" && \
0publish \ 0install run http://0install.net/2006/interfaces/0publish \
--add-version ${version} \ --add-version ${version} \
--archive-url="${url}" \ --archive-url="${url}" \
--archive-file="${file}" \ --archive-file="${file}" \