source.mk: Rewrite

Upstream changed how releases are signed:

    http://lists.busybox.net/pipermail/busybox/2018-May/086438.html

Thread continues:

    http://lists.busybox.net/pipermail/busybox/2018-June/086478.html

2 files changed, 16 insertions, 12 deletions

diff --git a/control b/control
index 8a30af5..bef7f0e 100644
--- a/control
+++ b/control
@@ -1,3 +1,4 @@
 Maintainer: Patrick McDermott <patrick.mcdermott@libiquity.com>
-Build-Depends: opkhelper-3.0, config-busybox-${Host-Plat}
+Build-Depends: opkhelper-3.0, config-busybox-${Host-Plat},
+ gpg, dirmngr,
 Homepage: http://www.busybox.net/
diff --git a/source.mk b/source.mk
index 91e2fd0..81f822b 100644
--- a/source.mk
+++ b/source.mk
@@ -1,20 +1,23 @@
 upstream_archive = busybox-$(OPK_SOURCE_VERSION_UPSTREAM).tar.bz2
 upstream_url = http://www.busybox.net/downloads/$(upstream_archive)
 source_archive = ../busybox-$(OPK_SOURCE_VERSION_UPSTREAM).orig.tar.bz2
-keys = ACC9965B
+
+gpg = GNUPGHOME=gnupghome/ gpg --no-default-keyring --keyring ../keyring.gpg
+keys = \
+	'C9E9 416F 76E6 10DB D09D  040F 47B7 0C55 ACC9 965B'
 
 $(source_archive):
-	wget "$(upstream_url)"
-	set -e; if gpg --version >/dev/null 2>&1; then \
-		wget "$(upstream_url).sign"; \
-		[ -e ../keyring.gpg ] || \
-			gpg --keyring ../keyring.gpg --no-default-keyring \
-				--recv-keys $(keys); \
-		gpg --verify --keyring ../keyring.gpg \
-			"$(upstream_archive).sign"; \
-		sed -n 's/^MD5:  //p' "$(upstream_archive).sign" | md5sum -c; \
-		sed -n 's/^SHA1: //p' "$(upstream_archive).sign" | sha1sum -c; \
+	wget -c "$(upstream_url)" "$(upstream_url).sig"
+	install -m 0700 -d gnupghome/
+	[ -e ../keyring.gpg ] || \
+		$(gpg) --keyserver hkp://pool.sks-keyservers.net \
+			--recv-keys $(keys); \
+	rm -f ../keyring.gpg~; \
+	if ! $(gpg) --verify "$(upstream_archive).sig"; then \
+		rm -Rf gnupghome/; \
+		exit 1; \
 	fi
+	rm -Rf gnupghome/
 	mv "$(upstream_archive)" "$(source_archive)"
 
 source: $(source_archive)