source.mk: Use gpg

3 files changed, 25 insertions, 4 deletions

diff --git a/.gitignore b/.gitignore
index 213a9bf..a09c6b4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,6 +6,7 @@ Session.vim
 
 # Source archives
 *-*.orig.tar.*
+keyring.gpg
 
 # Work area
 tmp/
diff --git a/control b/control
index 322132f..926b61d 100644
--- a/control
+++ b/control
@@ -1,3 +1,8 @@
 Maintainer: "P. J. McDermott" <pj@pehjota.net>
-Build-Depends: opkhelper-3.0, libz.1-dev, libtommath-dev, libtomcrypt-dev
+Build-Depends:
+ gpg, dirmngr,
+ opkhelper-3.0,
+ libz.1-dev,
+ libtommath-dev,
+ libtomcrypt-dev,
 Homepage: https://matt.ucc.asn.au/dropbear/dropbear.html
diff --git a/source.mk b/source.mk
index bafa64d..595978b 100644
--- a/source.mk
+++ b/source.mk
@@ -1,8 +1,23 @@
-upstream_archive = dropbear-$(OPK_SOURCE_VERSION_UPSTREAM).tar.bz2
-upstream_url = https://matt.ucc.asn.au/dropbear/releases/$(upstream_archive)
+upstream_archive = $(OPK_SOURCE)-$(OPK_SOURCE_VERSION_UPSTREAM).tar.bz2
+upstream_url = http://matt.ucc.asn.au/dropbear/releases/$(upstream_archive)
 source_archive = ../$(OPK_SOURCE)-$(OPK_SOURCE_VERSION_UPSTREAM).orig.tar.bz2
 
+gpg = GNUPGHOME=gnupghome/ gpg --no-default-keyring --keyring ../keyring.gpg
+keys = \
+	'F734 7EF2 EE2E 07A2 6762  8CA9 4493 1494 F29C 6773'
+
 $(source_archive):
-	wget -O '$@' '$(upstream_url)'
+	wget -c '$(upstream_url)' '$(upstream_url).asc'
+	install -m 0700 -d gnupghome/
+	[ -e ../keyring.gpg ] || \
+		$(gpg) --keyserver hkp://pool.sks-keyservers.net \
+			--recv-keys $(keys); \
+	rm -f ../keyring.gpg~; \
+	if ! $(gpg) --verify '$(upstream_archive).asc'; then \
+		rm -Rf gnupghome/; \
+		exit 1; \
+	fi
+	rm -Rf gnupghome/
+	mv '$(upstream_archive)' '$(source_archive)'
 
 source: $(source_archive)