source.mk: Improve gpg verification

1 files changed, 19 insertions, 12 deletions

diff --git a/source.mk b/source.mk
index f9a173b..8be0349 100644
--- a/source.mk
+++ b/source.mk
@@ -31,21 +31,28 @@ upstream_name = gcc-$$(printf '%s\n' '$(OPK_SOURCE_VERSION_UPSTREAM)' | \
 upstream_archive = $(upstream_name).tar.bz2
 upstream_url = http://ftp.gnu.org/gnu/gcc/$(upstream_name)/$(upstream_archive)
 source_archive = ../$(OPK_SOURCE)-$(OPK_SOURCE_VERSION_UPSTREAM).orig.tar.bz2
-gcc_keys = 745C015A B75C61B8 902C9419 F71EDF1C FC26A641 C3C45C06
+
+gpg = GNUPGHOME=gnupghome/ gpg --no-default-keyring --keyring ../keyring.gpg
+keys = \
+	'B215 C163 3BCA 0477 615F  1B35 A5B3 A004 745C 015A' \
+	'B3C4 2148 A44E 6983 B3E4  CC07 93FA 9B1A B75C 61B8' \
+	'90AA 4704 69D3 965A 87A5  DCB4 94D0 3953 902C 9419' \
+	'80F9 8B2E 0DAB 6C82 81BD  F541 A7C8 C3B2 F71E DF1C' \
+	'7F74 F97C 1034 68EE 5D75  0B58 3AB0 0996 FC26 A641' \
+	'33C2 35A3 4C46 AA3F FB29  3709 A328 C3A2 C3C4 5C06'
 
 $(source_archive):
-	wget "$(upstream_url)"
-	if gpg --version >/dev/null 2>&1; then \
-		wget "$(upstream_url).sig" && \
-		{ \
-			[ -e ../gcc-keyring.gpg ] || \
-			gpg --keyring ../gcc-keyring.gpg --no-default-keyring \
-				--recv-keys $(gcc_keys); \
-		} && \
-		gpg --verify --keyring ../gcc-keyring.gpg \
-			"$(upstream_archive).sig" || \
-		exit ${?}; \
+	wget -c "$(upstream_url)" "$(upstream_url).sig"
+	install -m 0700 -d gnupghome/
+	[ -e ../keyring.gpg ] || \
+		$(gpg) --keyserver hkp://pool.sks-keyservers.net \
+			--recv-keys $(keys); \
+	rm -f ../keyring.gpg~; \
+	if ! $(gpg) --verify "$(upstream_archive).sig"; then \
+		rm -Rf gnupghome/; \
+		exit 1; \
 	fi
+	rm -Rf gnupghome/
 	tar -xjf "$(upstream_archive)"
 	for file in $(non_free_files); do \
 		rm -f "$(upstream_name)/$${file}"; \