source.mk: Rewrite gpg code

2 files changed, 15 insertions, 11 deletions

diff --git a/control b/control
index 6985a91..59cbb3e 100644
--- a/control
+++ b/control
@@ -1,4 +1,4 @@
-Build-Depends: opkhelper-3.0
+Build-Depends: gpg, dirmngr, opkhelper-3.0
 Maintainer: "David T. Stanford" <dstanford@daemonbox.net>,
  "P. J. McDermott" <pj@pehjota.net>
 Homepage: http://www.gnu.org/software/make/
diff --git a/source.mk b/source.mk
index b6101bb..e45e720 100644
--- a/source.mk
+++ b/source.mk
@@ -1,19 +1,23 @@
 upstream_archive = make-$(OPK_SOURCE_VERSION_UPSTREAM).tar.gz
 upstream_url = http://ftp.gnu.org/gnu/make/$(upstream_archive)
 source_archive = ../$(OPK_SOURCE)-$(OPK_SOURCE_VERSION_UPSTREAM).orig.tar.gz
-keys = '3D25 54F0 A153 38AB 9AF1  BB9D 96B0 4715 6338 B6D4'
+
+gpg = GNUPGHOME=gnupghome/ gpg --no-default-keyring --keyring ../keyring.gpg
+keys = \
+	'3D25 54F0 A153 38AB 9AF1  BB9D 96B0 4715 6338 B6D4'
 
 $(source_archive):
-	wget -c '$(upstream_url)'
-	set -e; if gpg --version >/dev/null 2>&1; then \
-		wget -c '$(upstream_url).sig'; \
-		[ -e ../keyring.gpg ] || \
-			gpg --keyring ../keyring.gpg --no-default-keyring \
-				--recv-keys $(keys) || true; \
-		rm -f ../keyring.gpg~; \
-		gpg --verify --keyring ../keyring.gpg \
-			'$(upstream_archive).sig'; \
+	wget -c '$(upstream_url)' '$(upstream_url).sig'
+	install -m 0700 -d gnupghome/
+	[ -e ../keyring.gpg ] || \
+		$(gpg) --keyserver hkp://pool.sks-keyservers.net \
+			--recv-keys $(keys); \
+	rm -f ../keyring.gpg~; \
+	if ! $(gpg) --verify '$(upstream_archive).sig'; then \
+		rm -Rf gnupghome/; \
+		exit 1; \
 	fi
+	rm -Rf gnupghome/
 	mv '$(upstream_archive)' '$(source_archive)'
 
 source: $(source_archive)