Improve upstream source verification.

author: P. J. McDermott <pjm@nac.net> 2013-04-06 14:27:39 (EDT)
committer: P. J. McDermott <pjm@nac.net> 2013-04-06 14:27:39 (EDT)
commit: 19c0fc550a91f7f4134858ebda557f4710b6775c (patch)
tree: 15916adeb1314ab2061f4625758f8db352c61657
parent: 7f92d13705cd66916f9e55cfb01f6713cea26fd6 (diff)
2 files changed, 10 insertions, 4 deletions
diff --git a/gcc-keyring.gpg b/gcc-keyring.gpg
new file mode 100644
index 0000000..36424b1
--- /dev/null
+++ b/gcc-keyring.gpg
diff --git a/source.mk b/source.mk
index 7b3f972..353f903 100644
--- a/source.mk
+++ b/source.mk
@@ -24,14 +24,20 @@ UPSTREAM_VER = $$(printf '%s\n' '$(OPK_SOURCE_VERSION_UPSTREAM)' | \
 UPSTREAM_ARCHIVE = gcc-$(UPSTREAM_VER).tar.bz2
 UPSTREAM_URL = ftp://ftp.gnu.org/gnu/gcc/gcc-$(UPSTREAM_VER)/$(UPSTREAM_ARCHIVE)
 SOURCE_ARCHIVE = ../gcc-4.7-$(OPK_SOURCE_VERSION_UPSTREAM).orig.tar.bz2
+GCC_KEYS = 745C015A B75C61B8 902C9419 F71EDF1C FC26A641 C3C45C06
 
 $(SOURCE_ARCHIVE):
 	wget "$(UPSTREAM_URL)"
 	if gpg --version >/dev/null 2>&1; then \
-		wget "$(UPSTREAM_URL).sig"; \
-		wget ftp://ftp.gnu.org/gnu/gnu-keyring.gpg; \
-		gpg --verify --keyring ./gnu-keyring.gpg \
-			"$(UPSTREAM_ARCHIVE).sig" || exit ${?}; \
+		wget "$(UPSTREAM_URL).sig" && \
+		{ \
+			[ -e ../gcc-keyring.gpg ] || \
+			gpg --keyring ../gcc-keyring.gpg --no-default-keyring \
+				--recv-keys $(GCC_KEYS); \
+		} && \
+		gpg --verify --keyring ../gcc-keyring.gpg \
+			"$(UPSTREAM_ARCHIVE).sig" || \
+		exit ${?}; \
 	fi
 	tar -xjf "$(UPSTREAM_ARCHIVE)"
 	for file in $(NON_FREE_FILES); do \
author	P. J. McDermott <pjm@nac.net>	2013-04-06 14:27:39 (EDT)
committer	P. J. McDermott <pjm@nac.net>	2013-04-06 14:27:39 (EDT)
commit	19c0fc550a91f7f4134858ebda557f4710b6775c (patch)
tree	15916adeb1314ab2061f4625758f8db352c61657
parent	7f92d13705cd66916f9e55cfb01f6713cea26fd6 (diff)