From 19c0fc550a91f7f4134858ebda557f4710b6775c Mon Sep 17 00:00:00 2001
From: P. J. McDermott <pjm@nac.net>
Date: Sat, 06 Apr 2013 14:27:39 -0400
Subject: Improve upstream source verification.

---
(limited to 'source.mk')

diff --git a/source.mk b/source.mk
index 7b3f972..353f903 100644
--- a/source.mk
+++ b/source.mk
@@ -24,14 +24,20 @@ UPSTREAM_VER = $$(printf '%s\n' '$(OPK_SOURCE_VERSION_UPSTREAM)' | \
 UPSTREAM_ARCHIVE = gcc-$(UPSTREAM_VER).tar.bz2
 UPSTREAM_URL = ftp://ftp.gnu.org/gnu/gcc/gcc-$(UPSTREAM_VER)/$(UPSTREAM_ARCHIVE)
 SOURCE_ARCHIVE = ../gcc-4.7-$(OPK_SOURCE_VERSION_UPSTREAM).orig.tar.bz2
+GCC_KEYS = 745C015A B75C61B8 902C9419 F71EDF1C FC26A641 C3C45C06
 
 $(SOURCE_ARCHIVE):
 	wget "$(UPSTREAM_URL)"
 	if gpg --version >/dev/null 2>&1; then \
-		wget "$(UPSTREAM_URL).sig"; \
-		wget ftp://ftp.gnu.org/gnu/gnu-keyring.gpg; \
-		gpg --verify --keyring ./gnu-keyring.gpg \
-			"$(UPSTREAM_ARCHIVE).sig" || exit ${?}; \
+		wget "$(UPSTREAM_URL).sig" && \
+		{ \
+			[ -e ../gcc-keyring.gpg ] || \
+			gpg --keyring ../gcc-keyring.gpg --no-default-keyring \
+				--recv-keys $(GCC_KEYS); \
+		} && \
+		gpg --verify --keyring ../gcc-keyring.gpg \
+			"$(UPSTREAM_ARCHIVE).sig" || \
+		exit ${?}; \
 	fi
 	tar -xjf "$(UPSTREAM_ARCHIVE)"
 	for file in $(NON_FREE_FILES); do \
--
cgit v0.9.1