From c775f4ec77b3fa58a93849fc7c7c802da99ee748 Mon Sep 17 00:00:00 2001 From: Patrick McDermott Date: Mon, 29 Apr 2019 12:04:14 -0400 Subject: source.mk: Verify OpenPGP signature --- diff --git a/source.mk b/source.mk index bb26c3a..82a5ce0 100644 --- a/source.mk +++ b/source.mk @@ -3,9 +3,25 @@ upstream_ver = $$(printf '%s\n' '$(OPK_SOURCE_VERSION_UPSTREAM)' | \ upstream_archive = zlib-$(upstream_ver).tar.gz upstream_url = http://zlib.net/$(upstream_archive) source_archive = ../zlib-$(OPK_SOURCE_VERSION_UPSTREAM).orig.tar.gz +keys = \ + 'E3EC F4DF 7EDB E724 A3EC FBC2 D9A2 7D25 0196 71A7' \ + '5ED4 6A67 21D3 6558 7791 E2AA 783F CD8E 58BC AFBA' $(source_archive): - wget -O - "$(upstream_url)" | tar -xz + wget -c "$(upstream_url)" + set -e; if gpg --version >/dev/null 2>&1; then \ + wget -c "$(upstream_url).asc"; \ + if ! [ -e ../keyring.gpg ]; then \ + gpg --no-default-keyring --keyring ../keyring.gpg \ + --keyserver hkp://pool.sks-keyservers.net \ + --recv-keys $(keys); \ + fi; \ + rm -f ../keyring.gpg~; \ + gpg --no-default-keyring --keyring ../keyring.gpg \ + --verify "$(upstream_archive).asc"; \ + fi + tar -xzf "$(upstream_archive)" + rm -f "$(upstream_archive)" rm -f "zlib-$(upstream_ver)"/doc/rfc*.txt tar -czf '$(source_archive)' "zlib-$(upstream_ver)" rm -Rf src -- cgit v0.9.1