From 734441d6c0c6dabc77a964d84cf99a127ec680fc Mon Sep 17 00:00:00 2001 From: Oliver Gugger Date: Wed, 27 Jan 2021 11:12:04 +0100 Subject: [PATCH] scripts: don't fail on missing public key When verifying the release signatures, we don't want to fail if a signer's signature is not available in the gpg key ring. Instead we just don't want to count the signature for now and still succeed if there's at least one other good sig with a known key. --- scripts/verify-install.sh | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/scripts/verify-install.sh b/scripts/verify-install.sh index cf7806f1..3c0c1feb 100755 --- a/scripts/verify-install.sh +++ b/scripts/verify-install.sh @@ -107,14 +107,17 @@ NUM_CHECKS=0 for signature in $SIGNATURES; do # First make sure the downloaded signature file is valid. echo "Verifying $signature" - if ! gpg --verify "$signature" 2>&1 | grep -q "Good signature"; then + if gpg --verify "$signature" 2>&1 | grep -q "Good signature"; then + echo "Signature for $signature checks out: " + gpg --verify "$signature" 2>&1 | grep "using" + elif gpg --verify "$signature" 2>&1 | grep -q "No public key"; then + echo "Unable to verify signature $signature, no key available, skipping" + continue + else echo "ERROR: Did not get valid signature for $signature!" exit 1 fi - echo "Signature for $signature checks out: " - gpg --verify "$signature" 2>&1 | grep "using" - echo "" # Then make sure that the hash of the installed binaries can be found in the