scripts: don't fail on missing public key
When verifying the release signatures, we don't want to fail if a signer's signature is not available in the gpg key ring. Instead we just don't want to count the signature for now and still succeed if there's at least one other good sig with a known key.
This commit is contained in:
parent
d176d2d65f
commit
734441d6c0
@ -107,14 +107,17 @@ NUM_CHECKS=0
|
|||||||
for signature in $SIGNATURES; do
|
for signature in $SIGNATURES; do
|
||||||
# First make sure the downloaded signature file is valid.
|
# First make sure the downloaded signature file is valid.
|
||||||
echo "Verifying $signature"
|
echo "Verifying $signature"
|
||||||
if ! gpg --verify "$signature" 2>&1 | grep -q "Good signature"; then
|
if gpg --verify "$signature" 2>&1 | grep -q "Good signature"; then
|
||||||
|
echo "Signature for $signature checks out: "
|
||||||
|
gpg --verify "$signature" 2>&1 | grep "using"
|
||||||
|
elif gpg --verify "$signature" 2>&1 | grep -q "No public key"; then
|
||||||
|
echo "Unable to verify signature $signature, no key available, skipping"
|
||||||
|
continue
|
||||||
|
else
|
||||||
echo "ERROR: Did not get valid signature for $signature!"
|
echo "ERROR: Did not get valid signature for $signature!"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "Signature for $signature checks out: "
|
|
||||||
gpg --verify "$signature" 2>&1 | grep "using"
|
|
||||||
|
|
||||||
echo ""
|
echo ""
|
||||||
|
|
||||||
# Then make sure that the hash of the installed binaries can be found in the
|
# Then make sure that the hash of the installed binaries can be found in the
|
||||||
|
Loading…
Reference in New Issue
Block a user