scripts: don't fail on missing public key

When verifying the release signatures, we don't want to fail if a
signer's signature is not available in the gpg key ring. Instead we just
don't want to count the signature for now and still succeed if there's
at least one other good sig with a known key.
This commit is contained in:
Oliver Gugger 2021-01-27 11:12:04 +01:00
parent d176d2d65f
commit 734441d6c0
No known key found for this signature in database
GPG Key ID: 8E4256593F177720

@ -107,14 +107,17 @@ NUM_CHECKS=0
for signature in $SIGNATURES; do
# First make sure the downloaded signature file is valid.
echo "Verifying $signature"
if ! gpg --verify "$signature" 2>&1 | grep -q "Good signature"; then
if gpg --verify "$signature" 2>&1 | grep -q "Good signature"; then
echo "Signature for $signature checks out: "
gpg --verify "$signature" 2>&1 | grep "using"
elif gpg --verify "$signature" 2>&1 | grep -q "No public key"; then
echo "Unable to verify signature $signature, no key available, skipping"
continue
else
echo "ERROR: Did not get valid signature for $signature!"
exit 1
fi
echo "Signature for $signature checks out: "
gpg --verify "$signature" 2>&1 | grep "using"
echo ""
# Then make sure that the hash of the installed binaries can be found in the