scripts/verify-install: bump min required signatures to 5

This commit is contained in:
Conner Fromknecht 2021-02-12 12:24:51 -08:00
parent 12182d0fc9
commit c03f95a63b
No known key found for this signature in database
GPG Key ID: E7D737B67FA592C7

@ -172,6 +172,22 @@ for signature in $SIGNATURES; do
((NUM_CHECKS=NUM_CHECKS+1)) ((NUM_CHECKS=NUM_CHECKS+1))
done done
# We want at least five signatures (out of seven public keys) that sign the
# hashes of the binaries we have installed. If we arrive here without exiting,
# it means no signature manifests were uploaded (yet) with the correct naming
# pattern.
MIN_REQUIRED_SIGNATURES=5
if [[ $NUM_CHECKS -lt $MIN_REQUIRED_SIGNATURES ]]; then
echo "ERROR: Not enough valid signatures found!"
echo " Valid signatures found: $NUM_CHECKS"
echo " Valid signatures required: $MIN_REQUIRED_SIGNATURES"
echo
echo " Make sure the release $LND_VERSION contains the required "
echo " number of signatures on the manifest, or wait until more "
echo " signatures have been added to the release."
exit 1
fi
# Then make sure that the hash of the installed binaries can be found in the # Then make sure that the hash of the installed binaries can be found in the
# manifest that we now have verified the signatures for. # manifest that we now have verified the signatures for.
if ! grep -q "^$LND_SUM" "$MANIFEST"; then if ! grep -q "^$LND_SUM" "$MANIFEST"; then
@ -195,14 +211,5 @@ fi
echo "" echo ""
echo "Verified lnd and lncli hashes against $MANIFEST" echo "Verified lnd and lncli hashes against $MANIFEST"
# We want at least one signature that signs the hashes of the binaries we have
# installed. If we arrive here without exiting, it means no signature manifests
# were uploaded (yet) with the correct naming pattern.
if [[ $NUM_CHECKS -lt 1 ]]; then
echo "ERROR: No valid signatures found!"
echo "Make sure the release $LND_VERSION contains any signatures for the manifest."
exit 1
fi
echo "" echo ""
echo "SUCCESS! Verified lnd and lncli against $NUM_CHECKS developer signature(s)." echo "SUCCESS! Verified lnd and lncli against $NUM_CHECKS developer signature(s)."