Commit Graph

4 Commits

Author SHA1 Message Date
Oliver Gugger
688a8045f0
Merge pull request #4963 from guggero/verify-no-key-fix
scripts: don't fail signature verification on missing public key
2021-01-28 14:52:22 +01:00
Oliver Gugger
734441d6c0
scripts: don't fail on missing public key
When verifying the release signatures, we don't want to fail if a
signer's signature is not available in the gpg key ring. Instead we just
don't want to count the signature for now and still succeed if there's
at least one other good sig with a known key.
2021-01-27 11:12:04 +01:00
Johan T. Halseth
991e077bf3
scripts: add halseth key to verify script 2021-01-27 10:43:32 +01:00
Oliver Gugger
97a141e7af
docker: add verification script to production image
The verification script makes sure the hashes of the binaries inside of
a docker image match those of an official release.
The script first downloads all signatures, validates them, then compares
the hashes of the installed binaries to those contained in the detached
signature files.
2021-01-14 21:48:32 +01:00