Download patch signatures and verify them

Before uploading the source files, verify the GPG signature is good.

Signed-off-by: Jeremy Cline <jeremy@jcline.org>
This commit is contained in:
Jeremy Cline 2018-04-02 14:55:36 -04:00
parent 5324c74646
commit 192ccb6e5f
No known key found for this signature in database
GPG Key ID: 9223308FA9B246DB
2 changed files with 16 additions and 0 deletions

1
.gitignore vendored
View File

@ -3,5 +3,6 @@ clog
*.bz2 *.bz2
*.rpm *.rpm
*.orig *.orig
*.sign
kernel-[234].*/ kernel-[234].*/
perf-man-*.tar.gz perf-man-*.tar.gz

View File

@ -42,6 +42,21 @@ if [ ! -f patch-$1.xz ]; then
fi fi
fi fi
if [ ! -f "patch-$1.sign" ]; then
wget "https://cdn.kernel.org/pub/linux/kernel/v4.x/patch-$1.sign"
if [ ! $? -eq 0 ]; then
echo "Signature download failed"
exit 1
fi
fi
xzcat "patch-$1.xz" | gpg2 --verify "patch-$1.sign" -
if [ ! $? -eq 0 ]; then
echo "Patch file has invalid or untrusted signature!"
echo "See https://www.kernel.org/category/signatures.html"
exit 1
fi
grep $1 sources &> /dev/null grep $1 sources &> /dev/null
if [ ! $? -eq 0 ]; then if [ ! $? -eq 0 ]; then
fedpkg upload patch-$1.xz fedpkg upload patch-$1.xz