Test keys

2023-08-26 14:03:29 +08:00
parent 9cda41867d
commit 0dd813c3bc
3 changed files with 38 additions and 2 deletions
--- a/.github/workflows/test-sigs.sh
+++ b/.github/workflows/test-sigs.sh
@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+
+set -x
+set -eo pipefail
+
+. .github/workflows/common.sh
+
+get_key() {
+	local key=$1
+	local server=$2
+	gpg --batch --keyserver "${server}" --recv-keys "${key}"
+	echo -e "${key}:6:" | gpg --import-ownertrust
+}
+
+# verify signature
+keys=( 7D1E8AFD1D4A16D71FADA2F2CCC85C0E40C06A8C )
+for key in "${keys[@]}" ; do
+	get_key "${key}" keys.openpgp.org || get_key "${key}" keyserver.ubuntu.com
+done
+unset key
+gpg --verify "${METADATA_FILE}.sig"
+