Test keys

This commit is contained in:
Julian Ospald 2023-08-26 14:03:29 +08:00
parent 9cda41867d
commit 0dd813c3bc
No known key found for this signature in database
GPG Key ID: CCC85C0E40C06A8C
3 changed files with 38 additions and 2 deletions

View File

@ -142,3 +142,17 @@ jobs:
name: Run build (aarch64 linux) name: Run build (aarch64 linux)
with: with:
args: sh -c '.github/workflows/install-bindist.sh' args: sh -c '.github/workflows/install-bindist.sh'
signature-test:
name: Test signatures
runs-on: ubuntu-latest
steps:
- name: Install requirements
shell: sh
run: |
sudo apt-get update && sudo apt-get install -y curl bash git gnupg
- uses: actions/checkout@v3
- name: Test signatures
run: .github/workflows/test-sigs.sh

View File

@ -14,14 +14,14 @@ ghcup --version
which ghcup | grep foobarbaz which ghcup | grep foobarbaz
ghcup_fun() { ghcup_fun() {
ghcup -v --url-source=file:$METADATA_FILE "$@" ghcup -v --url-source="file:$METADATA_FILE" "$@"
} }
case $TOOL in case $TOOL in
ghcup) ghcup)
ghcup_fun upgrade --force ghcup_fun upgrade --force
;; ;;
*) ghcup_fun install $TOOL --set $VERSION *) ghcup_fun install "$TOOL" --set "$VERSION"
;; ;;
esac esac

22
.github/workflows/test-sigs.sh vendored Executable file
View File

@ -0,0 +1,22 @@
#!/usr/bin/env bash
set -x
set -eo pipefail
. .github/workflows/common.sh
get_key() {
local key=$1
local server=$2
gpg --batch --keyserver "${server}" --recv-keys "${key}"
echo -e "${key}:6:" | gpg --import-ownertrust
}
# verify signature
keys=( 7D1E8AFD1D4A16D71FADA2F2CCC85C0E40C06A8C )
for key in "${keys[@]}" ; do
get_key "${key}" keys.openpgp.org || get_key "${key}" keyserver.ubuntu.com
done
unset key
gpg --verify "${METADATA_FILE}.sig"