Federico Justus Denkena
f28bce4925
Signed-off-by: Federico Justus Denkena <federico.denkena@posteo.de>
24 lines
905 B
Bash
24 lines
905 B
Bash
# Maintainer: Frédéric Pierret <frederic.pierret@qubes-os.org>
|
|
|
|
# Workaround for verifying git tags
|
|
# Feature request: https://bugs.gentoo.org/733430
|
|
qubes_verify_sources_git() {
|
|
# To override the default Qubes repository path, set QUBES_OVERLAY_DIR in your make.conf
|
|
LOCAL_QUBES_OVERLAY_DIR="${QUBES_OVERLAY_DIR:-/var/db/repos/qubes}"
|
|
# Import Qubes developers keys
|
|
gpg --import "${LOCAL_QUBES_OVERLAY_DIR}/keys/qubes-developers-keys.asc" 2>/dev/null
|
|
# Trust Qubes Master Signing Key
|
|
echo '427F11FD0FAA4B080123F01CDDFA1A3E36879494:6:' | gpg --import-ownertrust
|
|
|
|
VALID_TAG_FOUND=0
|
|
for tag in $(git tag --points-at="$1"); do
|
|
if git verify-tag --raw "$tag" 2>&1 | grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)'; then
|
|
VALID_TAG_FOUND=1
|
|
fi
|
|
done
|
|
|
|
if [ "$VALID_TAG_FOUND" -eq 0 ]; then
|
|
die 'Signature verification failed!'
|
|
fi
|
|
}
|