From 0e58198f3654e1a788322c1bbd68a78f5ba12208 Mon Sep 17 00:00:00 2001 From: Pierre Schmitz Date: Mon, 31 Oct 2011 13:14:16 +0100 Subject: commitpkg: Check signature if available --- commitpkg.in | 3 +++ 1 file changed, 3 insertions(+) (limited to 'commitpkg.in') diff --git a/commitpkg.in b/commitpkg.in index 2216b54..662cb09 100644 --- a/commitpkg.in +++ b/commitpkg.in @@ -165,6 +165,9 @@ for _arch in ${arch[@]}; do gpg --detach-sign --use-agent ${SIGNWITHKEY} "${pkgfile}" || abort fi if [ -f "${sigfile}" ]; then + if ! gpg --verify "$sigfile" >/dev/null 2>&1; then + abort "Signature ${pkgfile}.sig is incorrect!" + fi uploads+=("$sigfile") elif [[ $SIGNPKG == 'y' ]]; then abort "Signature ${pkgfile}.sig was not found" -- cgit v1.2.3-54-g00ecf