diff options
| author | Jeremy Cline <jeremy@jcline.org> | 2018-04-02 14:55:36 -0400 |
|---|---|---|
| committer | Jeremy Cline <jeremy@jcline.org> | 2018-04-09 11:31:10 -0400 |
| commit | 192ccb6e5f187877d6fa461993727dbd3a528e3c (patch) | |
| tree | 4511dcefde2e5b08ca15731ef33295d9b32af2de | |
| parent | 5324c746460e3f5b248cfe9fec25f3e2a3a23163 (diff) | |
| download | kernel-192ccb6e5f187877d6fa461993727dbd3a528e3c.tar.gz kernel-192ccb6e5f187877d6fa461993727dbd3a528e3c.tar.xz kernel-192ccb6e5f187877d6fa461993727dbd3a528e3c.zip | |
Download patch signatures and verify them
Before uploading the source files, verify the GPG signature is good.
Signed-off-by: Jeremy Cline <jeremy@jcline.org>
| -rw-r--r-- | .gitignore | 1 | ||||
| -rwxr-xr-x | scripts/stable-update.sh | 15 |
2 files changed, 16 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore index 2a888b23d..93aa862ec 100644 --- a/.gitignore +++ b/.gitignore @@ -3,5 +3,6 @@ clog *.bz2 *.rpm *.orig +*.sign kernel-[234].*/ perf-man-*.tar.gz diff --git a/scripts/stable-update.sh b/scripts/stable-update.sh index eefd9a96d..2ea5fb78b 100755 --- a/scripts/stable-update.sh +++ b/scripts/stable-update.sh @@ -42,6 +42,21 @@ if [ ! -f patch-$1.xz ]; then fi fi +if [ ! -f "patch-$1.sign" ]; then + wget "https://cdn.kernel.org/pub/linux/kernel/v4.x/patch-$1.sign" + if [ ! $? -eq 0 ]; then + echo "Signature download failed" + exit 1 + fi +fi + +xzcat "patch-$1.xz" | gpg2 --verify "patch-$1.sign" - +if [ ! $? -eq 0 ]; then + echo "Patch file has invalid or untrusted signature!" + echo "See https://www.kernel.org/category/signatures.html" + exit 1 +fi + grep $1 sources &> /dev/null if [ ! $? -eq 0 ]; then fedpkg upload patch-$1.xz |