summaryrefslogtreecommitdiffstats
path: root/scripts
diff options
context:
space:
mode:
authorJeremy Cline <jeremy@jcline.org>2018-04-02 14:55:36 -0400
committerJeremy Cline <jeremy@jcline.org>2018-04-09 11:31:10 -0400
commit192ccb6e5f187877d6fa461993727dbd3a528e3c (patch)
tree4511dcefde2e5b08ca15731ef33295d9b32af2de /scripts
parent5324c746460e3f5b248cfe9fec25f3e2a3a23163 (diff)
downloadkernel-192ccb6e5f187877d6fa461993727dbd3a528e3c.tar.gz
kernel-192ccb6e5f187877d6fa461993727dbd3a528e3c.tar.xz
kernel-192ccb6e5f187877d6fa461993727dbd3a528e3c.zip
Download patch signatures and verify them
Before uploading the source files, verify the GPG signature is good. Signed-off-by: Jeremy Cline <jeremy@jcline.org>
Diffstat (limited to 'scripts')
-rwxr-xr-xscripts/stable-update.sh15
1 files changed, 15 insertions, 0 deletions
diff --git a/scripts/stable-update.sh b/scripts/stable-update.sh
index eefd9a96d..2ea5fb78b 100755
--- a/scripts/stable-update.sh
+++ b/scripts/stable-update.sh
@@ -42,6 +42,21 @@ if [ ! -f patch-$1.xz ]; then
fi
fi
+if [ ! -f "patch-$1.sign" ]; then
+ wget "https://cdn.kernel.org/pub/linux/kernel/v4.x/patch-$1.sign"
+ if [ ! $? -eq 0 ]; then
+ echo "Signature download failed"
+ exit 1
+ fi
+fi
+
+xzcat "patch-$1.xz" | gpg2 --verify "patch-$1.sign" -
+if [ ! $? -eq 0 ]; then
+ echo "Patch file has invalid or untrusted signature!"
+ echo "See https://www.kernel.org/category/signatures.html"
+ exit 1
+fi
+
grep $1 sources &> /dev/null
if [ ! $? -eq 0 ]; then
fedpkg upload patch-$1.xz