update gentoo-releng gpg key

Simplify gpg checking by caching a keyring instead of keys to import.

Change-Id: I5ed74ec0e12732aec40ef31377e72d7ddc347f95
Signed-off-by: Matthew Thode <mthode@mthode.org>
This commit is contained in:
Your Name 2020-07-12 21:11:49 +00:00 committed by Matthew Thode
parent 8b08d212c3
commit e384da1a98
No known key found for this signature in database
GPG Key ID: 64A37BEAAE19A4E8
2 changed files with 1 additions and 4 deletions

View File

@ -86,15 +86,12 @@ else
# https://wiki.gentoo.org/wiki/Project:RelEng#Keys # https://wiki.gentoo.org/wiki/Project:RelEng#Keys
# https://dev.gentoo.org/~dolsen/releases/keyrings/gentoo-keys-*.tar.xz # https://dev.gentoo.org/~dolsen/releases/keyrings/gentoo-keys-*.tar.xz
# http://distfiles.gentoo.org/distfiles/gentoo-keys-*.tar.xz # http://distfiles.gentoo.org/distfiles/gentoo-keys-*.tar.xz
GPGDIR=$(mktemp -d -t)
gpg --no-default-keyring --keyring "${GPGDIR}"/gentookeys.gpg --import "${TMP_HOOKS_PATH}"/extra-data.d/gentoo-releng.gpg
# check the sig file # check the sig file
gpgv --keyring "${GPGDIR}"/gentookeys.gpg "${CACHED_SIGNATURE_FILE}" gpgv --keyring "${TMP_HOOKS_PATH}"/extra-data.d/gentoo-releng.gpg "${CACHED_SIGNATURE_FILE}"
if [[ "${?}" != 0 ]]; then if [[ "${?}" != 0 ]]; then
echo 'invalid signature file' echo 'invalid signature file'
exit 1 exit 1
fi fi
rm -rf "${GPGDIR}"
echo 'valid key used' echo 'valid key used'
CACHED_SHA512SUM=$(grep -A1 -e 'SHA512' "${CACHED_SIGNATURE_FILE}" | grep -e "${BASE_IMAGE_FILE_SUFFIX}$" | cut -d\ -f 1) CACHED_SHA512SUM=$(grep -A1 -e 'SHA512' "${CACHED_SIGNATURE_FILE}" | grep -e "${BASE_IMAGE_FILE_SUFFIX}$" | cut -d\ -f 1)
ACTUAL_SHA512SUM=$(sha512sum "${CACHED_FILE}" | cut -d\ -f 1) ACTUAL_SHA512SUM=$(sha512sum "${CACHED_FILE}" | cut -d\ -f 1)