mirror of
https://github.com/mitb-archive/filebot
synced 2024-08-13 17:03:45 -04:00
gpg --verify doesn't actually work the way any sane person would think...
This commit is contained in:
Reinhard Pointner
parent
e6bbbc6166
commit
dbb26ca3c9
@ -18,9 +18,10 @@ FILEBOT_HOME=`cd "$PRG_DIR" && pwd`
|
||||
|
||||
|
||||
# update core application files
|
||||
PACKAGE_NAME="DELTA.tar.xz"
|
||||
PACKAGE_NAME="CHANGES.tar.xz"
|
||||
PACKAGE_FILE="$FILEBOT_HOME/$PACKAGE_NAME"
|
||||
PACKAGE_URL="@{link.release.index}/HEAD/$PACKAGE_NAME"
|
||||
|
||||
SIGNATURE_FILE="$PACKAGE_FILE.asc"
|
||||
SIGNATURE_URL="$PACKAGE_URL.asc"
|
||||
|
||||
@ -33,17 +34,17 @@ if [ $HTTP_CODE -ne 200 ]; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
curl -L -o "$PACKAGE_FILE" --retry 5 "$PACKAGE_URL"
|
||||
curl -L -o "$PACKAGE_FILE" -z "$PACKAGE_FILE" --retry 5 "$PACKAGE_URL"
|
||||
|
||||
|
||||
# initialize gpg
|
||||
GPG_HOME="$FILEBOT_HOME/data/.gpg"
|
||||
|
||||
if [ ! -d "$GPG_HOME" ]; then
|
||||
mkdir -p "$GPG_HOME" && chmod 700 "$GPG_HOME" && gpg --homedir "$GPG_HOME" --import "$FILEBOT_HOME/maintainer.pub"
|
||||
mkdir -p "$GPG_HOME" && chmod 700 "$GPG_HOME" && gpg --homedir "$GPG_HOME" --no-default-keyring --keyring "trustedkeys.kbx" --import "$FILEBOT_HOME/maintainer.pub"
|
||||
fi
|
||||
|
||||
# verify signature and extract tar
|
||||
if gpg --batch --yes --homedir "$GPG_HOME" --trusted-key "B0976E51E5C047AD0FD051294E402EBF7C3C6A71" --verify "$SIGNATURE_FILE" "$PACKAGE_FILE"; then
|
||||
tar -xJvf "$PACKAGE_FILE" && rm -v "$PACKAGE_FILE"
|
||||
if gpgv --homedir "$GPG_HOME" "$SIGNATURE_FILE" "$PACKAGE_FILE"; then
|
||||
tar -xvf "$PACKAGE_FILE"
|
||||
fi
|
||||
|
||||
Loading…
Reference in New Issue
Block a user