Skip to content

Commit 1ca116a

Browse files
aduh95targos
aduh95
authored and
targos
committed
tools: verify signatures when updating nghttp*
PR-URL: #60113 Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Richard Lau <richard.lau@ibm.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
1 parent c5e4aa7 commit 1ca116a

File tree

3 files changed

+12
-7
lines changed

3 files changed

+12
-7
lines changed

tools/dep_updaters/nghttp.kbx

3.1 KB
Binary file not shown.

tools/dep_updaters/update-nghttp2.sh

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -42,18 +42,19 @@ cleanup () {
4242
trap cleanup INT TERM EXIT
4343

4444
NGHTTP2_REF="v$NEW_VERSION"
45-
NGHTTP2_TARBALL="nghttp2-$NEW_VERSION.tar.gz"
45+
NGHTTP2_TARBALL="nghttp2-$NEW_VERSION.tar.xz"
4646

4747
cd "$WORKSPACE"
4848

4949
echo "Fetching nghttp2 source archive"
5050
curl -sL -o "$NGHTTP2_TARBALL" "https://github.com/nghttp2/nghttp2/releases/download/$NGHTTP2_REF/$NGHTTP2_TARBALL"
5151

52-
DEPOSITED_CHECKSUM=$(curl -sL "https://github.com/nghttp2/nghttp2/releases/download/$NGHTTP2_REF/checksums.txt" | grep "$NGHTTP2_TARBALL")
52+
echo "Verifying PGP signature"
53+
curl -sL "https://github.com/nghttp2/nghttp2/releases/download/${NGHTTP2_REF}/${NGHTTP2_TARBALL}.asc" \
54+
| gpgv --keyring "$BASE_DIR/tools/dep_updaters/nghttp.kbx" "$NGHTTP2_TARBALL"
5355

54-
log_and_verify_sha256sum "nghttp2" "$NGHTTP2_TARBALL" "$DEPOSITED_CHECKSUM"
55-
56-
gzip -dc "$NGHTTP2_TARBALL" | tar xf -
56+
echo "Unpacking archive"
57+
tar xJf "$NGHTTP2_TARBALL"
5758
rm "$NGHTTP2_TARBALL"
5859
mv "nghttp2-$NEW_VERSION" nghttp2
5960

tools/dep_updaters/update-nghttp3.sh

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -48,8 +48,12 @@ cd "$WORKSPACE"
4848

4949
echo "Fetching nghttp3 source archive..."
5050
curl -sL -o "$ARCHIVE_BASENAME.tar.xz" "https://github.com/ngtcp2/nghttp3/releases/download/${NGHTTP3_REF}/${ARCHIVE_BASENAME}.tar.xz"
51-
SHA256="$(curl -sL "https://github.com/ngtcp2/nghttp3/releases/download/${NGHTTP3_REF}/checksums.txt" | grep 'tar.xz$')"
52-
log_and_verify_sha256sum "nghttp3" "$ARCHIVE_BASENAME.tar.xz" "$SHA256"
51+
52+
echo "Verifying PGP signature..."
53+
curl -sL "https://github.com/ngtcp2/nghttp3/releases/download/${NGHTTP3_REF}/${ARCHIVE_BASENAME}.tar.xz.asc" \
54+
| gpgv --keyring "$BASE_DIR/tools/dep_updaters/nghttp.kbx" - "$ARCHIVE_BASENAME.tar.xz"
55+
56+
echo "Unpacking archive..."
5357
tar -xJf "$ARCHIVE_BASENAME.tar.xz"
5458
rm "$ARCHIVE_BASENAME.tar.xz"
5559
mv "$ARCHIVE_BASENAME" nghttp3

0 commit comments

Comments
 (0)