Project

General

Profile

Bug #212

[dbscripts] make a check-signature script

fauno - about 7 years ago - . Updated almost 3 years ago.

Status:
open
Priority:
wish
Assignee:
-
% Done:

0%


Description

this can be done with `gpg --verify public/$repo/os/$arch/$pkgname-$pkgver-$pkgrel.pkg.tar.?z.sig` but you know :P

History

#2

Updated by mtjm about 7 years ago

Do we need another script for this? Having developers to learn gpg --verify seems more useful. I don't remember any cases of invalid signatures (all such errors resulted from caching a different package).

#3

Updated by fauno about 7 years ago

I use it to check who packaged something when db-update complains about already released packages ("on another repo").

#4

Updated by mtjm about 7 years ago

I use tar xOf public/....tar.xz .PKGINFO, it works even in the case of bad or missing signatures.

#5

Updated by lukeshu almost 3 years ago

  • Project changed from libretools to dbscripts

Also available in: Atom PDF