fetch-release: check that only one key is imported

Co-authored-by: nixbitcoin <nixbitcoin@i2pmail.org>
This commit is contained in:
Erik Arvstedt 2021-12-15 15:27:57 +01:00
parent 5ab85cb2a5
commit bc7d3a2ed7
No known key found for this signature in database
GPG Key ID: 33312B944DD97846

View File

@ -1,9 +1,11 @@
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p bash coreutils curl jq gnupg
#!nix-shell -i bash -p bash coreutils curl jq gnupg gnugrep
set -euo pipefail
scriptDir=$(cd "${BASH_SOURCE[0]%/*}" && pwd)
trap 'echo "Error at ${BASH_SOURCE[0]}, line $LINENO"' ERR
repo=fort-nix/nix-bitcoin
if [[ ! -v version ]]; then
version=$(curl -s --show-error "https://api.github.com/repos/$repo/releases/latest" | jq -r '.tag_name' | tail -c +2)
@ -17,6 +19,8 @@ mkdir -p -m 700 "$GPG_HOME"
# Import key
gpg --homedir $GPG_HOME --import "$scriptDir/key-jonasnick.bin" &> /dev/null
# Check that exactly one key was imported
(($(gpg --list-keys --with-colons | grep -c pub) == 1))
# Verify key fingerprint
gpg --homedir $GPG_HOME --list-keys "36C7 1A37 C9D9 88BD E825 08D9 B1A7 0E4F 8DCD 0366" > /dev/null