[rst-dev] [Vote] Release Redwax SignText Adwaita v0.9.0
Dirk-Willem van Gulik
dirkx at webweaving.org
Sun Jul 14 16:06:44 CEST 2024
Am wondering if it makes sense to not just check during verify against our private/own keyring - but also against the official KEYs file ?
Dw.
Index: Makefile
===================================================================
--- Makefile (revision 7)
+++ Makefile (working copy)
@@ -14,7 +14,7 @@
# GPG2FLAGS='-u uid at redwax.eu' gmake sign
# to force a specific UID to be used for signing.
#
-#
+KEYS=../keys/KEYS
all: verify
@@ -21,6 +21,12 @@
verify: verify-local
find . -name '*.asc' -exec bash -c "basename {}; gpg2 ${GPG2FLAGS} --armor --verify '{}'" \;
+${KEYS}.gpg:${KEYS}
+ gpg2 --no-default-keyring --keyring "${KEYS}" --import --trust-model always < "${KEYS}"
+
+verify-local: ${KEYS}.gpg
+ find . -name '*.asc' -exec bash -c "basename {}; gpg2 ${GPG2FLAGS} --armor --verify --no-default-keyring --keyring "${KEYS}.gpg" '{}'" \;
+
# test -s "$?" && gpg2 --armor --verify $? || true
sign: sign-tar.gz sign-tar.bz2
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://redwax.eu/pipermail/rst-dev/attachments/20240714/899a1512/attachment.html>
More information about the rst-dev
mailing list