#!/bin/sh verify_rpm() { RPM=$1 if ! [ -f $RPM ]; then echo -n "No such file... " return fi if ! rpm --checksig $RPM > /dev/null; then echo "Wrong PGP signature!" exit 1 fi # Even if rpm returns success (ret = 0) that doesn't # mean that the rpm has been signed! It might simply # have no PGP signature at all. Yes, stupidity... if ! rpm --checksig $RPM | grep pgp > /dev/null ; then echo "No PGP signature found!" if [ "$NO_SIGN" == "1" ] ; then # When signing is disabed in qubes-builder # This is used to build unsigned ISO # This should only be used for testing builds exit 0 fi exit 2 fi } if [ $# -lt 1 ]; then echo "Usage: $0 " exit 1 fi for FILE in "$@"; do echo -n "Veryfing: $FILE... " verify_rpm $FILE && echo OK. done