From 8368b05249f1f8aec8579499ff1600b3880fee33 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Fri, 17 Apr 2015 17:32:39 +0200 Subject: [PATCH] Use "gpgv" to verify kernel archive signature --- Makefile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 03157ca..3e5612a 100644 --- a/Makefile +++ b/Makefile @@ -56,11 +56,12 @@ $(SIGN_FILE): @wget -q -N $(URL_SIGN) import-keys: - gpg -q --import *-key.asc + @if [ -n "$$GNUPGHOME" ]; then rm -f "$$GNUPGHOME/linux-kernel-trustedkeys.gpg"; fi + @gpg --no-auto-check-trustdb --no-default-keyring --keyring linux-kernel-trustedkeys.gpg -q --import *-key.asc verify-sources: import-keys ifeq ($(BUILD_FLAVOR),pvops) - @xzcat $(SRC_FILE) | gpg -q --verify $(SIGN_FILE) - 2>/dev/null + @xzcat $(SRC_FILE) | gpgv --keyring linux-kernel-trustedkeys.gpg $(SIGN_FILE) - 2>/dev/null else # @gpg --verify $(SIGN_FILE) $(SRC_FILE) # The key has been compromised