Adds support for both gpg and gpg2 when verifying

Martin Harris · Martin Harris · commit 47d5b184c421 · 2020-01-28T16:37:03.000Z
diff --git a/developers/committers/release-process/verify-release-artifacts.md b/developers/committers/release-process/verify-release-artifacts.md
@@ -98,9 +98,16 @@ Verify the hashes and signatures of artifacts
 Then check the hashes and signatures, ensuring you get a positive message from each one:
 
 {% highlight bash %}
+GPG_COMMAND=$((which gpg >> /dev/null && echo gpg) || (which gpg2 >> /dev/null && echo gpg2))
+
+if [ -z "${GPG_COMMAND}" ]; then
+    echo "gpg or gpg2 must be installed, exiting"
+    exit
+fi
+
 for artifact in $(find * -type f ! \( -name '*.asc' -o -name '*.sha256' \) ); do
     shasum -a256 -c ${artifact}.sha256 && \
-    gpg2 --verify ${artifact}.asc ${artifact} \
+    $GPG_COMMAND --verify ${artifact}.asc ${artifact} \
       || { echo "Invalid signature for $artifact. Aborting!"; break; }
 done
 {% endhighlight %}
