|
1 | 1 | #!/usr/bin/env bash |
2 | 2 |
|
3 | | -set -e |
| 3 | +set -ex |
4 | 4 | # For debugging: |
5 | 5 | # set -x |
6 | 6 |
|
@@ -73,21 +73,46 @@ cd "$TMPDIR" |
73 | 73 | curl -O "${URL_BASE}/SHA256SUMS.asc" |
74 | 74 | curl -O "${URL_BASE}/${FILENAME}" |
75 | 75 |
|
76 | | -if [[ "$VERSION" == "0."* ]]; then |
| 76 | +# In version 22.0, release signing changed from a single key signing in |
| 77 | +# SHA256SUMS.asc to multiple keys signing SHA256SUMS. |
| 78 | +# |
| 79 | +# See here for more information: https://github.com/bitcoin/bitcoin/pull/23020 |
| 80 | + |
| 81 | +if [[ "$VERSION" < "22.0" ]]; then |
77 | 82 | gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 01EA5486DE18A882D4C2684590C8019E36C2E964 |
78 | 83 | sha256sum --ignore-missing --check SHA256SUMS.asc \ |
79 | 84 | | tee - | grep -o "${FILENAME}: OK" |
80 | 85 | gpg --verify SHA256SUMS.asc >gpg_verify_out 2>&1 |
81 | 86 | grep '^gpg: Good signature from "Wladimir J. van der Laan' gpg_verify_out |
82 | 87 | grep '^Primary key fingerprint: 01EA 5486 DE18 A882 D4C2 6845 90C8 019E 36C2 E964' gpg_verify_out |
| 88 | + |
83 | 89 | else |
| 90 | + # See bitcoin/contrib/builder-keys/keys.txt for current values. |
| 91 | + # |
| 92 | + # I've chosen a subset of builder keys here who are well-known and reliably |
| 93 | + # sign for releases. |
| 94 | + |
| 95 | + # Wladimir |
84 | 96 | gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 71A3B16735405025D447E8F274810B012346C9A6 |
| 97 | + # Hebasto |
| 98 | + gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys D1DBF2C4B96F2DEBF4C16654410108112E7EA81F |
| 99 | + # Fanquake |
| 100 | + gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys E777299FC265DD04793070EB944D35F9AC3DB76A |
| 101 | + |
85 | 102 | curl -O "${URL_BASE}/SHA256SUMS" |
86 | | - sha256sum --ignore-missing --check SHA256SUMS \ |
87 | | - | tee - | grep -o "${FILENAME}: OK" |
88 | 103 | gpg --verify SHA256SUMS.asc SHA256SUMS >gpg_verify_out 2>&1 || true |
| 104 | + cat gpg_verify_out |
| 105 | + |
89 | 106 | grep '^gpg: Good signature from "Wladimir J. van der Laan' gpg_verify_out |
90 | 107 | grep '^Primary key fingerprint: 71A3 B167 3540 5025 D447 E8F2 7481 0B01 2346 C9A6' gpg_verify_out |
| 108 | + |
| 109 | + grep '^gpg: Good signature from "Hennadii Stepanov' gpg_verify_out |
| 110 | + grep '^Primary key fingerprint: D1DB F2C4 B96F 2DEB F4C1 6654 4101 0811 2E7E A81F' gpg_verify_out |
| 111 | + |
| 112 | + grep '^gpg: Good signature from "Michael Ford' gpg_verify_out |
| 113 | + grep '^Primary key fingerprint: E777 299F C265 DD04 7930 70EB 944D 35F9 AC3D B76A' gpg_verify_out |
| 114 | + |
| 115 | + sha256sum --ignore-missing --check SHA256SUMS | tee - | grep -o "${FILENAME}: OK" |
91 | 116 | fi |
92 | 117 |
|
93 | 118 | tar -xzvf "${FILENAME}" |
|
0 commit comments