Skip to content
This repository was archived by the owner on Apr 10, 2026. It is now read-only.

Verify GPG signatures for OpenSSL / libevent / tor#20

Open
qwzybug wants to merge 1 commit intoursachec:masterfrom
qwzybug:verify_sigs
Open

Verify GPG signatures for OpenSSL / libevent / tor#20
qwzybug wants to merge 1 commit intoursachec:masterfrom
qwzybug:verify_sigs

Conversation

@qwzybug
Copy link
Copy Markdown

@qwzybug qwzybug commented Jan 14, 2015

Seems like a good idea, as in issue #8. Lifted from iOS-OnionBrowser. Seems to work after pulling in the required keys.

gpg --search-keys --keyserver hkp://pool.sks-keyservers.net "matt@openssl.org"
gpg --search-keys --keyserver hkp://pgp.mit.edu "nickm@wangafu.net"
gpg --search-keys --keyserver hkp://pgp.mit.edu "arma@torproject.org"

@qwzybug
Copy link
Copy Markdown
Author

qwzybug commented Jan 20, 2015

From the Travis CI log:

<snip>
112 Couldn't verify OpenSSL signature.
113 Have you imported an OpenSSL public key?

Hey, it works! Any thoughts on this, @ursachec?

@chrisballinger
Copy link
Copy Markdown
Collaborator

chrisballinger commented Jan 20, 2015

@qwzybug Hey thanks! To solve this you could make VERIFYGPG reference an environmental variable and then make sure it's set to false in the .travis.yml. Otherwise in the build-all.sh script you could check if it's set, and if its not, default to true. This will break the podspec until people add the keys, so the GPG key import instructions should be added to the README.

@ursachec
Copy link
Copy Markdown
Owner

ursachec commented Jan 20, 2015

Cool stuff @qwzybug !
+1 @ what @chrisballinger said

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@qwzybug @chrisballinger @ursachec