Prepare script checks signatures.

Uploaded signing pubkeys to github as a temporary workaround to unreliable keyservers.
2025-11-05 10:28:10 +01:00 · 2019-07-25 12:45:27 +02:00
parent aedfe796b8
commit 1185a5f33d
6 changed files with 1259 additions and 3 deletions
--- a/bin/basicswap_prepare.py
+++ b/bin/basicswap_prepare.py
@@ -155,7 +155,16 @@ def prepareCore(coin, version, settings, data_dir):

    if verified.username is None:
        logger.warning('Signature not verified.')
-        #  TODO raise ValueError('Signature verification failed.')
+
+        pubkeyurl = 'https://raw.githubusercontent.com/tecnovert/basicswap/master/gitianpubkeys/{}_{}.pgp'.format(coin, signing_key_name)
+        logger.info('Importing public key from url: ' + pubkeyurl)
+        gpg.import_keys(urllib.request.urlopen(pubkeyurl).read())
+
+        with open(assert_sig_path, 'rb') as fp:
+            verified = gpg.verify_file(fp, assert_path)
+
+        if verified.username is None:
+            raise ValueError('Signature verification failed.')

    bins = [coin + 'd', coin + '-cli', coin + '-tx']
    with tarfile.open(release_path) as ft: