diff options
| author | Philip Whineray <phil@firehol.org> | 2018-08-12 10:13:13 +0100 |
|---|---|---|
| committer | Philip Whineray <phil@firehol.org> | 2018-08-12 11:22:08 +0100 |
| commit | e60274499c794f56b961459f8777f5e024921f31 (patch) | |
| tree | e22b5eb6abcd88fe82506a0d47b83d160b6c2c2d /.travis.yml | |
| parent | 6832ce444d2637173a6bac436805ca9e55b84fc1 (diff) | |
Download public keys by fingerprint in travis
The uid and fingerprint are more legible than the full key, which should
make future changes easier to review.
The keys are used by Travis only to validate that a git tag was signed
with a recognised key. The results of the build are signed separately.
You can confirm the fingerprints in .travis.yml match the ones in
the by running this on the old packaging/gpg.keys:
gpg --import-options show-only --import packaging/gpg.keys
Diffstat (limited to '.travis.yml')
| -rw-r--r-- | .travis.yml | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/.travis.yml b/.travis.yml index 5424c65bc6..23202836a0 100644 --- a/.travis.yml +++ b/.travis.yml @@ -31,10 +31,13 @@ before_install: - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew install fakeroot; fi - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew install ossp-uuid; fi - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew install xz; fi + - export KEYSERVER=ipv4.pool.sks-keyservers.net # # Run before_script: - - gpg --import packaging/gpg.keys + # Download keys - builds of tags check for a recognised signature + - ./packaging/gpg-recv-key phil@firehol.org "9CCE 9A8D 5328 FBD6 CE29 6DCC 63DF 1E44 D829 797E" + - ./packaging/gpg-recv-key costa@tsaousis.gr "4DFF 624A E564 3B51 2872 1F40 29CA 3358 89B9 A863" # Run the commit hooks in case the developer didn't - git diff 4b825dc642cb6eb9a060e54bf8d69288fbee4904 | ./packaging/check-files - script: |