CPAProxy
CPAProxy copied to clipboard
Verify GPG signatures for OpenSSL / libevent / tor
Seems like a good idea, as in issue #8. Lifted from iOS-OnionBrowser. Seems to work after pulling in the required keys.
gpg --search-keys --keyserver hkp://pool.sks-keyservers.net "[email protected]"
gpg --search-keys --keyserver hkp://pgp.mit.edu "[email protected]"
gpg --search-keys --keyserver hkp://pgp.mit.edu "[email protected]"
From the Travis CI log:
<snip>
112 Couldn't verify OpenSSL signature.
113 Have you imported an OpenSSL public key?
Hey, it works! Any thoughts on this, @ursachec?
@qwzybug Hey thanks! To solve this you could make VERIFYGPG
reference an environmental variable and then make sure it's set to false in the .travis.yml
. Otherwise in the build-all.sh
script you could check if it's set, and if its not, default to true. This will break the podspec until people add the keys, so the GPG key import instructions should be added to the README.
Cool stuff @qwzybug ! +1 @ what @chrisballinger said