CPAProxy Verify GPG signatures for OpenSSL / libevent / tor

Verify GPG signatures for OpenSSL / libevent / tor

Open qwzybug opened this issue 9 years ago • 3 comments

Seems like a good idea, as in issue #8. Lifted from iOS-OnionBrowser. Seems to work after pulling in the required keys.

gpg --search-keys --keyserver hkp://pool.sks-keyservers.net "[email protected]"
gpg --search-keys --keyserver hkp://pgp.mit.edu "[email protected]"
gpg --search-keys --keyserver hkp://pgp.mit.edu "[email protected]"

Jan 14 '15 09:01 qwzybug

From the Travis CI log:

<snip>
112 Couldn't verify OpenSSL signature.
113 Have you imported an OpenSSL public key?

Hey, it works! Any thoughts on this, @ursachec?

Jan 20 '15 03:01 qwzybug

@qwzybug Hey thanks! To solve this you could make VERIFYGPG reference an environmental variable and then make sure it's set to false in the .travis.yml. Otherwise in the build-all.sh script you could check if it's set, and if its not, default to true. This will break the podspec until people add the keys, so the GPG key import instructions should be added to the README.

Jan 20 '15 06:01 chrisballinger

Cool stuff @qwzybug ! +1 @ what @chrisballinger said

Jan 20 '15 22:01 ursachec

CPAProxy CPAProxy copied to clipboard

Verify GPG signatures for OpenSSL / libevent / tor

CPAProxy
CPAProxy copied to clipboard