Closed zx2c4 closed 4 years ago
Since https://github.com/WireGuard/wireguard-vyatta-ubnt/commit/4dc2d68dc5cc069308a5f9175589a1dcc3bfa972 , downloads now use tarballs and with https://github.com/WireGuard/wireguard-vyatta-ubnt/commit/4a543f0f63881c6764be28b9fc066fbb44a6dfdc now adding the signing key. We can now check signatures before untaring:
zx2c4@thinkpad /tmp $ wget https://git.zx2c4.com/wireguard-linux-compat/snapshot/wireguard-linux-compat-1.0.20200429.tar.xz https://git.zx2c4.com/wireguard-linux-compat/snapshot/wireguard-linux-compat-1.0.20200429.tar.asc --2020-05-03 13:38:47-- https://git.zx2c4.com/wireguard-linux-compat/snapshot/wireguard-linux-compat-1.0.20200429.tar.xz 2020-05-03 13:38:49 (192 KB/s) - ‘wireguard-linux-compat-1.0.20200429.tar.xz’ saved [261668] --2020-05-03 13:38:49-- https://git.zx2c4.com/wireguard-linux-compat/snapshot/wireguard-linux-compat-1.0.20200429.tar.asc 2020-05-03 13:38:49 (69.5 MB/s) - ‘wireguard-linux-compat-1.0.20200429.tar.asc’ saved [858] zx2c4@thinkpad /tmp $ unxz wireguard-linux-compat-1.0.20200429.tar.xz zx2c4@thinkpad /tmp $ gpgv --keyring AB9942E6D4A4CFC3412620A749FC7012A5DE03AE.gpg wireguard-linux-compat-1.0.20200429.tar.asc wireguard-linux-compat-1.0.20200429.tar gpgv: Signature made Wed 29 Apr 2020 10:38:05 PM MDT gpgv: using RSA key AB9942E6D4A4CFC3412620A749FC7012A5DE03AE gpgv: issuer "jason@zx2c4.com" gpgv: Good signature from "Jason A. Donenfeld <Jason@zx2c4.com>" zx2c4@thinkpad /tmp $ tar -xJ --one-top-level=module --strip-components=1 -f wireguard-linux-compat-1.0.20200429.tar.asc wireguard-linux-compat-1.0.20200429.tar
With 6ac71b3 the CI script now checks the signatures properly.
Since https://github.com/WireGuard/wireguard-vyatta-ubnt/commit/4dc2d68dc5cc069308a5f9175589a1dcc3bfa972 , downloads now use tarballs and with https://github.com/WireGuard/wireguard-vyatta-ubnt/commit/4a543f0f63881c6764be28b9fc066fbb44a6dfdc now adding the signing key. We can now check signatures before untaring: