Piwik signature check

author: Silvio Rhatto <rhatto@riseup.net> 2014-11-20 13:45:10 -0200
committer: Silvio Rhatto <rhatto@riseup.net> 2014-11-20 13:45:10 -0200
commit: 04d97616bf410442a28c2c1212fb480e38581363 (patch)
tree: 53efe29b6dec3d0c0e5243839b6de5879224f502
parent: 5bbd599fd24782f6291ab728489414911f890504 (diff)
download: downloaders-04d97616bf410442a28c2c1212fb480e38581363.tar.gz
downloaders-04d97616bf410442a28c2c1212fb480e38581363.tar.bz2
2 files changed, 11 insertions, 1 deletions
diff --git a/TODO.md b/TODO.md
index fcf4d44..9c6b2e1 100644
--- a/TODO.md
+++ b/TODO.md
@@ -2,4 +2,3 @@ TODO
 ====
 
 * Advocate for [signed releases and https downloads](https://manual.sarava.org/specs/code/).
-* Implemente http://piwik.org/blog/2014/11/verify-signatures-piwik-packages/
diff --git a/piwik-dl b/piwik-dl
index e266c0b..3bdc1de 100755
--- a/piwik-dl
+++ b/piwik-dl
@@ -3,7 +3,18 @@
 # Piwik simple upgrader.
 #
 
+# Parameters
+KEY="814E346FA01A20DBB04B6807B5DBD5925590A237"
+
+# See http://piwik.org/blog/2014/11/verify-signatures-piwik-packages/
+if ! gpg --list-keys "$KEY" &> /dev/null; then
+  gpg --keyserver keys.gnupg.net --recv-keys "$KEY" || exit 1
+fi
+
+# Upgrade procedure
 wget http://piwik.org/latest.zip && \
+wget http://piwik.org/latest.zip.asc && \
+gpg --verify latest.zip.asc latest.zip && \
 mv piwik/ piwik.old && \
 unzip latest.zip && \
 rm *html && \
author	Silvio Rhatto <rhatto@riseup.net>	2014-11-20 13:45:10 -0200
committer	Silvio Rhatto <rhatto@riseup.net>	2014-11-20 13:45:10 -0200
commit	04d97616bf410442a28c2c1212fb480e38581363 (patch)
tree	53efe29b6dec3d0c0e5243839b6de5879224f502
parent	5bbd599fd24782f6291ab728489414911f890504 (diff)
download	downloaders-04d97616bf410442a28c2c1212fb480e38581363.tar.gz downloaders-04d97616bf410442a28c2c1212fb480e38581363.tar.bz2