From 04d97616bf410442a28c2c1212fb480e38581363 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Thu, 20 Nov 2014 13:45:10 -0200
Subject: Piwik signature check

---
 TODO.md  |  1 -
 piwik-dl | 11 +++++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/TODO.md b/TODO.md
index fcf4d44..9c6b2e1 100644
--- a/TODO.md
+++ b/TODO.md
@@ -2,4 +2,3 @@ TODO
 ====
 
 * Advocate for [signed releases and https downloads](https://manual.sarava.org/specs/code/).
-* Implemente http://piwik.org/blog/2014/11/verify-signatures-piwik-packages/
diff --git a/piwik-dl b/piwik-dl
index e266c0b..3bdc1de 100755
--- a/piwik-dl
+++ b/piwik-dl
@@ -3,7 +3,18 @@
 # Piwik simple upgrader.
 #
 
+# Parameters
+KEY="814E346FA01A20DBB04B6807B5DBD5925590A237"
+
+# See http://piwik.org/blog/2014/11/verify-signatures-piwik-packages/
+if ! gpg --list-keys "$KEY" &> /dev/null; then
+  gpg --keyserver keys.gnupg.net --recv-keys "$KEY" || exit 1
+fi
+
+# Upgrade procedure
 wget http://piwik.org/latest.zip && \
+wget http://piwik.org/latest.zip.asc && \
+gpg --verify latest.zip.asc latest.zip && \
 mv piwik/ piwik.old && \
 unzip latest.zip && \
 rm *html && \
-- 
cgit v1.2.3