Skip to content
This repository was archived by the owner on Apr 10, 2026. It is now read-only.

Verify GPG signatures for OpenSSL / libevent / tor#20

Open
qwzybug wants to merge 1 commit into
ursachec:masterfrom
qwzybug:verify_sigs
Open

Verify GPG signatures for OpenSSL / libevent / tor#20
qwzybug wants to merge 1 commit into
ursachec:masterfrom
qwzybug:verify_sigs

Conversation

@qwzybug

@qwzybug qwzybug commented Jan 14, 2015

Copy link
Copy Markdown

Seems like a good idea, as in issue #8. Lifted from iOS-OnionBrowser. Seems to work after pulling in the required keys.

gpg --search-keys --keyserver hkp://pool.sks-keyservers.net "matt@openssl.org"
gpg --search-keys --keyserver hkp://pgp.mit.edu "nickm@wangafu.net"
gpg --search-keys --keyserver hkp://pgp.mit.edu "arma@torproject.org"

@qwzybug

qwzybug commented Jan 20, 2015

Copy link
Copy Markdown
Author

From the Travis CI log:

<snip>
112 Couldn't verify OpenSSL signature.
113 Have you imported an OpenSSL public key?

Hey, it works! Any thoughts on this, @ursachec?

@chrisballinger

chrisballinger commented Jan 20, 2015

Copy link
Copy Markdown
Collaborator

@qwzybug Hey thanks! To solve this you could make VERIFYGPG reference an environmental variable and then make sure it's set to false in the .travis.yml. Otherwise in the build-all.sh script you could check if it's set, and if its not, default to true. This will break the podspec until people add the keys, so the GPG key import instructions should be added to the README.

@ursachec

ursachec commented Jan 20, 2015

Copy link
Copy Markdown
Owner

Cool stuff @qwzybug !
+1 @ what @chrisballinger said

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@qwzybug @chrisballinger @ursachec