Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Verify GPG signatures for OpenSSL / libevent / tor #20

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

qwzybug
Copy link

@qwzybug qwzybug commented Jan 14, 2015

Seems like a good idea, as in issue #8. Lifted from iOS-OnionBrowser. Seems to work after pulling in the required keys.

gpg --search-keys --keyserver hkp://pool.sks-keyservers.net "[email protected]"
gpg --search-keys --keyserver hkp://pgp.mit.edu "[email protected]"
gpg --search-keys --keyserver hkp://pgp.mit.edu "[email protected]"

@qwzybug
Copy link
Author

qwzybug commented Jan 20, 2015

From the Travis CI log:

<snip>
112 Couldn't verify OpenSSL signature.
113 Have you imported an OpenSSL public key?

Hey, it works! Any thoughts on this, @ursachec?

@chrisballinger
Copy link
Collaborator

@qwzybug Hey thanks! To solve this you could make VERIFYGPG reference an environmental variable and then make sure it's set to false in the .travis.yml. Otherwise in the build-all.sh script you could check if it's set, and if its not, default to true. This will break the podspec until people add the keys, so the GPG key import instructions should be added to the README.

@ursachec
Copy link
Owner

Cool stuff @qwzybug !
+1 @ what @chrisballinger said

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants