build: verifies the rpm packages signatures.

Closes #12370

build: verifies the rpm packages signatures.
Closes #12370
aefcb06f · Leonard Gram · 332e59d3 · aefcb06f · aefcb06f
Commit aefcb06f authored Aug 14, 2018 by Leonard Gram
Hide whitespace changes
Inline Side-by-side

Showing with 22 additions and 0 deletions

.circleci/config.yml
+5 -0

scripts/build/verify_signed_packages.sh
+17 -0

No files found.
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -148,6 +148,11 @@ jobs:
          name: sign packages
          command: './scripts/build/sign_packages.sh'
      - run:
+          name: verify signed packages
+          command: |
+            curl https://grafanarel.s3.amazonaws.com/RPM-GPG-KEY-grafana > ~/.rpmdb/pubkeys/grafana.key
+            ./scripts/build/verify_signed_packages.sh dist/*.rpm
+      - run:
          name: sha-sum packages
          command: 'go run build.go sha-dist'
      - run:

--- a/scripts/build/verify_signed_packages.sh
+++ b/scripts/build/verify_signed_packages.sh
+#!/bin/bash
+_files=$*
+
+ALL_SIGNED=0
+
+for file in $_files; do
+  rpm -K "$file" | grep "pgp.*OK" -q
+  if [[ $? != 0 ]]; then
+    ALL_SIGNED=1
+    echo $file NOT SIGNED
+  else
+    echo $file OK
+  fi
+done
+
+
+exit $ALL_SIGNED