diff options
author | mrxx | 2018-01-04 21:27:01 +0100 |
---|---|---|
committer | mrxx | 2018-01-04 21:27:01 +0100 |
commit | c3199c2beca07e75352754049829966e9ccdbe6d (patch) | |
tree | 80e88805f51f008fdaa0ea3d48b2865f64483c1b /PKGBUILD | |
parent | 820b4f644104ed52c795c47ea7c5ab6495fdd851 (diff) | |
download | aur-c3199c2beca07e75352754049829966e9ccdbe6d.tar.gz |
Tag's committer signature only shown for information
Diffstat (limited to 'PKGBUILD')
-rw-r--r-- | PKGBUILD | 15 |
1 files changed, 3 insertions, 12 deletions
@@ -1,36 +1,27 @@ # Maintainer: mrxx <mrxx at cyberhome dot at> -# Contributor: Jonhoo <jon at thesquareplanet.com> pkgname=signal-desktop pkgver=1.1.0 -pkgrel=6 +pkgrel=7 pkgdesc='Private messaging from your desktop' _basename=Signal-Desktop license=('GPL3') arch=('any') url='https://github.com/WhisperSystems/Signal-Desktop' -_gpg_keys=https://api.github.com/users/scottnonnenberg/gpg_keys conflicts=('signal' 'signal-desktop-bin' 'signal-desktop-beta') depends=('alsa-lib' 'fontconfig' 'gconf' 'gtk2' 'libnotify' 'libxtst' 'libxss' 'nss') optdepends=('gnome-shell-extension-topicons-plus') makedepends=('git' 'npm' 'python2' 'yarn') install=signal-desktop.install -source=("git+${url}.git#tag=v${pkgver}" "$_gpg_keys" 'signal-desktop.desktop' 'signal-desktop' 'signal-desktop.install') +source=("git+${url}.git#tag=v${pkgver}" 'signal-desktop.desktop' 'signal-desktop' 'signal-desktop.install') sha256sums=('SKIP' - 'SKIP' '2287a32ed2ad8772fab02b7ec3bda185c6e85263f7b6b62595b66535ba8687b0' '0ee7733814827a92fae89df751d4d4e5e0ee28e2a59457b224ec50b7aec31a3a' '91e6ab7a997a94326348183cd8de1c8eb07161ef533d357690d297b1a5f15c79') build() { - msg2 "Verifying gpg signature..." - [ ! -s ${srcdir}/gpg_keys ] && (msg2 "Unable to verify the gpg signature as the developer's keys file was not downloaded properly from $_gpg_keys" && exit 1) cd ${_basename} - _key_id=$(/bin/git verify-tag v${pkgver} 2>&1|/bin/grep using|awk '{print $NF}') - [ -z "$_key_id" ] && (msg2 "Git source NOT trusted: it has no gpg signature at all" && exit 1) - echo " Signing key: $_key_id" - /bin/grep "\"key_id\":.*\"$_key_id\"" ${srcdir}/gpg_keys || (msg2 "Git source NOT trusted: gpg signature is from an unknown third party" && exit 1) - msg2 "Signature OK" + /bin/git verify-tag -v v${pkgver} 2>&1|/bin/grep -e '^tagger' -e '^gpg:.*Signature made' -e '^gpg:.*using.*key' cd ${srcdir}/${_basename} sed -i -re 's/("electron":)(.*)/\1 "~1.7.10",/;s/("electron-builder":)(.*)/\1 "~19.52.1",/;s/("electron-updater":)(.*)/\1 "~2.18.2",/' package.json |