Skip to content

Instantly share code, notes, and snippets.

@dblevins

dblevins/cleanverify.sh

Created Sep 16, 2021
Star
Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
Raw
cleanverify.sh
#!/bin/bash
mkdir /tmp/test
cd /tmp/test
curl -s -O https://archive.apache.org/dist/tomee/KEYS
curl -s -O https://archive.apache.org/dist/tomee/tomee-9.0.0-M7/apache-tomee-9.0.0-M7-webprofile.tar.gz
curl -s -O https://archive.apache.org/dist/tomee/tomee-9.0.0-M7/apache-tomee-9.0.0-M7-webprofile.tar.gz.asc
echo "
list keys
"
gpg --homedir . --list-keys
echo "
import KEYS file
"
gpg --homedir . --import KEYS
echo "
verify signature
"
gpg --homedir . --output apache-tomee-9.0.0-M7-webprofile.tar.gz --decrypt apache-tomee-9.0.0-M7-webprofile.tar.gz.asc
Raw
output.txt
list keys
gpg: WARNING: unsafe permissions on homedir '/private/tmp/test'
gpg: keybox '/private/tmp/test/pubring.kbx' created
gpg: /private/tmp/test/trustdb.gpg: trustdb created
import KEYS file
gpg: WARNING: unsafe permissions on homedir '/private/tmp/test'
gpg: key CBAEBE39A46C4CA1: 45 signatures not checked due to missing keys
gpg: key CBAEBE39A46C4CA1: public key "Matt Hogstrom <hogstrom@apache.org>" imported
gpg: key 318242FE9A0B1183: public key "Jeremy Whitlock <jwhitlock@apache.org>" imported
gpg: key E126833F9CF64915: 4 signatures not checked due to missing keys
gpg: key E126833F9CF64915: public key "Richard Kenneth McGuire (CODE SIGNING KEY) <rickmcguire@apache.org>" imported
gpg: key C8BB472CD297D428: public key "Jonathan Gallimore <jgallimore@apache.org>" imported
gpg: key 8EBE7DBE8D050EEF: 3 signatures not checked due to missing keys
gpg: key 8EBE7DBE8D050EEF: public key "Jarek Gawor (CODE SIGNING KEY) <gawor@apache.org>" imported
gpg: key 5483E55897ABD9B9: 2 signatures not checked due to missing keys
gpg: key 5483E55897ABD9B9: public key "Jarek Gawor <gawor@apache.org>" imported
gpg: key ED340E0E6D545F97: public key "Andy Gumbrecht (TomEE Code Signing) <agumbrecht@tomitribe.com>" imported
gpg: key A8DE0A4DB863A7C1: public key "Romain Manni-Bucau <rmannibucau@tomitribe.com>" imported
gpg: key E91287822FDB81B1: 1 signature not checked due to a missing key
gpg: key E91287822FDB81B1: public key "Mark Struberg (Apache) <struberg@apache.org>" imported
gpg: key C212662E12F3E1DD: public key "David Blevins <dblevins@apache.org>" imported
gpg: key 997C8F1A5BE6E4C1: public key "Xu Hai Hong (Ivan Xu @ Geronimo) <xhhsld@gmail.com>" imported
gpg: key 622B8F2D043F71D8: public key "Jean-Louis Monteiro (CODE SIGNING KEY) <jlmonteiro@apache.org>" imported
gpg: key 6A62FC8EF17D8FEF: public key "Romain Manni-Bucau <rmannibucau@apache.org>" imported
gpg: key 67C1227A2678363C: public key "Romain Manni-Bucau <rmannibucau@apache.org>" imported
gpg: key 3D4683C24EDC64D1: public key "Roberto Cortez (Apache Signing Key) <radcortez@yahoo.com>" imported
gpg: key CF6FC99C2CC77782: public key "David Blevins <dblevins@tomitribe.com>" imported
gpg: key C0D95C5181D22F04: public key "David Blevins <david.blevins@gmail.com>" imported
gpg: key 9C04914D63645D20: public key "David Blevins <dblevins@tomitribe.com>" imported
gpg: key 358807C52B4B0E23: public key "Jean-Louis Monteiro (CODE SIGNING KEY) <jlmonteiro@apache.org>" imported
gpg: Total number processed: 19
gpg: imported: 19
gpg: no ultimately trusted keys found
verify signature
gpg: WARNING: unsafe permissions on homedir '/private/tmp/test'
gpg: assuming signed data in 'apache-tomee-9.0.0-M7-webprofile.tar.gz'
gpg: Signature made Mon May 3 09:44:14 2021 CDT
gpg: using RSA key 9C04914D63645D20
gpg: Good signature from "David Blevins <dblevins@tomitribe.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 626C 542E DA7C 1138 14B7 7AF0 9C04 914D 6364 5D20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment