Try importing new keys via signature verification

This commit is contained in:
Vitaly Cheptsov 2020-11-04 17:02:29 +03:00 committed by GitHub
parent 9351f697ff
commit 750b589575
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -39,14 +39,10 @@ if [ "$UPLATFORM" = "mac" ]; then
export PATH="/opt/qt56sm/bin:$PATH" export PATH="/opt/qt56sm/bin:$PATH"
elif [ "$UPLATFORM" = "win32" ]; then elif [ "$UPLATFORM" = "win32" ]; then
# Install missing dependencies # Install missing dependencies
curl -O -o /tmp/keyring.tar.xz http://repo.msys2.org/msys/x86_64/msys2-keyring-r21.b39fb11-1-any.pkg.tar.xz || exit 1 curl -O http://repo.msys2.org/msys/x86_64/msys2-keyring-r21.b39fb11-1-any.pkg.tar.xz || exit 1
krsum=$(shasum -a 256 /tmp/keyring.tar.xz | cut -f1 -d' ') curl -O http://repo.msys2.org/msys/x86_64/msys2-keyring-r21.b39fb11-1-any.pkg.tar.xz.sig || exit 1
krexpsum="f1cc152902fd6018868b64d015cab9bf547ff9789d8bd7c0d798fb2b22367b2b" pacman-key --verify msys2-keyring-r21.b39fb11-1-any.pkg.tar.xz.sig || exit 1
if [ "$krsum" != "$krexpsum" ]; then pacman -U --noconfirm msys2-keyring-r21.b39fb11-1-any.pkg.tar.xz || exit 1
echo "Keyring hash $krsum does not match $krexpsum"
exit 1
fi
pacman -U /tmp/keyring.tar.xz || exit 1
pacman -Syu --ignore pacman --noconfirm || exit 1 pacman -Syu --ignore pacman --noconfirm || exit 1
pacman -S --noconfirm --needed zip unzip curl perl mingw-w64-i686-toolchain mingw-w64-i686-cmake || exit 1 pacman -S --noconfirm --needed zip unzip curl perl mingw-w64-i686-toolchain mingw-w64-i686-cmake || exit 1