OSSForks/node
1
0
Fork 0
mirror of https://github.com/zebrajr/node.git synced 2025-12-06 00:20:08 +01:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity

tools: verify signatures when updating nghttp*

Browse Source 
PR-URL: https://github.com/nodejs/node/pull/60113
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Richard Lau <richard.lau@ibm.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
This commit is contained in:
Antoine du Hamel 2025-10-05 17:02:17 +02:00 committed by GitHub
parent ed94bc48f3
commit eaf6d49816
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
tools/dep_updaters/nghttp.kbx Normal file
View File

Binary file not shown.

11
tools/dep_updaters/update-nghttp2.sh
View File

@ -42,18 +42,19 @@ cleanup () {
trap cleanup INT TERM EXIT
NGHTTP2_REF="v$NEW_VERSION"
NGHTTP2_TARBALL="nghttp2-$NEW_VERSION.tar.gz"
NGHTTP2_TARBALL="nghttp2-$NEW_VERSION.tar.xz"
cd "$WORKSPACE"
echo "Fetching nghttp2 source archive"
curl -sL -o "$NGHTTP2_TARBALL" "https://github.com/nghttp2/nghttp2/releases/download/$NGHTTP2_REF/$NGHTTP2_TARBALL"
DEPOSITED_CHECKSUM=$(curl -sL "https://github.com/nghttp2/nghttp2/releases/download/$NGHTTP2_REF/checksums.txt" | grep "$NGHTTP2_TARBALL")
echo "Verifying PGP signature"
curl -sL "https://github.com/nghttp2/nghttp2/releases/download/${NGHTTP2_REF}/${NGHTTP2_TARBALL}.asc" \
| gpgv --keyring "$BASE_DIR/tools/dep_updaters/nghttp.kbx" "$NGHTTP2_TARBALL"
log_and_verify_sha256sum "nghttp2" "$NGHTTP2_TARBALL" "$DEPOSITED_CHECKSUM"
gzip -dc "$NGHTTP2_TARBALL" | tar xf -
echo "Unpacking archive"
tar xJf "$NGHTTP2_TARBALL"
rm "$NGHTTP2_TARBALL"
mv "nghttp2-$NEW_VERSION" nghttp2

8
tools/dep_updaters/update-nghttp3.sh
View File

@ -48,8 +48,12 @@ cd "$WORKSPACE"
echo "Fetching nghttp3 source archive..."
curl -sL -o "$ARCHIVE_BASENAME.tar.xz" "https://github.com/ngtcp2/nghttp3/releases/download/${NGHTTP3_REF}/${ARCHIVE_BASENAME}.tar.xz"
SHA256="$(curl -sL "https://github.com/ngtcp2/nghttp3/releases/download/${NGHTTP3_REF}/checksums.txt" | grep 'tar.xz$')"
log_and_verify_sha256sum "nghttp3" "$ARCHIVE_BASENAME.tar.xz" "$SHA256"
echo "Verifying PGP signature..."
curl -sL "https://github.com/ngtcp2/nghttp3/releases/download/${NGHTTP3_REF}/${ARCHIVE_BASENAME}.tar.xz.asc" \
| gpgv --keyring "$BASE_DIR/tools/dep_updaters/nghttp.kbx" - "$ARCHIVE_BASENAME.tar.xz"
echo "Unpacking archive..."
tar -xJf "$ARCHIVE_BASENAME.tar.xz"
rm "$ARCHIVE_BASENAME.tar.xz"
mv "$ARCHIVE_BASENAME" nghttp3