scripts/get_waf.sh: verify signature if gpg available

[aubio.git] / scripts / get_waf.sh

diff --git a/scripts/get_waf.sh b/scripts/get_waf.sh
index e24ad24..f137d7a 100755 (executable)
--- a/scripts/get_waf.sh
+++ b/scripts/get_waf.sh
@@ -1,11 +1,12 @@
 #! /bin/bash
 
 set -e
-set -x
+#set -x
 
 WAFVERSION=2.0.11
 WAFTARBALL=waf-$WAFVERSION.tar.bz2
 WAFURL=https://waf.io/$WAFTARBALL
+WAFUPSTREAMKEY=https://gitlab.com/ita1024/waf/raw/master/utils/pubkey.asc
 
 WAFBUILDDIR=`mktemp -d`
 
@@ -15,23 +16,39 @@ function cleanup () {
 
 trap cleanup SIGINT SIGTERM
 
-function buildwaf () {
-  pushd $WAFBUILDDIR
+function download () {
+  ( [[ -n `which wget` ]] && wget -qO $1 $2 ) || ( [[ -n `which curl` ]] && curl -so $1 $2 )
+}
+
+function checkwaf () {
+  download $WAFTARBALL.asc $WAFURL.asc
+  if [[ -z `which gpg` ]]
+  then
+    echo "Warning: gpg not found, not verifying signature for $WAFTARBALL"
+  else
+    download - $WAFUPSTREAMKEY | gpg --import
+    gpg --verify $WAFTARBALL.asc || exit 1
+  fi
+}
 
-  ( which wget > /dev/null && wget -qO $WAFTARBALL $WAFURL ) || ( which curl > /dev/null && curl $WAFURL > $WAFTARBALL )
+function fetchwaf () {
+  download $WAFTARBALL $WAFURL
+  checkwaf
+}
 
+function buildwaf () {
   tar xf $WAFTARBALL
   pushd waf-$WAFVERSION
   NOCLIMB=1 python waf-light --tools=c_emscripten $*
-
-  popd
   popd
-
-  cp -prv $WAFBUILDDIR/waf-$WAFVERSION/waf $PWD
-
-  chmod +x waf
 }
 
+pushd $WAFBUILDDIR
+fetchwaf
 buildwaf
+popd
+
+cp -prv $WAFBUILDDIR/waf-$WAFVERSION/waf $PWD
+chmod +x waf
 
 cleanup