diff --git a/signing/maintainers.asc b/signing/maintainers.asc new file mode 100644 index 0000000..05cf4eb --- /dev/null +++ b/signing/maintainers.asc @@ -0,0 +1,13 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mDMEZS2ffxYJKwYBBAHaRw8BAQdAjNbYjKILHdph86rsp4mFDG4k6s5rbw33n8MW +LLzSm9G0Jm1haW50YWluZXJzIDxtYWludGFpbmVyc0BjZWxlc3RpYS5vcmc+iJME +ExYKADsWIQQByQcXyOYO4ebczbEGnCukYvdd0QUCZS2ffwIbAwULCQgHAgIiAgYV +CgkICwIEFgIDAQIeBwIXgAAKCRAGnCukYvdd0WqvAQDjx1s5amqAZH0lZZnKshHX +o2UsXBu9PWAkKlcBWVtW7QEApT10/A05QgjKVIV+brZDVgApJe5Qg4xTN3Y2FZ9T +zgG4OARlLZ9/EgorBgEEAZdVAQUBAQdAWzD/Pj6q4gBtM/0aUA3bsm5jUGTNjvvW +kebHPHT1fmcDAQgHiHgEGBYKACAWIQQByQcXyOYO4ebczbEGnCukYvdd0QUCZS2f +fwIbDAAKCRAGnCukYvdd0RI/AQDcVXVjMx0tPAuxhmzy4ACDt2HDaOB9aZI71O59 +dlN05wD/dgE9/HuNWdxwXe93Cvzw2TmXmnpOQHl5XryA5Drv6go= +=pMLV +-----END PGP PUBLIC KEY BLOCK----- diff --git a/signing/verify-signature.sh b/signing/verify-signature.sh new file mode 100755 index 0000000..19734d8 --- /dev/null +++ b/signing/verify-signature.sh @@ -0,0 +1,30 @@ +#!/bin/bash + +# This script enables consumers to verify signatures on artifacts that were +# created via GoReleaser and signed via the maintainers@celestia.org PGP key. +# +# The key's UID is: 01C90717C8E60EE1E6DCCDB1069C2BA462F75DD1 +# The key's name and email is: maintainers + +# Check if the number of arguments is not 2 +if [[ $# -ne 2 ]]; then + echo "Error: Exactly two arguments are required." + echo "Example usage:" + echo " ./verify-signature.sh " + exit 1 +fi + +KEY_FILENAME="maintainers.asc" +GITHUB_URL="https://raw.githubusercontent.com/celestiaorg/.github/main/signing/${KEY_FILENAME}" + +echo "Downloading the maintainers@celestia.org public key" +curl --location ${GITHUB_URL} --output ${KEY_FILENAME} + +echo "Importing ${KEY_FILENAME}" +gpg --import ${KEY_FILENAME} + +echo "Deleting ${KEY_FILENAME}" +rm ${KEY_FILENAME} + +echo "Verifying the signature of "$1" with "$2"" +gpg --verify $1 $2