From c89e04079cb434e7d0a7de07c4484a83b9be3ad9 Mon Sep 17 00:00:00 2001
From: Michael Wallner <root@s201809.m6w6.name>
Date: Fri, 25 Oct 2019 10:18:06 +0200
Subject: [PATCH 1/1] verify signature after build

---
 bin/gpg-vrfy | 17 +++++++++++++++++
 bin/pecl+sig |  5 +++--
 bin/rsa-vrfy | 18 ++++++++++++++++++
 3 files changed, 38 insertions(+), 2 deletions(-)
 create mode 100755 bin/gpg-vrfy
 create mode 100755 bin/rsa-vrfy

diff --git a/bin/gpg-vrfy b/bin/gpg-vrfy
new file mode 100755
index 0000000..ff37a95
--- /dev/null
+++ b/bin/gpg-vrfy
@@ -0,0 +1,17 @@
+#!/usr/bin/env php
+<?php
+
+ini_set("error_reporting", E_ALL);
+ini_set("display_errors", true);
+
+if ($argc != 3) {
+	fprintf(STDERR, "Usage: %s <pkg name> <phar path>\n\n", basename($argv[0]));
+	exit(1);
+}
+
+list(, $pkg, $src) = $argv;
+$basename = basename($src);
+$dir = __DIR__."/../public/sigs/$pkg";
+
+$cmd = sprintf("gpg --verify %s/%s.asc %s", $dir, $basename, $src);
+passthru($cmd);
diff --git a/bin/pecl+sig b/bin/pecl+sig
index 7c6b9af..b093c0e 100755
--- a/bin/pecl+sig
+++ b/bin/pecl+sig
@@ -24,10 +24,11 @@ function fail($pkg, $ver, $skp, $fmt) {
 }
 
 function sign($pkg, $ext) {
-	$fmt = "%s/%s-sign %s %s%s";
+	$fmt = "%s/%s-%s %s %s%s";
 	foreach (["rsa", "gpg"] as $sig) {
 		foreach (["", ".gz", ".bz2"] as $typ) {
-			passthru(sprintf($fmt, __DIR__, $sig, $pkg, $ext, $typ));
+			passthru(sprintf($fmt, __DIR__, $sig, "sign", $pkg, $ext, $typ));
+			passthru(sprintf($fmt, __DIR__, $sig, "vrfy", $pkg, $ext, $typ));
 		}
 	}
 }
diff --git a/bin/rsa-vrfy b/bin/rsa-vrfy
new file mode 100755
index 0000000..1d43ec1
--- /dev/null
+++ b/bin/rsa-vrfy
@@ -0,0 +1,18 @@
+#!/usr/bin/env php
+<?php
+
+ini_set("error_reporting", E_ALL);
+ini_set("display_errors", true);
+
+if ($argc != 3) {
+	fprintf(STDERR, "Usage: %s <pkg name> <phar path>\n\n", basename($argv[0]));
+	exit(1);
+}
+
+list(, $pkg, $src) = $argv;
+$basename = basename($src);
+$dir = __DIR__."/../public/sigs/$pkg";
+$pub = __DIR__."/../public/replicator.pub";
+
+$cmd = sprintf("openssl dgst -verify %s -signature %s/%s.sig %s", $pub, $dir, $basename, $src);
+passthru($cmd);
-- 
2.30.2