diff --git a/tools/dep_updaters/nghttp.kbx b/tools/dep_updaters/nghttp.kbx new file mode 100644 index 00000000000000..60ad5134ecc66a Binary files /dev/null and b/tools/dep_updaters/nghttp.kbx differ diff --git a/tools/dep_updaters/update-nghttp2.sh b/tools/dep_updaters/update-nghttp2.sh index ccb36caae13d4d..c19dedf1ca203f 100755 --- a/tools/dep_updaters/update-nghttp2.sh +++ b/tools/dep_updaters/update-nghttp2.sh @@ -42,18 +42,19 @@ cleanup () { trap cleanup INT TERM EXIT NGHTTP2_REF="v$NEW_VERSION" -NGHTTP2_TARBALL="nghttp2-$NEW_VERSION.tar.gz" +NGHTTP2_TARBALL="nghttp2-$NEW_VERSION.tar.xz" cd "$WORKSPACE" echo "Fetching nghttp2 source archive" curl -sL -o "$NGHTTP2_TARBALL" "https://github.com/nghttp2/nghttp2/releases/download/$NGHTTP2_REF/$NGHTTP2_TARBALL" -DEPOSITED_CHECKSUM=$(curl -sL "https://github.com/nghttp2/nghttp2/releases/download/$NGHTTP2_REF/checksums.txt" | grep "$NGHTTP2_TARBALL") +echo "Verifying PGP signature" +curl -sL "https://github.com/nghttp2/nghttp2/releases/download/${NGHTTP2_REF}/${NGHTTP2_TARBALL}.asc" \ +| gpgv --keyring "$BASE_DIR/tools/dep_updaters/nghttp.kbx" "$NGHTTP2_TARBALL" -log_and_verify_sha256sum "nghttp2" "$NGHTTP2_TARBALL" "$DEPOSITED_CHECKSUM" - -gzip -dc "$NGHTTP2_TARBALL" | tar xf - +echo "Unpacking archive" +tar xJf "$NGHTTP2_TARBALL" rm "$NGHTTP2_TARBALL" mv "nghttp2-$NEW_VERSION" nghttp2 diff --git a/tools/dep_updaters/update-nghttp3.sh b/tools/dep_updaters/update-nghttp3.sh index 1a4df351b8abba..dc71735300de35 100755 --- a/tools/dep_updaters/update-nghttp3.sh +++ b/tools/dep_updaters/update-nghttp3.sh @@ -48,8 +48,12 @@ cd "$WORKSPACE" echo "Fetching nghttp3 source archive..." curl -sL -o "$ARCHIVE_BASENAME.tar.xz" "https://github.com/ngtcp2/nghttp3/releases/download/${NGHTTP3_REF}/${ARCHIVE_BASENAME}.tar.xz" -SHA256="$(curl -sL "https://github.com/ngtcp2/nghttp3/releases/download/${NGHTTP3_REF}/checksums.txt" | grep 'tar.xz$')" -log_and_verify_sha256sum "nghttp3" "$ARCHIVE_BASENAME.tar.xz" "$SHA256" + +echo "Verifying PGP signature..." +curl -sL "https://github.com/ngtcp2/nghttp3/releases/download/${NGHTTP3_REF}/${ARCHIVE_BASENAME}.tar.xz.asc" \ +| gpgv --keyring "$BASE_DIR/tools/dep_updaters/nghttp.kbx" - "$ARCHIVE_BASENAME.tar.xz" + +echo "Unpacking archive..." tar -xJf "$ARCHIVE_BASENAME.tar.xz" rm "$ARCHIVE_BASENAME.tar.xz" mv "$ARCHIVE_BASENAME" nghttp3