remove manual signing steps

README.md

@@ -82,11 +82,11 @@ If you use a pre-built binary, you may also want to verify the checksums and sig
     celestia-app_Linux_x86_64.tar.gz: OK
     ```
 
-1. Clone this repo
-1. Verify the signature via the [verify-signature.sh](./scripts/signing/verify-signature.sh) script.
+1. Download the [verify-signature.sh](./scripts/signing/verify-signature.sh) script.
+1. Verify the signature via the [verify-signature.sh](./scripts/signing/verify-signature.sh) script
 
     ```shell
-    ./scripts/signing/verify-signature.sh checksums.txt.sig checksums.txt
+    ./verify-signature.sh checksums.txt.sig checksums.txt
     ```
 
     You should see output like this:

scripts/signing/verify-signature.sh

@@ -1,22 +1,6 @@
 #!/bin/bash
 
-# DIR is the directory of this script
-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-# KEYS_DIR is the directory of the keys
-KEYS_DIR="$DIR/keys"
-
-echo "Importing the public keys in $KEYS_DIR"
-
-# Loop over all keys in the keys directory
-for key in "$KEYS_DIR"/*; do
-    # Check if it's a regular file (and not a directory or other type)
-    if [[ -f "$key" ]]; then
-        # Import the key
-        echo "Importing $key"
-        gpg --import "$key"
-        echo "Imported $key"
-    fi
-done
+# This script enables consumers to verify signatures on artifacts.
 
 # Check if the number of arguments is not 2
 if [[ $# -ne 2 ]]; then
@@ -26,5 +10,11 @@ if [[ $# -ne 2 ]]; then
     exit 1
 fi
 
+# PGP Key
+# celestia-app-maintainers <celestia-app-maintainers@celestia.org>
+# BF02F32CC36864560B90B764D469F859693DC3FA
+echo "Importing the celestia-app-maintainers public key..."
+gpg --keyserver keys.openpgp.org --recv-keys BF02F32CC36864560B90B764D469F859693DC3FA
+
 echo "Verifying the signature of "$1" with "$2""
 gpg --verify $1 $2