From a6aefc0437e45f963b633b586a18f71ed4dca5be Mon Sep 17 00:00:00 2001
From: Kali Kaneko <kali@leap.se>
Date: Mon, 4 Dec 2017 19:30:10 +0100
Subject: [pkg] verify openvpn sources

---
 pkg/thirdparty/openvpn/build_openvpn.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pkg/thirdparty/openvpn/build_openvpn.sh b/pkg/thirdparty/openvpn/build_openvpn.sh
index 02f7c134..9ec8295e 100755
--- a/pkg/thirdparty/openvpn/build_openvpn.sh
+++ b/pkg/thirdparty/openvpn/build_openvpn.sh
@@ -27,6 +27,7 @@ LZO="lzo-2.10"
 ZLIB="zlib-1.2.11"
 MBEDTLS="mbedtls-2.6.0"
 OPENVPN="openvpn-2.4.4"
+OPENVPN_KEYS="https://swupdate.openvpn.net/community/keys/security.key.asc"
 
 WGET="wget --prefer-family=IPv4"
 DEST=$BASE/install
@@ -113,9 +114,12 @@ function build_lzo2()
 function build_openvpn()
 {
 	mkdir $SRC/openvpn && cd $SRC/openvpn
+    $WGET -q -O - $OPENVPN_KEYS | gpg --import
 	if [ ! -f $OPENVPN.tar.gz ]; then
 	    $WGET http://swupdate.openvpn.org/community/releases/$OPENVPN.tar.gz
+	    $WGET http://swupdate.openvpn.org/community/releases/$OPENVPN.tar.gz.asc
 	fi
+    gpg --verify $OPENVPN.tar.gz.asc && echo "[+] gpg verification ok"
 	tar zxvf $OPENVPN.tar.gz
 	cd $OPENVPN
 
-- 
cgit v1.2.3