lit update to 0.10.1-alpha, add pgp key (#3962)

home.admin/config.scripts/bonus.lit.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 # https://github.com/lightninglabs/lightning-terminal/releases
-LITVERSION="0.9.2-alpha"
+LITVERSION="0.10.1-alpha"
 
 # command info
 if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
@@ -12,20 +12,16 @@ if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
 fi
 
 # check who signed the release in https://github.com/lightninglabs/lightning-terminal/releases
-PGPsigner="ellemouton"
+PGPsigner="ViktorTigerstrom"
 
 if [ $PGPsigner = ellemouton ]; then
-  PGPpkeys="https://github.com/${PGPsigner}.gpg"
+  pgpPubKey="D7D916376026F177"
-  PGPcheck="D7D916376026F177"
 elif [ $PGPsigner = guggero ]; then
-  PGPpkeys="https://keybase.io/${PGPsigner}/pgp_keys.asc"
+  pgpPubKey="03DB6322267C373B"
-  PGPcheck="03DB6322267C373B"
 elif [ $PGPsigner = roasbeef ]; then
-  PGPpkeys="https://keybase.io/${PGPsigner}/pgp_keys.asc "
+  pgpPubKey="3BBD59E99B280306"
-  PGPcheck="3BBD59E99B280306"
+elif [ $PGPsigner = ViktorTigerstrom ]; then
-elif [ $PGPsigner = ellemouton ]; then
+  pgpPubKey="187F6ADD93AE3B0CF335AA6AB984570980684DCC"
-  PGPpkeys="https://keybase.io/ellemo/pgp_keys.asc "
-  PGPcheck="D7D916376026F17"
 fi
 
 source /mnt/hdd/raspiblitz.conf
@@ -168,6 +164,9 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
     mkdir -p "${downloadDir}"
     cd "${downloadDir}" || exit 1
 
+    # get pgp key
+    gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys ${pgpPubKey} || exit 1
+
     # extract the SHA256 hash from the manifest file for the corresponding platform
     wget -N https://github.com/lightninglabs/lightning-terminal/releases/download/v${LITVERSION}/manifest-v${LITVERSION}.txt
     if [ ${isARM} -eq 1 ]; then
@@ -189,37 +188,20 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
 
     echo "# check binary was not manipulated (checksum test)"
     wget -N https://github.com/lightninglabs/lightning-terminal/releases/download/v${LITVERSION}/manifest-v${LITVERSION}.sig
-    wget --no-check-certificate -O ./pgp_keys.asc ${PGPpkeys}
     binaryChecksum=$(sha256sum ${binaryName} | cut -d " " -f1)
     if [ "${binaryChecksum}" != "${SHA256}" ]; then
       echo "# FAIL # Downloaded LiT BINARY not matching SHA256 checksum: ${SHA256}"
       exit 1
     fi
-
-    echo "# check gpg finger print"
-    gpg --show-keys --keyid-format LONG ./pgp_keys.asc
-    fingerprint=$(gpg --show-keys --keyid-format LONG "./pgp_keys.asc" 2>/dev/null |
-      grep "${PGPcheck}" -c)
-    if [ ${fingerprint} -lt 1 ]; then
-      echo ""
-      echo "# BUILD WARNING --> LiT PGP author not as expected"
-      echo "Should contain PGP: ${PGPcheck}"
-      echo "PRESS ENTER to TAKE THE RISK if you think all is OK"
-      read key
-    fi
-    gpg --import ./pgp_keys.asc
-    sleep 3
     verifyResult=$(
       LANG=en_US.utf8
       gpg --verify manifest-v${LITVERSION}.sig manifest-v${LITVERSION}.txt 2>&1
     )
     goodSignature=$(echo ${verifyResult} | grep 'Good signature' -c)
     echo "goodSignature(${goodSignature})"
-    correctKey=$(echo ${verifyResult} | tr -d " \t\n\r" | grep "${GPGcheck}" -c)
+    if  [ ${goodSignature} -lt 1 ]; then
-    echo "correctKey(${correctKey})"
+      echo
-    if [ ${correctKey} -lt 1 ] || [ ${goodSignature} -lt 1 ]; then
+      echo "# BUILD FAILED --> Failed to verify the LiT binary"
-      echo ""
-      echo "# BUILD FAILED --> LND PGP Verify not OK / signature(${goodSignature}) verify(${correctKey})"
       exit 1
     fi