From d7a26af962b4ea241b8215ac3ec8687ad4fb723c Mon Sep 17 00:00:00 2001
From: Erick Hitter <git-contrib@ethitter.com>
Date: Sat, 23 Feb 2019 13:33:53 -0800
Subject: [PATCH] Verify nginx package

---
 scripts/build.sh | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/scripts/build.sh b/scripts/build.sh
index c5ccc0e..2d68c08 100644
--- a/scripts/build.sh
+++ b/scripts/build.sh
@@ -10,7 +10,7 @@ export OG_DIR
 echo "$OG_DIR"
 echo ""
 
-# Common directories.
+# Common paths.
 NGINX_SRC_DIR="$OG_DIR/src/nginx"
 export NGINX_SRC_DIR
 mkdir -p "$NGINX_SRC_DIR"
@@ -18,6 +18,9 @@ mkdir -p "$NGINX_SRC_DIR"
 NGINX_SRC_ARCHIVE="$OG_DIR/src/nginx-src.tar.gz"
 EXPORT NGINX_SRC_ARCHIVE
 
+NGINX_SRC_ARCHIVE_SIGNATURE="$OG_DIR/src/nginx-src.tar.gz.asc"
+EXPORT NGINX_SRC_ARCHIVE_SIGNATURE
+
 OPENSSL_DIR="$OG_DIR/src/openssl"
 export OPENSSL_DIR
 
@@ -45,9 +48,13 @@ git clone -q --recursive --depth 1 https://github.com/grahamedgecombe/nginx-ct.g
 
 # Configure nginx
 echo ""
-echo "DOWNLOADING NGINX RELEASE"
+echo "DOWNLOADING & VERIFYING NGINX RELEASE"
 cd "$OG_DIR" || exit
+
 curl -o "$NGINX_SRC_ARCHIVE" "$NGINX_SRC"
+curl -o "$NGINX_SRC_ARCHIVE_SIGNATURE" "$NGINX_SIGNING"
+gpg --verify "$NGINX_SRC_ARCHIVE_SIGNATURE" "$NGINX_SRC_ARCHIVE"
+
 tar -zxvf "$NGINX_SRC_ARCHIVE" -C "$NGINX_SRC_DIR" --strip 1
 cd "$NGINX_SRC_DIR" || exit
 ./configure \
@@ -94,5 +101,5 @@ cd "$NGINX_SRC_DIR" || exit
 echo ""
 echo "BUILDING NGINX"
 echo "Using $(nproc) jobs"
-make -j$(nproc)
+make -j"$(nproc)"
 "$NGINX_SRC_DIR/objs/nginx -V"
-- 
GitLab