add debug to verification script

pAI-OS · Jul 23, 2024 · b3ac59f · b3ac59f
1 parent 82afad6
commit b3ac59f
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/.github/scripts/verify-gpg-signatures.sh b/.github/scripts/verify-gpg-signatures.sh
@@ -17,6 +17,10 @@ for key in "$TRUSTED_KEYS_DIR"/*; do
   echo -e "5\ny\n" | gpg --command-fd 0 --expert --batch --edit-key "$key_id" trust
 done
 
+# Print trusted keys
+echo "Trusted keys:"
+gpg --list-keys --with-fingerprint
+
 # Function to check if a key is signed by a trusted key
 is_signed_by_trusted_key() {
   local key_id="$1"
@@ -25,6 +29,10 @@ is_signed_by_trusted_key() {
   # Fetch the key from keyserver
   gpg --keyserver "$GPG_KEYSERVER" --recv-keys "$key_id"
 
+  # Print the imported key with signatures
+  echo "Imported key details:"
+  gpg --list-keys --list-signatures "$key_id"
+
   for trusted_fpr in $trusted_fingerprints; do
     if gpg --check-sigs --with-colons "$key_id" | grep -q "sig:!:::::::::$trusted_fpr:"; then
       echo "Key $key_id is signed by trusted key $trusted_fpr"