Modify readme and test to make sure that the key is fully trusted.

The test and readme are modifyed so the key is fully trusted.
aelnosu · Jun 12, 2024 · e4cbb44 · e4cbb44
1 parent 974ad71
commit e4cbb44
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 8 deletions.
diff --git a/.github/workflows/GPG_Test.yml b/.github/workflows/GPG_Test.yml
@@ -2,18 +2,22 @@ name: GPG Valifation
 
 on:
   push:
-    branches: [ "*" ]
+    branches: ["*"]
   pull_request:
-    branches: [ "*" ]
+    branches: ["*"]
   workflow_dispatch:
 
 jobs:
   build:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - name: Create a PGP key
+      - name: Create a test key
+        run: |
+          gpg --batch --passphrase '' --quick-generate test
+      - name: Import PGP keys and Testing
         run: |
           chmod +x init.sh
           ./init.sh
-          gpg --verify .github/workflows/test.txt.sig
+          gpg --list-key
+          gpg --verify .github/workflows/test.txt.sig
diff --git a/README.md b/README.md
@@ -80,14 +80,14 @@ To import a public key and mark them as fully trusted into your keyring, use the
 gpg --import "Eason_Lu_(Main)_0xA9C46116_public.asc"
 gpg --import "Key_1_0x35E98024_public.asc"
 gpg --import "Key_2_0x9AF5FF79_public.asc"
-echo "660279E4B9E374894D7F51C31A41C324A9C46116:5:" | gpg --import-ownertrust
+(echo 5; echo y; echo save) | gpg --command-fd 0 --no-tty --no-greeting -q --edit-key "660279E4B9E374894D7F51C31A41C324A9C46116" trust
 ```
 
 or
 
 ```bash
 gpg --keyserver keys.openpgp.org --recv-keys 1A41C324A9C46116 A5ED17B135E98024 7974BCA19AF5FF79
-echo "660279E4B9E374894D7F51C31A41C324A9C46116:5:" | gpg --import-ownertrust
+(echo 5; echo y; echo save) | gpg --command-fd 0 --no-tty --no-greeting -q --edit-key "660279E4B9E374894D7F51C31A41C324A9C46116" trust
 ```
 
 ### Building a Web of Trust
@@ -120,5 +120,5 @@ After you have marked the Main key to trust fully, the other keys will be also m
 If other key are not marked as fully trusted, you can trust them by running the following command:
 
 ```bash
-echo "660279E4B9E374894D7F51C31A41C324A9C46116:5:" | gpg --import-ownertrust
+(echo 5; echo y; echo save) | gpg --command-fd 0 --no-tty --no-greeting -q --edit-key "660279E4B9E374894D7F51C31A41C324A9C46116" trust
 ```
diff --git a/init.sh b/init.sh
@@ -3,10 +3,14 @@
 openssl smime -verify -binary -inform PEM -in Certification.txt.asc.pkcs7 -content Certification.txt.asc -certfile Certification.txt.asc.pkcs7.cert
 
 if [ $? -eq 0 ]; then
+    # Import the Main key
     gpg --import "Eason_Lu_(Main)_0xA9C46116_public.asc"
+    # Import the Sub keys
     gpg --import "Key_1_0x35E98024_public.asc"
     gpg --import "Key_2_0x9AF5FF79_public.asc"
-    echo "660279E4B9E374894D7F51C31A41C324A9C46116:5:" | gpg --import-ownertrust
+    # Trust the Main key
+    (echo 5; echo y; echo save) | gpg --command-fd 0 --no-tty --no-greeting -q --edit-key "660279E4B9E374894D7F51C31A41C324A9C46116" trust
 else
     echo "FAIL, the signature is invalid, please re-download the file."
+    exit 1
 fi