@@ -41,16 +41,37 @@ NEW_VERSION_TGZ="icu4c-${LOW_DASHED_NEW_VERSION}-src.tgz"
4141NEW_VERSION_TGZ_URL=" https://github.com/unicode-org/icu/releases/download/release-${DASHED_NEW_VERSION} /$NEW_VERSION_TGZ "
4242
4343NEW_VERSION_MD5=" https://github.com/unicode-org/icu/releases/download/release-${DASHED_NEW_VERSION} /icu4c-${LOW_DASHED_NEW_VERSION} -sources.md5"
44+ NEW_VERSION_TGZ_ASC_URL=" https://github.com/unicode-org/icu/releases/download/release-${DASHED_NEW_VERSION} /icu4c-${LOW_DASHED_NEW_VERSION} -src.tgz.asc"
45+
46+ KEY_URL=" https://raw.githubusercontent.com/unicode-org/icu/release-$( echo $NEW_VERSION | sed ' s/\./-/' ) "
4447
4548CHECKSUM=$( curl -sL " $NEW_VERSION_MD5 " | grep " $NEW_VERSION_TGZ " | grep -v " \.asc$" | awk ' {print $1}' )
4649
47- GENERATED_CHECKSUM=$( curl -sL " $NEW_VERSION_TGZ_URL " | md5sum | cut -d ' ' )
4850
4951echo " Comparing checksums: deposited '$CHECKSUM ' with '$GENERATED_CHECKSUM '"
5052
51- if [ " $CHECKSUM " != " $GENERATED_CHECKSUM " ; then
52- echo " Skipped because checksums do not match."
53- exit 0
53+ if [ -n " $CHECKSUM " ; then
54+ GENERATED_CHECKSUM=$( curl -sL " $NEW_VERSION_TGZ_URL " | md5sum | cut -d ' ' )
55+ echo " Comparing checksums: deposited $CHECKSUM with $GENERATED_CHECKSUM "
56+ if [ " $CHECKSUM " != " $GENERATED_CHECKSUM " ; then
57+ echo " Skipped because checksums do not match."
58+ exit 0
59+ fi
60+ else
61+ echo " Checksum not found"
62+ echo " check with gpg"
63+ curl -sL " $KEY_URL " > KEYS
64+ curl -sL " $NEW_VERSION_TGZ_URL " > data.tgz
65+ curl -sL " $NEW_VERSION_TGZ_ASC_URL " > signature.asc
66+ gpg --import KEYS
67+ if gpg --verify signature.asc data.tgz; then
68+ echo " Signature verified"
69+ rm data.tgz signature.asc KEYS
70+ else
71+ echo " Skipped because signature verification failed."
72+ rm data.tgz signature.asc KEYS
73+ exit 1
74+ fi
5475fi
5576
5677./configure --with-intl=full-icu --with-icu-source=" $NEW_VERSION_TGZ_URL "
0 commit comments