From aefcb06ff823c8248f0f1ec03ce2d9578f1ea01d Mon Sep 17 00:00:00 2001
From: Leonard Gram <leo@xlson.com>
Date: Tue, 14 Aug 2018 10:45:32 +0200
Subject: [PATCH] build: verifies the rpm packages signatures.

Closes #12370
---
 .circleci/config.yml                    |  5 +++++
 scripts/build/verify_signed_packages.sh | 17 +++++++++++++++++
 2 files changed, 22 insertions(+)
 create mode 100755 scripts/build/verify_signed_packages.sh

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 977121c30ee..c2e4cce9c4b 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -147,6 +147,11 @@ jobs:
       - run:
           name: sign packages
           command: './scripts/build/sign_packages.sh'
+      - run:
+          name: verify signed packages
+          command: |
+            curl https://grafanarel.s3.amazonaws.com/RPM-GPG-KEY-grafana > ~/.rpmdb/pubkeys/grafana.key
+            ./scripts/build/verify_signed_packages.sh dist/*.rpm
       - run:
           name: sha-sum packages
           command: 'go run build.go sha-dist'
diff --git a/scripts/build/verify_signed_packages.sh b/scripts/build/verify_signed_packages.sh
new file mode 100755
index 00000000000..c3e5b09afc2
--- /dev/null
+++ b/scripts/build/verify_signed_packages.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+_files=$*
+
+ALL_SIGNED=0
+
+for file in $_files; do
+  rpm -K "$file" | grep "pgp.*OK" -q
+  if [[ $? != 0 ]]; then
+    ALL_SIGNED=1
+    echo $file NOT SIGNED
+  else
+    echo $file OK
+  fi
+done
+
+
+exit $ALL_SIGNED