From 95894ef8fd5189a84d56da963fcd030b8bfb46ff Mon Sep 17 00:00:00 2001
From: Didactic Drunk <1479616+didactic-drunk@users.noreply.github.com>
Date: Mon, 5 Aug 2019 18:43:24 -0700
Subject: [PATCH] Verify libsodium download using minisign.

---
 build/libsodium_install.sh | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/build/libsodium_install.sh b/build/libsodium_install.sh
index 5585c68..cb5573d 100755
--- a/build/libsodium_install.sh
+++ b/build/libsodium_install.sh
@@ -10,7 +10,7 @@ set -e
 # Always use bash.  `dash` doesn't work properly with . includes.  I'm not sure why.
 . ./build/env.sh
 
-#export LIBSODIUM_INSTALL=1
+#export LIBSODIUM_INSTALL="1"
 if [ "$LIBSODIUM_INSTALL" != "1" ]; then
 	[ ! -z "$SODIUM_BUILD_VERBOSE" ] && echo "Skipping libsodium build."
 	exit 0
@@ -20,6 +20,8 @@ fi
 mkdir -p "$LIBSODIUM_BUILD_DIR"
 cd "$LIBSODIUM_BUILD_DIR"
 
+LIBSODIUM_MINISIGN_KEY=RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3
+
 
 if [ ! -f "$LIBSODIUM_INSTALL_PATH/include/sodium.h" ]; then
 	[ ! -z "$SODIUM_BUILD_DEBUG" ] && set -x
@@ -28,8 +30,12 @@ if [ ! -f "$LIBSODIUM_INSTALL_PATH/include/sodium.h" ]; then
 	TGZ_FILENAME="$DIRNAME".tar.gz
 
 	if [ ! -f "$TGZ_FILENAME" ]; then
+		wget https://download.libsodium.org/libsodium/releases/"$TGZ_FILENAME".minisig
 		wget https://download.libsodium.org/libsodium/releases/"$TGZ_FILENAME"
-#		wget https://download.libsodium.org/libsodium/releases/"$TGZ_FILENAME".minisign
+	fi
+
+	if `minisign -v >/dev/null 2>&1`; then
+		minisign -V -P "$LIBSODIUM_MINISIGN_KEY" -m "$TGZ_FILENAME"
 	fi
 
 	SHA=`openssl sha256 -hex < "$TGZ_FILENAME" | sed 's/^.* //'`