From 917c3930d447f50f02d60240d053bd4841fe60c9 Mon Sep 17 00:00:00 2001
From: sergei-pyshnoi <121864472+sergei-pyshnoi@users.noreply.github.com>
Date: Fri, 27 Oct 2023 11:13:35 +0200
Subject: [PATCH] [Ubuntu] Add PGP validation for swift (#8652)

---
 images/linux/scripts/installers/swift.sh | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/images/linux/scripts/installers/swift.sh b/images/linux/scripts/installers/swift.sh
index ef7a7c09..97bcc76a 100644
--- a/images/linux/scripts/installers/swift.sh
+++ b/images/linux/scripts/installers/swift.sh
@@ -15,6 +15,19 @@ swift_tar_name="swift-$swift_version-RELEASE-ubuntu$image_label.tar.gz"
 swift_tar_url="https://swift.org/builds/swift-$swift_version-release/ubuntu${image_label//./}/swift-$swift_version-RELEASE/$swift_tar_name"
 download_with_retries $swift_tar_url "/tmp" "$swift_tar_name"
 
+# Verifing pgp signature using official swift pgp key. Referring to https://www.swift.org/install/linux/#Installation-via-Tarball
+# Download swift pgp key
+download_with_retries "https://swift.org/keys/all-keys.asc" "/tmp" "all-keys.asc"
+# Import swift pgp key
+gpg --no-default-keyring --keyring swift --import /tmp/all-keys.asc
+# Download signature file
+download_with_retries "$swift_tar_url.sig" "/tmp" "$swift_tar_name.sig"
+# Verify signature
+gpg --no-default-keyring --keyring swift --verify "/tmp/$swift_tar_name.sig" "/tmp/$swift_tar_name"
+# Remove swift pgp public key with temporary keyring
+rm ~/.gnupg/swift
+
+
 tar xzf /tmp/$swift_tar_name
 
 SWIFT_INSTALL_ROOT="/usr/share/swift"