Periodically verify signatures in /dist

Give the recent bad signatures of some files in /dist that only came to light after a user emailed helpdesk, I wrote a bash script that I now run periodically on my dist mirror to verify the signatures. I think it's not a bad idea to run it on tpo.org as well.

As first argument, it takes the path to /dist. It uses a local independent public keyring I update from time to time. That path must be customized in the script.

It currently excludes /dist/manual because that contains unsigned copies of the user manual.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information