[U-Boot] [RFC] tools/buildman/toolchain.py: check signatures

[Heinrich Schuchardt]

Hello Tom, hello Simon,

when downloading toolchains with tools/buildman/toolchain.py or in our
Dockerfile we do not check the integrity of the download.

When I look at
https://www.kernel.org/pub/tools/crosstool/files/bin
I find a signature file for each tool.

So shouldn't we first download the public keys with gpg, then download
the tools and their signatures, and then check them against the keys?

Best regards

Heinrich