Verify GPG signatures for OpenSSL / libevent / tor

[qwzybug]

Seems like a good idea, as in issue #8. Lifted from iOS-OnionBrowser. Seems to work after pulling in the required keys.

gpg --search-keys --keyserver hkp://pool.sks-keyservers.net "matt@openssl.org"
gpg --search-keys --keyserver hkp://pgp.mit.edu "nickm@wangafu.net"
gpg --search-keys --keyserver hkp://pgp.mit.edu "arma@torproject.org"

[qwzybug]

From the Travis CI log:

<snip>
112 Couldn't verify OpenSSL signature.
113 Have you imported an OpenSSL public key?

Hey, it works! Any thoughts on this, @ursachec?

[chrisballinger]

@qwzybug Hey thanks! To solve this you could make VERIFYGPG reference an environmental variable and then make sure it's set to false in the .travis.yml. Otherwise in the build-all.sh script you could check if it's set, and if its not, default to true. This will break the podspec until people add the keys, so the GPG key import instructions should be added to the README.

[ursachec]

Cool stuff @qwzybug !
+1 @ what @chrisballinger said