I am preparing for grub-2.02 package upgrade. The download mirror provides a gpg signature (.sig file), which can be used to validate the source package. Does LEDE build system have a way to verify source package using gpg signature? I'd rather use gpg verification if possible, rather than checksum verification.