chore: 除了开启签名外，验证脚本也通过

scripts/patch_tools/patch_verifier.sh

@@ -165,21 +165,23 @@ verify_security() {
     fi
     
     # 签名验证
-    if [[ -f "${package_path}.sig" ]]; then
-        if command -v gpg >/dev/null 2>&1; then
-            if gpg --verify "${package_path}.sig" "$package_path" >/dev/null 2>&1; then
-                info "✅ 签名验证通过"
+    if [[ "$SIGNING_ENABLED" == "true" ]] ;then
+        if [[ -f "${package_path}.sig" ]]; then
+            if command -v gpg >/dev/null 2>&1; then
+                if gpg --verify "${package_path}.sig" "$package_path" >/dev/null 2>&1; then
+                    info "✅ 签名验证通过"
+                else
+                    error "❌ 签名验证失败"
+                    result=false
+                fi
             else
-                error "❌ 签名验证失败"
-                result=false
+                warn "⚠️  GPG未安装，跳过签名验证"
             fi
         else
-            warn "⚠️  GPG未安装，跳过签名验证"
-        fi
-    else
-        warn "⚠️  未找到签名文件"
+            warn "⚠️  未找到签名文件"
+        fi    
     fi
-    
+
     $result
 }
 
@@ -192,6 +194,7 @@ verify_content() {
     
     # 解压补丁包
     local extract_dir="$TEMP_DIR/extract"
+    mkdir -p "$extract_dir"
     if ! tar -xzf "$package_path" -C "$extract_dir"; then
         error "❌ 补丁包解压失败"
         return false