diff --git a/scripts/verify-install.sh b/scripts/verify-install.sh
index e347a4005..6527b464d 100755
--- a/scripts/verify-install.sh
+++ b/scripts/verify-install.sh
@@ -103,6 +103,11 @@ function verify_signatures() {
   MANIFEST=$(echo $ASSETS | jq -r "$MANIFEST_SELECTOR")
   SIGNATURES=$(echo $ASSETS | jq -r "$SIGNATURE_SELECTOR")
 
+  # We need to make sure we have unique signature file names. Otherwise someone
+  # could just upload the same signature multiple times (if GH allows it for
+  # some reason).
+  SIGNATURES=$(echo $ASSETS | jq -r "$SIGNATURE_SELECTOR" | sort | uniq)
+
   # Download the main "manifest-*.txt" and all "manifest-*.sig" files containing
   # the detached signatures.
   echo "Downloading $MANIFEST"