You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

verify.sh 3.2KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119
  1. #!/bin/bash
  2. ### This script attempts to download the signature file SHA256SUMS.asc from bitcoin.org
  3. ### It first checks if the signature passes, and then downloads the files specified in
  4. ### the file, and checks if the hashes of these files match those that are specified
  5. ### in the signature file.
  6. ### The script returns 0 if everything passes the checks. It returns 1 if either the
  7. ### signature check or the hash check doesn't pass. If an error occurs the return value is 2
  8. function clean_up {
  9. for file in $*
  10. do
  11. rm "$file" 2> /dev/null
  12. done
  13. }
  14. WORKINGDIR="/tmp/bitcoin"
  15. TMPFILE="hashes.tmp"
  16. #this URL is used if a version number is not specified as an argument to the script
  17. SIGNATUREFILE="https://bitcoin.org/bin/0.9.2.1/SHA256SUMS.asc"
  18. SIGNATUREFILENAME="SHA256SUMS.asc"
  19. RCSUBDIR="test/"
  20. BASEDIR="https://bitcoin.org/bin/"
  21. VERSIONPREFIX="bitcoin-"
  22. RCVERSIONSTRING="rc"
  23. if [ ! -d "$WORKINGDIR" ]; then
  24. mkdir "$WORKINGDIR"
  25. fi
  26. cd "$WORKINGDIR"
  27. #test if a version number has been passed as an argument
  28. if [ -n "$1" ]; then
  29. #let's also check if the version number includes the prefix 'bitcoin-',
  30. # and add this prefix if it doesn't
  31. if [[ $1 == "$VERSIONPREFIX"* ]]; then
  32. VERSION="$1"
  33. else
  34. VERSION="$VERSIONPREFIX$1"
  35. fi
  36. #now let's see if the version string contains "rc", and strip it off if it does
  37. # and simultaneously add RCSUBDIR to BASEDIR, where we will look for SIGNATUREFILENAME
  38. if [[ $VERSION == *"$RCVERSIONSTRING"* ]]; then
  39. BASEDIR="$BASEDIR${VERSION/%-$RCVERSIONSTRING*}/"
  40. BASEDIR="$BASEDIR$RCSUBDIR"
  41. else
  42. BASEDIR="$BASEDIR$VERSION/"
  43. fi
  44. SIGNATUREFILE="$BASEDIR$SIGNATUREFILENAME"
  45. else
  46. BASEDIR="${SIGNATUREFILE%/*}/"
  47. fi
  48. #first we fetch the file containing the signature
  49. WGETOUT=$(wget -N "$BASEDIR$SIGNATUREFILENAME" 2>&1)
  50. #and then see if wget completed successfully
  51. if [ $? -ne 0 ]; then
  52. echo "Error: couldn't fetch signature file. Have you specified the version number in the following format?"
  53. echo "[bitcoin-]<version>-[rc[0-9]] (example: bitcoin-0.9.2-rc1)"
  54. echo "wget output:"
  55. echo "$WGETOUT"|sed 's/^/\t/g'
  56. exit 2
  57. fi
  58. #then we check it
  59. GPGOUT=$(gpg --yes --decrypt --output "$TMPFILE" "$SIGNATUREFILENAME" 2>&1)
  60. #return value 0: good signature
  61. #return value 1: bad signature
  62. #return value 2: gpg error
  63. RET="$?"
  64. if [ $RET -ne 0 ]; then
  65. if [ $RET -eq 1 ]; then
  66. #and notify the user if it's bad
  67. echo "Bad signature."
  68. elif [ $RET -eq 2 ]; then
  69. #or if a gpg error has occurred
  70. echo "gpg error. Do you have Gavin's code signing key installed?"
  71. fi
  72. echo "gpg output:"
  73. echo "$GPGOUT"|sed 's/^/\t/g'
  74. clean_up $SIGNATUREFILENAME $TMPFILE
  75. exit "$RET"
  76. fi
  77. #here we extract the filenames from the signature file
  78. FILES=$(awk '{print $2}' "$TMPFILE")
  79. #and download these one by one
  80. for file in in $FILES
  81. do
  82. wget --quiet -N "$BASEDIR$file"
  83. done
  84. #check hashes
  85. DIFF=$(diff <(sha256sum $FILES) "$TMPFILE")
  86. if [ $? -eq 1 ]; then
  87. echo "Hashes don't match."
  88. echo "Offending files:"
  89. echo "$DIFF"|grep "^<"|awk '{print "\t"$3}'
  90. exit 1
  91. elif [ $? -gt 1 ]; then
  92. echo "Error executing 'diff'"
  93. exit 2
  94. fi
  95. #everything matches! clean up the mess
  96. clean_up $FILES $SIGNATUREFILENAME $TMPFILE
  97. exit 0