Changeset View
Changeset View
Standalone View
Standalone View
contrib/verifybinaries/verify.sh
#!/usr/bin/env bash | #!/usr/bin/env bash | ||||
# Copyright (c) 2016 The Bitcoin Core developers | # Copyright (c) 2016 The Bitcoin Core developers | ||||
# Distributed under the MIT software license, see the accompanying | # Distributed under the MIT software license, see the accompanying | ||||
# file COPYING or http://www.opensource.org/licenses/mit-license.php. | # file COPYING or http://www.opensource.org/licenses/mit-license.php. | ||||
### This script attempts to download the signature file SHA256SUMS.asc from bitcoin.org | ### This script attempts to download the signature file SHA256SUMS.asc from bitcoin.org | ||||
### It first checks if the signature passes, and then downloads the files specified in | ### It first checks if the signature passes, and then downloads the files specified in | ||||
### the file, and checks if the hashes of these files match those that are specified | ### the file, and checks if the hashes of these files match those that are specified | ||||
### in the signature file. | ### in the signature file. | ||||
### The script returns 0 if everything passes the checks. It returns 1 if either the | ### The script returns 0 if everything passes the checks. It returns 1 if either the | ||||
### signature check or the hash check doesn't pass. If an error occurs the return value is 2 | ### signature check or the hash check doesn't pass. If an error occurs the return value is 2 | ||||
function clean_up { | function clean_up { | ||||
for file in $* | for file in "$@" | ||||
do | do | ||||
rm "$file" 2> /dev/null | rm "$file" 2> /dev/null | ||||
done | done | ||||
} | } | ||||
WORKINGDIR="/tmp/bitcoin_verify_binaries" | WORKINGDIR="/tmp/bitcoin_verify_binaries" | ||||
TMPFILE="hashes.tmp" | TMPFILE="hashes.tmp" | ||||
Show All 27 Lines | if [ -n "$1" ]; then | ||||
else | else | ||||
BASEDIR="$BASEDIR$VERSION/" | BASEDIR="$BASEDIR$VERSION/" | ||||
fi | fi | ||||
else | else | ||||
echo "Error: need to specify a version on the command line" | echo "Error: need to specify a version on the command line" | ||||
exit 2 | exit 2 | ||||
fi | fi | ||||
#first we fetch the file containing the signature | if ! WGETOUT=$(wget -N "$HOST1$BASEDIR$SIGNATUREFILENAME" 2>&1); then | ||||
WGETOUT=$(wget -N "$BASEDIR$SIGNATUREFILENAME" 2>&1) | |||||
#and then see if wget completed successfully | |||||
if [ $? -ne 0 ]; then | |||||
echo "Error: couldn't fetch signature file. Have you specified the version number in the following format?" | echo "Error: couldn't fetch signature file. Have you specified the version number in the following format?" | ||||
# shellcheck disable=SC1087 | |||||
echo "[$VERSIONPREFIX]<version>-[$RCVERSIONSTRING[0-9]] (example: ${VERSIONPREFIX}0.10.4-${RCVERSIONSTRING}1)" | echo "[$VERSIONPREFIX]<version>-[$RCVERSIONSTRING[0-9]] (example: ${VERSIONPREFIX}0.10.4-${RCVERSIONSTRING}1)" | ||||
echo "wget output:" | echo "wget output:" | ||||
# shellcheck disable=SC2001 | |||||
echo "$WGETOUT"|sed 's/^/\t/g' | echo "$WGETOUT"|sed 's/^/\t/g' | ||||
exit 2 | exit 2 | ||||
fi | fi | ||||
#then we check it | #then we check it | ||||
GPGOUT=$(gpg --yes --decrypt --output "$TMPFILE" "$SIGNATUREFILENAME" 2>&1) | GPGOUT=$(gpg --yes --decrypt --output "$TMPFILE" "$SIGNATUREFILENAME" 2>&1) | ||||
#return value 0: good signature | #return value 0: good signature | ||||
#return value 1: bad signature | #return value 1: bad signature | ||||
#return value 2: gpg error | #return value 2: gpg error | ||||
RET="$?" | RET="$?" | ||||
if [ $RET -ne 0 ]; then | if [ $RET -ne 0 ]; then | ||||
if [ $RET -eq 1 ]; then | if [ $RET -eq 1 ]; then | ||||
#and notify the user if it's bad | #and notify the user if it's bad | ||||
echo "Bad signature." | echo "Bad signature." | ||||
elif [ $RET -eq 2 ]; then | elif [ $RET -eq 2 ]; then | ||||
#or if a gpg error has occurred | #or if a gpg error has occurred | ||||
echo "gpg error. Do you have the Bitcoin Core binary release signing key installed?" | echo "gpg error. Do you have the Bitcoin Core binary release signing key installed?" | ||||
fi | fi | ||||
echo "gpg output:" | echo "gpg output:" | ||||
# shellcheck disable=SC2001 | |||||
echo "$GPGOUT"|sed 's/^/\t/g' | echo "$GPGOUT"|sed 's/^/\t/g' | ||||
clean_up $SIGNATUREFILENAME $TMPFILE | clean_up $SIGNATUREFILENAME $TMPFILE | ||||
exit "$RET" | exit "$RET" | ||||
fi | fi | ||||
#here we extract the filenames from the signature file | #here we extract the filenames from the signature file | ||||
FILES=$(awk '{print $2}' "$TMPFILE") | FILES=$(awk '{print $2}' "$TMPFILE") | ||||
Show All 30 Lines |