Changeset View
Changeset View
Standalone View
Standalone View
contrib/verifybinaries/verify.sh
| #!/usr/bin/env bash | #!/usr/bin/env bash | ||||
| # Copyright (c) 2016 The Bitcoin Core developers | # Copyright (c) 2016 The Bitcoin Core developers | ||||
| # Distributed under the MIT software license, see the accompanying | # Distributed under the MIT software license, see the accompanying | ||||
| # file COPYING or http://www.opensource.org/licenses/mit-license.php. | # file COPYING or http://www.opensource.org/licenses/mit-license.php. | ||||
| ### This script attempts to download the signature file SHA256SUMS.asc from bitcoin.org | ### This script attempts to download the signature file SHA256SUMS.asc from bitcoin.org | ||||
| ### It first checks if the signature passes, and then downloads the files specified in | ### It first checks if the signature passes, and then downloads the files specified in | ||||
| ### the file, and checks if the hashes of these files match those that are specified | ### the file, and checks if the hashes of these files match those that are specified | ||||
| ### in the signature file. | ### in the signature file. | ||||
| ### The script returns 0 if everything passes the checks. It returns 1 if either the | ### The script returns 0 if everything passes the checks. It returns 1 if either the | ||||
| ### signature check or the hash check doesn't pass. If an error occurs the return value is 2 | ### signature check or the hash check doesn't pass. If an error occurs the return value is 2 | ||||
| function clean_up { | function clean_up { | ||||
| for file in $* | for file in "$@" | ||||
| do | do | ||||
| rm "$file" 2> /dev/null | rm "$file" 2> /dev/null | ||||
| done | done | ||||
| } | } | ||||
| WORKINGDIR="/tmp/bitcoin_verify_binaries" | WORKINGDIR="/tmp/bitcoin_verify_binaries" | ||||
| TMPFILE="hashes.tmp" | TMPFILE="hashes.tmp" | ||||
| Show All 27 Lines | if [ -n "$1" ]; then | ||||
| else | else | ||||
| BASEDIR="$BASEDIR$VERSION/" | BASEDIR="$BASEDIR$VERSION/" | ||||
| fi | fi | ||||
| else | else | ||||
| echo "Error: need to specify a version on the command line" | echo "Error: need to specify a version on the command line" | ||||
| exit 2 | exit 2 | ||||
| fi | fi | ||||
| #first we fetch the file containing the signature | if ! WGETOUT=$(wget -N "$HOST1$BASEDIR$SIGNATUREFILENAME" 2>&1); then | ||||
| WGETOUT=$(wget -N "$BASEDIR$SIGNATUREFILENAME" 2>&1) | |||||
| #and then see if wget completed successfully | |||||
| if [ $? -ne 0 ]; then | |||||
| echo "Error: couldn't fetch signature file. Have you specified the version number in the following format?" | echo "Error: couldn't fetch signature file. Have you specified the version number in the following format?" | ||||
| # shellcheck disable=SC1087 | |||||
| echo "[$VERSIONPREFIX]<version>-[$RCVERSIONSTRING[0-9]] (example: ${VERSIONPREFIX}0.10.4-${RCVERSIONSTRING}1)" | echo "[$VERSIONPREFIX]<version>-[$RCVERSIONSTRING[0-9]] (example: ${VERSIONPREFIX}0.10.4-${RCVERSIONSTRING}1)" | ||||
| echo "wget output:" | echo "wget output:" | ||||
| # shellcheck disable=SC2001 | |||||
| echo "$WGETOUT"|sed 's/^/\t/g' | echo "$WGETOUT"|sed 's/^/\t/g' | ||||
| exit 2 | exit 2 | ||||
| fi | fi | ||||
| #then we check it | #then we check it | ||||
| GPGOUT=$(gpg --yes --decrypt --output "$TMPFILE" "$SIGNATUREFILENAME" 2>&1) | GPGOUT=$(gpg --yes --decrypt --output "$TMPFILE" "$SIGNATUREFILENAME" 2>&1) | ||||
| #return value 0: good signature | #return value 0: good signature | ||||
| #return value 1: bad signature | #return value 1: bad signature | ||||
| #return value 2: gpg error | #return value 2: gpg error | ||||
| RET="$?" | RET="$?" | ||||
| if [ $RET -ne 0 ]; then | if [ $RET -ne 0 ]; then | ||||
| if [ $RET -eq 1 ]; then | if [ $RET -eq 1 ]; then | ||||
| #and notify the user if it's bad | #and notify the user if it's bad | ||||
| echo "Bad signature." | echo "Bad signature." | ||||
| elif [ $RET -eq 2 ]; then | elif [ $RET -eq 2 ]; then | ||||
| #or if a gpg error has occurred | #or if a gpg error has occurred | ||||
| echo "gpg error. Do you have the Bitcoin Core binary release signing key installed?" | echo "gpg error. Do you have the Bitcoin Core binary release signing key installed?" | ||||
| fi | fi | ||||
| echo "gpg output:" | echo "gpg output:" | ||||
| # shellcheck disable=SC2001 | |||||
| echo "$GPGOUT"|sed 's/^/\t/g' | echo "$GPGOUT"|sed 's/^/\t/g' | ||||
| clean_up $SIGNATUREFILENAME $TMPFILE | clean_up $SIGNATUREFILENAME $TMPFILE | ||||
| exit "$RET" | exit "$RET" | ||||
| fi | fi | ||||
| #here we extract the filenames from the signature file | #here we extract the filenames from the signature file | ||||
| FILES=$(awk '{print $2}' "$TMPFILE") | FILES=$(awk '{print $2}' "$TMPFILE") | ||||
| Show All 30 Lines | |||||