Skip to content
This repository
Browse code

Added script that verifies authenticity of binaries on SourceForge

  • Loading branch information...
commit de91ea0c0c2fead60bfe9a531558cbe1c562346e 1 parent 485d667
Rune K. Svendsen authored

Showing 1 changed file with 119 additions and 0 deletions. Show diff stats Hide diff stats

  1. 119  contrib/verifysfbinaries/verify.sh
119  contrib/verifysfbinaries/verify.sh
... ...
@@ -0,0 +1,119 @@
  1
+#!/bin/bash
  2
+
  3
+###   This script attempts to download the signature file SHA256SUMS.asc from SourceForge
  4
+###   It first checks if the signature passes, and then downloads the files specified in
  5
+###   the file, and checks if the hashes of these files match those that are specified
  6
+###   in the signature file.
  7
+###   The script returns 0 if everything passes the checks. It returns 1 if either the
  8
+###   signature check or the hash check doesn't pass. If an error occurs the return value is 2
  9
+
  10
+function clean_up {
  11
+   for file in $*
  12
+   do
  13
+      rm "$file" 2> /dev/null
  14
+   done
  15
+}
  16
+
  17
+WORKINGDIR="/tmp/bitcoin"
  18
+TMPFILE="hashes.tmp"
  19
+
  20
+#this URL is used if a version number is not specified as an argument to the script
  21
+SIGNATUREFILE="http://downloads.sourceforge.net/project/bitcoin/Bitcoin/bitcoin-0.7.1/test/SHA256SUMS.asc"
  22
+
  23
+SIGNATUREFILENAME="SHA256SUMS.asc"
  24
+RCSUBDIR="test/"
  25
+BASEDIR="http://downloads.sourceforge.net/project/bitcoin/Bitcoin/"
  26
+VERSIONPREFIX="bitcoin-"
  27
+RCVERSIONSTRING="rc"
  28
+
  29
+if [ ! -d "$WORKINGDIR" ]; then
  30
+   mkdir "$WORKINGDIR"
  31
+fi
  32
+
  33
+cd "$WORKINGDIR"
  34
+
  35
+#test if a version number has been passed as an argument
  36
+if [ -n "$1" ]; then
  37
+   #let's also check if the version number includes the prefix 'bitcoin-',
  38
+   #  and add this prefix if it doesn't
  39
+   if [[ $1 == "$VERSIONPREFIX"* ]]; then
  40
+      VERSION="$1"
  41
+   else
  42
+      VERSION="$VERSIONPREFIX$1"
  43
+   fi
  44
+
  45
+   #now let's see if the version string contains "rc", and strip it off if it does
  46
+   #  and simultaneously add RCSUBDIR to BASEDIR, where we will look for SIGNATUREFILENAME
  47
+   if [[ $VERSION == *"$RCVERSIONSTRING"* ]]; then
  48
+      BASEDIR="$BASEDIR${VERSION/%-$RCVERSIONSTRING*}/"
  49
+      BASEDIR="$BASEDIR$RCSUBDIR"
  50
+   else
  51
+      BASEDIR="$BASEDIR$VERSION/"
  52
+   fi
  53
+
  54
+   SIGNATUREFILE="$BASEDIR$SIGNATUREFILENAME"
  55
+else
  56
+   BASEDIR="${SIGNATUREFILE%/*}/"
  57
+fi
  58
+
  59
+#first we fetch the file containing the signature
  60
+WGETOUT=$(wget -N "$BASEDIR$SIGNATUREFILENAME" 2>&1)
  61
+
  62
+#and then see if wget completed successfully
  63
+if [ $? -ne 0 ]; then
  64
+   echo "Error: couldn't fetch signature file. Have you specified the version number in the following format?"
  65
+   echo "[bitcoin-]<version>-[rc[0-9]] (example: bitcoin-0.7.1-rc1)"
  66
+   echo "wget output:"
  67
+   echo "$WGETOUT"|sed 's/^/\t/g'
  68
+   exit 2
  69
+fi
  70
+
  71
+#then we check it
  72
+GPGOUT=$(gpg --yes --decrypt --output "$TMPFILE" "$SIGNATUREFILENAME" 2>&1)
  73
+
  74
+#return value 0: good signature
  75
+#return value 1: bad signature
  76
+#return value 2: gpg error
  77
+
  78
+RET="$?"
  79
+if [ $RET -ne 0 ]; then
  80
+   if [ $RET -eq 1 ]; then
  81
+      #and notify the user if it's bad
  82
+      echo "Bad signature."
  83
+   elif [ $RET -eq 2 ]; then
  84
+      #or if a gpg error has occured
  85
+      echo "gpg error. Do you have Gavin's code signing key installed?"
  86
+   fi
  87
+
  88
+   echo "gpg output:"
  89
+   echo "$GPGOUT"|sed 's/^/\t/g'
  90
+   clean_up $SIGNATUREFILENAME $TMPFILE
  91
+   exit "$RET"
  92
+fi
  93
+
  94
+#here we extract the filenames from the signature file
  95
+FILES=$(awk '{print $2}' "$TMPFILE")
  96
+
  97
+#and download these one by one
  98
+for file in in $FILES
  99
+do
  100
+   wget --quiet -N "$BASEDIR$file"
  101
+done
  102
+
  103
+#check hashes
  104
+DIFF=$(diff <(sha256sum $FILES) "$TMPFILE")
  105
+
  106
+if [ $? -eq 1 ]; then
  107
+   echo "Hashes don't match."
  108
+   echo "Offending files:"
  109
+   echo "$DIFF"|grep "^<"|awk '{print "\t"$3}'
  110
+   exit 1
  111
+elif [ $? -gt 1 ]; then
  112
+   echo "Error executing 'diff'"
  113
+   exit 2   
  114
+fi
  115
+
  116
+#everything matches! clean up the mess
  117
+clean_up $FILES $SIGNATUREFILENAME $TMPFILE
  118
+
  119
+exit 0

0 notes on commit de91ea0

Please sign in to comment.
Something went wrong with that request. Please try again.