-
Notifications
You must be signed in to change notification settings - Fork 0
/
get_latest_iso
executable file
·169 lines (148 loc) · 3.54 KB
/
get_latest_iso
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
#!/usr/bin/env bash
# This script downloads and verifies the latest ISO image from Debian's site.
# Usage:
# ./get_latest_iso
#
# Follow the prompt
gpg_key_short="0xDA87E80D6294BE9B"
gpg_key="DF9B9C49EAA9298432589D76DA87E80D6294BE9B"
# Bold output
code_bld () {
tput bold
printf '%s\n' "${1}"
tput sgr0
}
# Green output
code_grn () {
tput setaf 2
printf '%s\n' "${1}"
tput sgr0
}
# Red output
code_red () {
tput setaf 1
printf '%s\n' "${1}"
tput sgr0
}
# Yellow output
code_yel () {
tput setaf 3
printf '%s\n' "${1}"
tput sgr0
}
# Error checks
if ! command -v "curl" > /dev/null; then
code_red "[ERROR] curl not installed!"
echo
exit 1
fi
# Prompt to choose architecture
select_arch() {
printf '%s\n' "Select which ISO architecture you would like to download: "
PS3='Please choose: '
options=("arm64" "amd64")
select opt in "${options[@]}"; do
case $REPLY in
1|2)
arch="${opt}"
break
;;
*) code_red "[ERROR] Invalid option: $REPLY" ;;
esac
done
url="https://cdimage.debian.org/debian-cd/current/${arch}/iso-cd/"
}
# Use curl to download
curl_download() {
curl --location --remote-name "${1}"
}
# Find latest ISO
query_latest() {
latest_iso="$(curl --silent "${url}" | \
awk -v iso="debian-[[:digit:]].*-${arch}-netinst\.iso" \
-F'href=|>' '$0 ~ iso { gsub(/\"/, "", $0); print $4 }')"
echo
printf '%s\n\n' "[INFO] Newest ISO available is ${latest_iso}"
}
# Download ISO file
download_iso() {
if [ ! -f "${latest_iso}" ]; then
printf '%s\n' "[INFO] Downloading ${latest_iso}"
curl_download "${url}/${latest_iso}"
echo
else
code_red "[ERROR] ${latest_iso} already downloaded! Exiting.."
exit 1
fi
}
# Download checksum files
download_sums() {
if [ ! -f "SHA512SUMS" ]; then
printf '%s\n' "[INFO] Downloading SHA512SUMS"
curl_download "${url}/SHA512SUMS"
echo
else
if ! grep -q "${latest_iso}" "SHA512SUMS"; then
code_yel "[INFO] Deleting existing SHA512SUMS"
rm -f SHA512SUMS
printf '%s\n' "[INFO] Downloading SHA512SUMS"
curl_download "${url}/SHA512SUMS"
echo
fi
fi
}
# Download checksum signature files
download_sigs() {
if [ ! -f "SHA512SUMS.sign" ]; then
printf '%s\n' "[INFO] Downloading SHA512SUMS.sign"
curl_download "${url}/SHA512SUMS.sign"
echo
else
code_yel "[INFO] Deleting existing SHA512SUMS.sign"
rm -f SHA512SUMS.sign
printf '%s\n' "[INFO] Downloading SHA512SUMS.sign"
curl_download "${url}/SHA512SUMS"
echo
fi
}
# Check if Debian gpg key is in keyring
import_gpg() {
if ! gpg --list-keys "${gpg_key_short}" >/dev/null; then
code_yel "[INFO] Importing Debian GPG Key"
gpg --keyserver keyring.debian.org --recv "${gpg_key}"
echo
fi
}
# Verify checksum and ISO file
verify_iso() {
printf '%s\n' "[INFO] Verifying GPG signature"
if gpg --verify SHA512SUMS.sign SHA512SUMS; then
echo
printf '%s\n' "[INFO] Verifying ISO checksums"
if sha512sum --ignore-missing -c SHA512SUMS 2>/dev/null; then
echo
code_grn "[SUCCESS] ${latest_iso} successfully verified!"
printf '%s\n' "[INFO] Cleaning up signature files"
rm -f SHA512SUMS SHA512SUMS.sign
echo
else
echo
code_red "[ERROR] SHA512SUM failed. Exiting"
exit 1
fi
else
echo
code_red "[ERROR] Signature verification failed. Exiting"
exit 1
fi
}
# Download and verify the ISO
select_arch
query_latest
download_iso
download_sums
download_sigs
import_gpg
verify_iso
code_grn "Done, enjoy!"
# vim: ft=sh ts=2 sts=2 sw=2 sr et