Commit 10515a36 authored by Jamie Scaife's avatar Jamie Scaife

Initial working version of script

parent b474927f
downloads/*
MIT License
Copyright (c) 2019 Jamie Scaife (jamieweb.net)
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
#!/bin/bash
#dl-integrity-verify (Download & Verify) by Jamie Scaife (jamieweb.net) created 2019-05-26 23:00
if (command -v whiptail); then
menu="whiptail"
elif (command -v dialog); then
menu="dialog"
echo "Using Dialog, as Whiptail doesn't appear to be installed."
else
echo "Whiptail/Dialog is not installed. Please install Whiptail (preferred) or Dialog. Exiting..."
exit
fi
log () {
if [ "$1" == "noout" ]; then
cat - >> "$log_file"
else
tee --output-error=exit -a "$log_file"
fi
}
confirm_choice () {
if [ -z "$choice" ]; then
echo "No option selected, exiting..."
exit
elif ("$menu" --clear --title "Confirm Choice" --yesno "You selected '$1', are you sure?" 13 55); then
mkdir -p "downloads/$choice"
if [ "$?" != 0 ]; then
echo "Error creating directory 'downloads/$choice', exiting..."
exit
fi
log_file="downloads/$choice/VERIFICATIONS"
echo "Saving log to '$log_file'" #This line is not logged.
if [ -f "$log_file" ]; then
printf "\n\n" | log noout
fi
echo "`date`:" | log noout
echo "Selected '$choice'." | log
else
echo "Declined choice, exiting..."
exit
fi
}
verify_origin () {
echo -e "\nVerifying download origin: '${dl_origin//./[.]}'" | log
dl_origin_sha256_actual=$(sha256sum <<< "$dl_origin" | head -c 64)
echo "Expected hash: $dl_origin_sha256_expected" | log
echo "Actual hash: $dl_origin_sha256_actual" | log
if [ "$dl_origin_sha256_expected" == "$dl_origin_sha256_actual" ]; then
echo -e "Download origin check: OK\n" | log
else
echo "Download origin check FAILED. Exiting..." | log
exit
fi
}
check_clobber () {
echo -e "\nChecking for existing files that may be overwritten by download:" | log
for file in "${dl_files[@]}"; do
printf "$file: " | log
if [ -f "downloads/$choice/$file" ]; then
echo "FOUND" | log
found=1
else
echo "Not Found (OK)" | log
fi
done
if [ ! -z "$found" ]; then
if [ "$1" == "exit" ]; then
echo "File(s) already exist. Remove the files, or use the '--no-download' option to force the script to continue. Exiting..." | log
exit
else
echo "File(s) already exist, but the '--no-download' option is set. Continuing..." | log
fi
fi
}
download () {
source "origins/$dl_origin_name"
verify_origin
echo "Downloading files..." | log
for file in "${dl_files[@]}"; do
echo "Downloading '$file'..." | log
wget --no-clobber --directory-prefix="downloads/$choice/" "$dl_origin$dl_path/$file"
if [ "$?" != 0 ]; then
echo "Error downloading '$file', exiting..." | log
exit
elif ! [ -s "downloads/$choice/$file" ]; then
echo "Error, file '$file' is zero, exiting..." | log
exit
fi
done
}
gpg_signed_hashes_sha256_sha1_md5 () {
gpg_verify "downloads/$choice/SHA256SUMS.gpg" "downloads/$choice/SHA256SUMS"
gpg_verify "downloads/$choice/SHA1SUMS.gpg" "downloads/$choice/SHA1SUMS"
gpg_verify "downloads/$choice/MD5SUMS.gpg" "downloads/$choice/MD5SUMS"
hash_verify "sha256" "SHA256SUMS" "downloads/$choice/"
hash_verify "sha1" "SHA1SUMS" "downloads/$choice/"
hash_verify "md5" "MD5SUMS" "downloads/$choice/"
}
gpg_signed_hashes_sha256_sha1 () {
gpg_verify "downloads/$choice/SHA256SUMS.gpg" "downloads/$choice/SHA256SUMS"
gpg_verify "downloads/$choice/SHA1SUMS.gpg" "downloads/$choice/SHA1SUMS"
hash_verify "sha256" "SHA256SUMS" "downloads/$choice/"
hash_verify "sha1" "SHA1SUMS" "downloads/$choice/"
}
gpg_verify () { # <signature> <file>
echo "Verifying '$2' using signature '$1':" | log
gpg_verification_output=$(gpg --verify "$1" "$2" 2>&1)
gpg_verification_exit_code="$?"
echo "$gpg_verification_output" | log
if [ "$gpg_verification_exit_code" == 0 ]; then
echo -e "SUCCESS\n" | log
else
echo "BAD SIGNATURE, exiting..." | log
exit
fi
}
hash_verify () { # <algo> <file> <directory>
echo -n "Checking $1: " | log
case "$1" in
"sha256")
hash_verification_output=$(cd "$3" && sha256sum --check --strict --ignore-missing "$2" 2>&1)
;;
"sha1")
hash_verification_output=$(cd "$3" && sha1sum --check --strict --ignore-missing "$2" 2>&1)
;;
"md5")
hash_verification_output=$(cd "$3" && md5sum --check --strict --ignore-missing "$2" 2>&1)
;;
*)
echo "Script error - invalid hashing algorithm. Exiting..." | log
exit
;;
esac
hash_verification_exit_code="$?"
echo "$hash_verification_output" | log
if [ "$hash_verification_exit_code" != 0 ]; then
echo "Hash verification error. Exiting..." | log
exit
fi
grep " [ *]$file_name\$" "downloads/$choice/$2" | log
}
#Select package to download and verify
choice=$("$menu" --clear --title "Download & Verify" --menu "Select a package:" 13 55 5 \
"Ubuntu 18.04 LTS" " (ISO)" \
"Xubuntu 18.04 LTS" " (ISO)" \
"Kali Linux" " (ISO)" \
"Cygwin" " (EXE)" \
"KeePassXC" " (MSI)" \
"Nmap" " (EXE)" \
"Notepad++" " (EXE)" \
"VirtualBox" " (EXE)" \
"Wireshark" " (EXE)" 3>&2 2>&1 1>&3)
#Confirm choice
confirm_choice "$choice"
#Set package-specific configuration variables
case "$choice" in
"Ubuntu 18.04 LTS")
file_name="ubuntu-18.04.2-desktop-amd64.iso"
dl_origin_name="ubuntu-releases"
dl_origin_sha256_expected="256b912563ae525d387be32be68fa3f4be7226e5af99f881cf6ab94cacf51fd0"
dl_path="18.04.2"
dl_files=("$file_name" "SHA256SUMS" "SHA256SUMS.gpg" "SHA1SUMS" "SHA1SUMS.gpg" "MD5SUMS" "MD5SUMS.gpg")
verif_method="gpg_signed_hashes_sha256_sha1_md5"
;;
"Xubuntu 18.04 LTS")
echo xubuntu
;;
*)
echo "No Option Selected, Exiting..."
exit
;;
esac
#Check for potential clobbering
if [ "$1" == "--no-download" ]; then
check_clobber "warn"
else
check_clobber "exit"
#Download the package files
download
fi
printf "\n" | log
#Select and perform the relevant verification method
case "$verif_method" in
"gpg_signed_hashes_sha256_sha1_md5") #Ubuntu ISOs
gpg_signed_hashes_sha256_sha1_md5
;;
"gpg_signed_hashes_sha256_sha1") #Kali Linux ISOs
gpg_signed_hashes_sha256_sha1
;;
"gpg_signed_direct")
gpg_signed_direct
;;
*)
echo "Script error - invalid verification method. Exiting..." | log
exit
;;
esac
dl_origin="http://releases.ubuntu.com/"
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment