Commit c47a42f8 authored by Jamie Scaife's avatar Jamie Scaife

Improved command-line argument handling, added support for selecting GnuPG...

Improved command-line argument handling, added support for selecting GnuPG versions, updated README, other minor changes
parent 7100a871
......@@ -4,6 +4,13 @@ A script to automatically download and perform integrity verifications for vario
This was created primarily for my own usage, to remove the need to manually download and verify some of the software packages that I use.
## Changelog
| Date | Notes |
|------|--------|
| **2019-06-10** | Added support for selecting GnuPG versions, added signing keys, other minor changes. |
| **2019-06-09** | Initial pre-production release. |
## Supported Packages
Currently, the following software packages are supported (all 64-bit, where possible):
......@@ -22,7 +29,7 @@ Currently, the following software packages are supported (all 64-bit, where poss
* Bash
* Wget
* GnuPG
* GnuPG (both `gpg2` and `gpg` are supported, see command-line arguments below)
* Whiptail OR Dialog
## Compatibility
......@@ -31,7 +38,9 @@ The script will run in any standard Bash shell environment, as long as the depen
## Running the Script
Ensure that your current working directory is that of the script, and the `origins/` and `downloads/` directories are present.
Ensure that your current working directory is that of the script, and the `sites/` and `downloads/` directories are present.
The `sites/` directory contains the URLs/origins of the downloadable files. For example, the download 'site' for the Ubuntu ISOs is `releases.ubuntu.com`. These are separated from the main script to help prevent accidental modification.
Run the script using `./dl-integrity-verify.sh` or `bash dl-integrity-verify.sh`.
......@@ -41,7 +50,13 @@ The package will then download, and the integrity verifications will be performe
## Command-line Arguments
* `--no-download`: Force the script to run without downloading anything. This is useful if you just want to verify files that are already downloaded.
* `--no-download` | `-nd`: Force the script to run without downloading anything. This is useful if you just want to verify files that are already downloaded.
* `--gpg2`: Force the script to use `gpg2` (GnuPG 2.x).
* `--gpg`: Force the script to use `gpg` (GnuPG 1.x).
## GnuPG Support
By default, the script will use `gpg2` (GnuPG 2.x) for signature verifications. If you'd like to use `gpg` (GnuPG 1.x) instead, you can use the `--gpg` option, as described above.
## Included Signing Keys
......
#!/bin/bash
#dl-integrity-verify (Download & Verify) by Jamie Scaife (jamieweb.net) created 2019-05-26 23:00
if (command -v whiptail); then
gnupg="gpg2"
while [[ $# -gt 0 ]]; do
argument="$1"
case "$argument" in
-nd|--no-download) #Force script to continue without downloading anything
no_download=1
shift
;;
--gpg2) #Force usage of gpg2
gnupg="gpg2"
shift
;;
--gpg) #Force usage of gpg
gnupg="gpg"
shift
;;
*)
echo "Invalid argument. Exiting..."
exit
;;
esac
done
if (command -v whiptail > /dev/null); then
menu="whiptail"
elif (command -v dialog); then
elif (command -v dialog > /dev/null); then
menu="dialog"
echo "Using Dialog, as Whiptail doesn't appear to be installed."
else
......@@ -43,11 +70,11 @@ confirm_choice () {
}
verify_origin () {
echo -e "\nVerifying download origin: '${dl_origin//./[.]}'" | log
dl_origin_sha256_actual=$(sha256sum <<< "$dl_origin" | head -c 64)
echo "Expected hash: $dl_origin_sha256_expected" | log
echo "Actual hash: $dl_origin_sha256_actual" | log
if [ "$dl_origin_sha256_expected" == "$dl_origin_sha256_actual" ]; then
echo -e "\nVerifying download origin: '${dl_site//./[.]}'" | log
dl_site_sha256_actual=$(sha256sum <<< "$dl_site" | head -c 64)
echo "Expected hash: $dl_site_sha256_expected" | log
echo "Actual hash: $dl_site_sha256_actual" | log
if [ "$dl_site_sha256_expected" == "$dl_site_sha256_actual" ]; then
echo -e "Download origin check: OK\n" | log
else
echo "Download origin check FAILED. Exiting..." | log
......@@ -73,16 +100,18 @@ check_clobber () {
else
echo "File(s) already exist, but the '--no-download' option is set. Continuing..." | log
fi
elif [ "$no_download" == 1 ]; then
echo "Proceeding without downloading anything, as the '--no-download' option is set. This will probably result in an error, as there are no files/signatures to verify."
fi
}
download () {
source "origins/$dl_origin_name"
source "sites/$dl_site_name"
verify_origin
echo "Downloading files..." | log
for file in "${dl_files[@]}"; do
echo "Downloading '$file'..." | log
wget --no-clobber --directory-prefix="downloads/$choice/" "$dl_origin$dl_path/$file"
wget --no-clobber --directory-prefix="downloads/$choice/" "$dl_site$dl_path/$file"
if [ "$?" != 0 ]; then
echo "Error downloading '$file', exiting..." | log
exit
......@@ -111,7 +140,7 @@ gpg_signed_hashes_sha256_sha1 () {
gpg_verify () { # <signature> <file>
echo "Verifying '$2' using signature '$1':" | log
gpg_verification_output=$(gpg --verify "$1" "$2" 2>&1)
gpg_verification_output=$("$gnupg" --verify "$1" "$2" 2>&1)
gpg_verification_exit_code="$?"
echo "$gpg_verification_output" | log
if [ "$gpg_verification_exit_code" == 0 ]; then
......@@ -170,8 +199,8 @@ confirm_choice "$choice"
case "$choice" in
"Ubuntu 18.04 LTS")
file_name="ubuntu-18.04.2-desktop-amd64.iso"
dl_origin_name="ubuntu-releases"
dl_origin_sha256_expected="256b912563ae525d387be32be68fa3f4be7226e5af99f881cf6ab94cacf51fd0"
dl_site_name="ubuntu-releases"
dl_site_sha256_expected="256b912563ae525d387be32be68fa3f4be7226e5af99f881cf6ab94cacf51fd0"
dl_path="18.04.2"
dl_files=("$file_name" "SHA256SUMS" "SHA256SUMS.gpg" "SHA1SUMS" "SHA1SUMS.gpg" "MD5SUMS" "MD5SUMS.gpg")
verif_method="gpg_signed_hashes_sha256_sha1_md5"
......@@ -188,7 +217,7 @@ case "$choice" in
esac
#Check for potential clobbering
if [ "$1" == "--no-download" ]; then
if [ "$no_download" == 1 ]; then
check_clobber "warn"
else
check_clobber "exit"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment