3
### This script attempts to download the signature file SHA256SUMS.asc from bitcoin.org
4
### It first checks if the signature passes, and then downloads the files specified in
5
### the file, and checks if the hashes of these files match those that are specified
6
### in the signature file.
7
### The script returns 0 if everything passes the checks. It returns 1 if either the
8
### signature check or the hash check doesn't pass. If an error occurs the return value is 2
13
rm "$file" 2> /dev/null
17
WORKINGDIR="/tmp/bitcoin"
20
SIGNATUREFILENAME="SHA256SUMS.asc"
22
BASEDIR="https://bitcoin.org/bin/"
23
VERSIONPREFIX="bitcoin-core-"
26
if [ ! -d "$WORKINGDIR" ]; then
32
#test if a version number has been passed as an argument
34
#let's also check if the version number includes the prefix 'bitcoin-',
35
# and add this prefix if it doesn't
36
if [[ $1 == "$VERSIONPREFIX"* ]]; then
39
VERSION="$VERSIONPREFIX$1"
42
#now let's see if the version string contains "rc", and strip it off if it does
43
# and simultaneously add RCSUBDIR to BASEDIR, where we will look for SIGNATUREFILENAME
44
if [[ $VERSION == *"$RCVERSIONSTRING"* ]]; then
45
BASEDIR="$BASEDIR${VERSION/%-$RCVERSIONSTRING*}/"
46
BASEDIR="$BASEDIR$RCSUBDIR"
48
BASEDIR="$BASEDIR$VERSION/"
51
SIGNATUREFILE="$BASEDIR$SIGNATUREFILENAME"
53
echo "Error: need to specify a version on the command line"
57
#first we fetch the file containing the signature
58
WGETOUT=$(wget -N "$BASEDIR$SIGNATUREFILENAME" 2>&1)
60
#and then see if wget completed successfully
62
echo "Error: couldn't fetch signature file. Have you specified the version number in the following format?"
63
echo "[$VERSIONPREFIX]<version>-[$RCVERSIONSTRING[0-9]] (example: "$VERSIONPREFIX"0.10.4-"$RCVERSIONSTRING"1)"
65
echo "$WGETOUT"|sed 's/^/\t/g'
70
GPGOUT=$(gpg --yes --decrypt --output "$TMPFILE" "$SIGNATUREFILENAME" 2>&1)
72
#return value 0: good signature
73
#return value 1: bad signature
74
#return value 2: gpg error
77
if [ $RET -ne 0 ]; then
78
if [ $RET -eq 1 ]; then
79
#and notify the user if it's bad
81
elif [ $RET -eq 2 ]; then
82
#or if a gpg error has occurred
83
echo "gpg error. Do you have the Bitcoin Core binary release signing key installed?"
87
echo "$GPGOUT"|sed 's/^/\t/g'
88
clean_up $SIGNATUREFILENAME $TMPFILE
92
#here we extract the filenames from the signature file
93
FILES=$(awk '{print $2}' "$TMPFILE")
95
#and download these one by one
98
wget --quiet -N "$BASEDIR$file"
102
DIFF=$(diff <(sha256sum $FILES) "$TMPFILE")
104
if [ $? -eq 1 ]; then
105
echo "Hashes don't match."
106
echo "Offending files:"
107
echo "$DIFF"|grep "^<"|awk '{print "\t"$3}'
109
elif [ $? -gt 1 ]; then
110
echo "Error executing 'diff'"
114
#everything matches! clean up the mess
115
clean_up $FILES $SIGNATUREFILENAME $TMPFILE
117
echo -e "Verified hashes of \n$FILES"