Merge #10651: Verify binaries from bitcoincore.org and bitcoin.org
6270d62 Verify binaries from bitcoincore.org and bitcoin.org (Matt Corallo) Tree-SHA512: 39e99ce9be3e7c99d17b296749c0af53c867039bc95fd5b03572593c812817decea75e7296bb66e89ba460518210d84114b7bdc22465df621340319b47bd4303
This commit is contained in:
parent
f1c9b7a893
commit
b195cbb5e7
@ -3,7 +3,8 @@
|
|||||||
# Distributed under the MIT software license, see the accompanying
|
# Distributed under the MIT software license, see the accompanying
|
||||||
# file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
# file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
||||||
|
|
||||||
### This script attempts to download the signature file SHA256SUMS.asc from bitcoin.org
|
### This script attempts to download the signature file SHA256SUMS.asc from
|
||||||
|
### bitcoincore.org and bitcoin.org and compares them.
|
||||||
### It first checks if the signature passes, and then downloads the files specified in
|
### It first checks if the signature passes, and then downloads the files specified in
|
||||||
### the file, and checks if the hashes of these files match those that are specified
|
### the file, and checks if the hashes of these files match those that are specified
|
||||||
### in the signature file.
|
### in the signature file.
|
||||||
@ -22,7 +23,9 @@ TMPFILE="hashes.tmp"
|
|||||||
|
|
||||||
SIGNATUREFILENAME="SHA256SUMS.asc"
|
SIGNATUREFILENAME="SHA256SUMS.asc"
|
||||||
RCSUBDIR="test"
|
RCSUBDIR="test"
|
||||||
BASEDIR="https://bitcoin.org/bin/"
|
HOST1="https://bitcoincore.org"
|
||||||
|
HOST2="https://bitcoin.org"
|
||||||
|
BASEDIR="/bin/"
|
||||||
VERSIONPREFIX="bitcoin-core-"
|
VERSIONPREFIX="bitcoin-core-"
|
||||||
RCVERSIONSTRING="rc"
|
RCVERSIONSTRING="rc"
|
||||||
|
|
||||||
@ -81,7 +84,7 @@ else
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
#first we fetch the file containing the signature
|
#first we fetch the file containing the signature
|
||||||
WGETOUT=$(wget -N "$BASEDIR$SIGNATUREFILENAME" 2>&1)
|
WGETOUT=$(wget -N "$HOST1$BASEDIR$SIGNATUREFILENAME" 2>&1)
|
||||||
|
|
||||||
#and then see if wget completed successfully
|
#and then see if wget completed successfully
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
@ -92,6 +95,22 @@ if [ $? -ne 0 ]; then
|
|||||||
exit 2
|
exit 2
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
WGETOUT=$(wget -N -O "$SIGNATUREFILENAME.2" "$HOST2$BASEDIR$SIGNATUREFILENAME" 2>&1)
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
echo "bitcoin.org failed to provide signature file, but bitcoincore.org did?"
|
||||||
|
echo "wget output:"
|
||||||
|
echo "$WGETOUT"|sed 's/^/\t/g'
|
||||||
|
clean_up $SIGNATUREFILENAME
|
||||||
|
exit 3
|
||||||
|
fi
|
||||||
|
|
||||||
|
SIGFILEDIFFS="$(diff $SIGNATUREFILENAME $SIGNATUREFILENAME.2)"
|
||||||
|
if [ "$SIGFILEDIFFS" != "" ]; then
|
||||||
|
echo "bitcoin.org and bitcoincore.org signature files were not equal?"
|
||||||
|
clean_up $SIGNATUREFILENAME $SIGNATUREFILENAME.2
|
||||||
|
exit 4
|
||||||
|
fi
|
||||||
|
|
||||||
#then we check it
|
#then we check it
|
||||||
GPGOUT=$(gpg --yes --decrypt --output "$TMPFILE" "$SIGNATUREFILENAME" 2>&1)
|
GPGOUT=$(gpg --yes --decrypt --output "$TMPFILE" "$SIGNATUREFILENAME" 2>&1)
|
||||||
|
|
||||||
@ -111,7 +130,7 @@ if [ $RET -ne 0 ]; then
|
|||||||
|
|
||||||
echo "gpg output:"
|
echo "gpg output:"
|
||||||
echo "$GPGOUT"|sed 's/^/\t/g'
|
echo "$GPGOUT"|sed 's/^/\t/g'
|
||||||
clean_up $SIGNATUREFILENAME $TMPFILE
|
clean_up $SIGNATUREFILENAME $SIGNATUREFILENAME.2 $TMPFILE
|
||||||
exit "$RET"
|
exit "$RET"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -131,7 +150,7 @@ FILES=$(awk '{print $2}' "$TMPFILE")
|
|||||||
for file in $FILES
|
for file in $FILES
|
||||||
do
|
do
|
||||||
echo "Downloading $file"
|
echo "Downloading $file"
|
||||||
wget --quiet -N "$BASEDIR$file"
|
wget --quiet -N "$HOST1$BASEDIR$file"
|
||||||
done
|
done
|
||||||
|
|
||||||
#check hashes
|
#check hashes
|
||||||
@ -149,7 +168,7 @@ fi
|
|||||||
|
|
||||||
if [ -n "$2" ]; then
|
if [ -n "$2" ]; then
|
||||||
echo "Clean up the binaries"
|
echo "Clean up the binaries"
|
||||||
clean_up $FILES $SIGNATUREFILENAME $TMPFILE
|
clean_up $FILES $SIGNATUREFILENAME $SIGNATUREFILENAME.2 $TMPFILE
|
||||||
else
|
else
|
||||||
echo "Keep the binaries in $WORKINGDIR"
|
echo "Keep the binaries in $WORKINGDIR"
|
||||||
clean_up $TMPFILE
|
clean_up $TMPFILE
|
||||||
|
Loading…
Reference in New Issue
Block a user