Merge #10651: Verify binaries from bitcoincore.org and bitcoin.org

6270d62 Verify binaries from bitcoincore.org and bitcoin.org (Matt Corallo)

Tree-SHA512: 39e99ce9be3e7c99d17b296749c0af53c867039bc95fd5b03572593c812817decea75e7296bb66e89ba460518210d84114b7bdc22465df621340319b47bd4303
This commit is contained in:
Wladimir J. van der Laan 2017-07-11 15:25:05 +02:00 committed by Pasta
parent f1c9b7a893
commit b195cbb5e7
No known key found for this signature in database
GPG Key ID: D362C9F7142766AE

View File

@ -3,7 +3,8 @@
# Distributed under the MIT software license, see the accompanying # Distributed under the MIT software license, see the accompanying
# file COPYING or http://www.opensource.org/licenses/mit-license.php. # file COPYING or http://www.opensource.org/licenses/mit-license.php.
### This script attempts to download the signature file SHA256SUMS.asc from bitcoin.org ### This script attempts to download the signature file SHA256SUMS.asc from
### bitcoincore.org and bitcoin.org and compares them.
### It first checks if the signature passes, and then downloads the files specified in ### It first checks if the signature passes, and then downloads the files specified in
### the file, and checks if the hashes of these files match those that are specified ### the file, and checks if the hashes of these files match those that are specified
### in the signature file. ### in the signature file.
@ -22,7 +23,9 @@ TMPFILE="hashes.tmp"
SIGNATUREFILENAME="SHA256SUMS.asc" SIGNATUREFILENAME="SHA256SUMS.asc"
RCSUBDIR="test" RCSUBDIR="test"
BASEDIR="https://bitcoin.org/bin/" HOST1="https://bitcoincore.org"
HOST2="https://bitcoin.org"
BASEDIR="/bin/"
VERSIONPREFIX="bitcoin-core-" VERSIONPREFIX="bitcoin-core-"
RCVERSIONSTRING="rc" RCVERSIONSTRING="rc"
@ -81,7 +84,7 @@ else
fi fi
#first we fetch the file containing the signature #first we fetch the file containing the signature
WGETOUT=$(wget -N "$BASEDIR$SIGNATUREFILENAME" 2>&1) WGETOUT=$(wget -N "$HOST1$BASEDIR$SIGNATUREFILENAME" 2>&1)
#and then see if wget completed successfully #and then see if wget completed successfully
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
@ -92,6 +95,22 @@ if [ $? -ne 0 ]; then
exit 2 exit 2
fi fi
WGETOUT=$(wget -N -O "$SIGNATUREFILENAME.2" "$HOST2$BASEDIR$SIGNATUREFILENAME" 2>&1)
if [ $? -ne 0 ]; then
echo "bitcoin.org failed to provide signature file, but bitcoincore.org did?"
echo "wget output:"
echo "$WGETOUT"|sed 's/^/\t/g'
clean_up $SIGNATUREFILENAME
exit 3
fi
SIGFILEDIFFS="$(diff $SIGNATUREFILENAME $SIGNATUREFILENAME.2)"
if [ "$SIGFILEDIFFS" != "" ]; then
echo "bitcoin.org and bitcoincore.org signature files were not equal?"
clean_up $SIGNATUREFILENAME $SIGNATUREFILENAME.2
exit 4
fi
#then we check it #then we check it
GPGOUT=$(gpg --yes --decrypt --output "$TMPFILE" "$SIGNATUREFILENAME" 2>&1) GPGOUT=$(gpg --yes --decrypt --output "$TMPFILE" "$SIGNATUREFILENAME" 2>&1)
@ -111,7 +130,7 @@ if [ $RET -ne 0 ]; then
echo "gpg output:" echo "gpg output:"
echo "$GPGOUT"|sed 's/^/\t/g' echo "$GPGOUT"|sed 's/^/\t/g'
clean_up $SIGNATUREFILENAME $TMPFILE clean_up $SIGNATUREFILENAME $SIGNATUREFILENAME.2 $TMPFILE
exit "$RET" exit "$RET"
fi fi
@ -131,7 +150,7 @@ FILES=$(awk '{print $2}' "$TMPFILE")
for file in $FILES for file in $FILES
do do
echo "Downloading $file" echo "Downloading $file"
wget --quiet -N "$BASEDIR$file" wget --quiet -N "$HOST1$BASEDIR$file"
done done
#check hashes #check hashes
@ -149,7 +168,7 @@ fi
if [ -n "$2" ]; then if [ -n "$2" ]; then
echo "Clean up the binaries" echo "Clean up the binaries"
clean_up $FILES $SIGNATUREFILENAME $TMPFILE clean_up $FILES $SIGNATUREFILENAME $SIGNATUREFILENAME.2 $TMPFILE
else else
echo "Keep the binaries in $WORKINGDIR" echo "Keep the binaries in $WORKINGDIR"
clean_up $TMPFILE clean_up $TMPFILE