build/scripts/check_signatures.sh - marmotta - Git at Google

 #!/bin/bash -e
 #
 # Licensed to the Apache Software Foundation (ASF) under one or more
 # contributor license agreements.  See the NOTICE file distributed with
 # this work for additional information regarding copyright ownership.
 # The ASF licenses this file to You under the Apache License, Version 2.0
 # (the "License"); you may not use this file except in compliance with
 # the License.  You may obtain a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License
 #
 ##############################################################################
 #
 # Usage: ./check_signatures.sh <RELEASE_DIR>
 #
 # Progress printed on STDOUT, result available via exit-code
 #
 # Exit-Codes:
 #    0 - All fine, signatures and digests are valid and correct
 #    1 - A Required file (.asc, .md5, .sha1) is missing
 #    2 - Invalid pgp/gpg signature found (.asc)
 #    3 - Incorrect md5-sum detected (.md5)
 #    4 - Incorrect sha1-sum detected (.sha1)
 #  255 - Wrong/Missing command parameter
 #

 # Check for arguments
 [ -z $1 ] && { echo "USAGE: $0 <RELEASE_DIR>" >&2; exit 255; }
 [ ! -d $1 ] && { echo "release-dir '$1' not found" >&2; exit 255; }

 BASE="${1}"
 #cd "$BASE"

 KR=$(mktemp)
 # make sure that the temp-keyring is removed on exit
 trap "{ C=$?; rm -f ${KR} ${KR}~ ; exit $C; }" EXIT

 gpg="gpg --primary-keyring $KR"
 # If there is a KEYS file, import it into the temp keyring
 [ -r "$BASE/KEYS" ] && { echo "Import KEYS into temporary keyring"; $gpg --import "$BASE/KEYS"; echo; }

 # Look for all archives: *.zip, *.tar.gz, *.tgz
 find "$BASE" -maxdepth 1 -type f -name "*.zip" -o -name "*.t*gz" | sort | while read f; do
 	echo "Checking archive $(basename $f)..."

         # Check gpg/pgp signature
         if [ -f "${f}.asc" ]; then
            $gpg --verify "${f}.asc" &>/dev/null && echo "  - Signature: OK" || { echo "  - Signature: ERROR"; exit 2; }
         else
            echo "  - Signature: MISSING"; exit 1
         fi

         # Check md5sum
         if [ -f "${f}.md5" ]; then
            echo "$(cat ${f}.md5)  ${f}" | md5sum --check - &>/dev/null && echo "  - MD5: OK" || { echo "  - MD5: ERROR"; exit 3; }
         else
            echo "  - MD5: MISSING"; exit 1
         fi

         # Check sha1
         if [ -f "${f}.sha1" ]; then
            echo "$(cat ${f}.sha1)  ${f}" | sha1sum --check - &>/dev/null && echo "  - SHA1: OK" || { echo "  - SHA1: ERROR"; exit 4; }
         else
            echo "  - SHA1: MISSING"; exit 1
         fi
 	echo
 done
 echo "All archives in $BASE have valid signatures and digests."
 echo
	#!/bin/bash -e
	#
	# Licensed to the Apache Software Foundation (ASF) under one or more
	# contributor license agreements. See the NOTICE file distributed with
	# this work for additional information regarding copyright ownership.
	# The ASF licenses this file to You under the Apache License, Version 2.0
	# (the "License"); you may not use this file except in compliance with
	# the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License
	#
	##############################################################################
	#
	# Usage: ./check_signatures.sh <RELEASE_DIR>
	#
	# Progress printed on STDOUT, result available via exit-code
	#
	# Exit-Codes:
	# 0 - All fine, signatures and digests are valid and correct
	# 1 - A Required file (.asc, .md5, .sha1) is missing
	# 2 - Invalid pgp/gpg signature found (.asc)
	# 3 - Incorrect md5-sum detected (.md5)
	# 4 - Incorrect sha1-sum detected (.sha1)
	# 255 - Wrong/Missing command parameter
	#

	# Check for arguments
	[ -z $1 ] && { echo "USAGE: $0 <RELEASE_DIR>" >&2; exit 255; }
	[ ! -d $1 ] && { echo "release-dir '$1' not found" >&2; exit 255; }

	BASE="${1}"
	#cd "$BASE"

	KR=$(mktemp)
	# make sure that the temp-keyring is removed on exit
	trap "{ C=$?; rm -f ${KR} ${KR}~ ; exit $C; }" EXIT

	gpg="gpg --primary-keyring $KR"
	# If there is a KEYS file, import it into the temp keyring
	[ -r "$BASE/KEYS" ] && { echo "Import KEYS into temporary keyring"; $gpg --import "$BASE/KEYS"; echo; }

	# Look for all archives: .zip, .tar.gz, *.tgz
	find "$BASE" -maxdepth 1 -type f -name ".zip" -o -name ".t*gz" \| sort \| while read f; do
	echo "Checking archive $(basename $f)..."

	# Check gpg/pgp signature
	if [ -f "${f}.asc" ]; then
	$gpg --verify "${f}.asc" &>/dev/null && echo " - Signature: OK" \|\| { echo " - Signature: ERROR"; exit 2; }
	else
	echo " - Signature: MISSING"; exit 1
	fi

	# Check md5sum
	if [ -f "${f}.md5" ]; then
	echo "$(cat ${f}.md5) ${f}" \| md5sum --check - &>/dev/null && echo " - MD5: OK" \|\| { echo " - MD5: ERROR"; exit 3; }
	else
	echo " - MD5: MISSING"; exit 1
	fi

	# Check sha1
	if [ -f "${f}.sha1" ]; then
	echo "$(cat ${f}.sha1) ${f}" \| sha1sum --check - &>/dev/null && echo " - SHA1: OK" \|\| { echo " - SHA1: ERROR"; exit 4; }
	else
	echo " - SHA1: MISSING"; exit 1
	fi
	echo
	done
	echo "All archives in $BASE have valid signatures and digests."
	echo