| #!/bin/bash |
| |
| # verify-ofbiz-release.sh |
| # checks the given release zip file for correct md5/SHA checksums and signing certificate |
| # see https://www.apache.org/dev/release-signing.html |
| |
| # color definitions for output |
| RED='\033[0;31m' |
| GRN='\033[0;32m' |
| NC='\033[0m' # No Color |
| |
| if [[ $# -eq 0 ]] ; then |
| echo "Usage: $0 [apache-ofbiz-xx.xx.xx.zip]" |
| exit 1 |
| fi |
| |
| checkSHA () { |
| file1=`gpg --print-md SHA512 $1` |
| file2=`cut -d* -f1 $1.sha512` |
| |
| echo "sha check of file: $1" |
| echo "Using sha file: $1.sha512" |
| echo $file1 |
| echo $file2 |
| |
| if [ "$file1" != "$file2" ] |
| then |
| echo -e "${RED}sha sums mismatch!${NC}" |
| else |
| echo -e "${GRN}sha checksum OK${NC}" |
| fi |
| |
| echo "" |
| |
| return 0 |
| } |
| |
| if [ ! -f $1.sha512 ]; |
| then |
| echo -e "${RED}skipping sha check!${NC} (sha checksum file $1.sha512 not found)\n" |
| else |
| checkSHA $1 |
| fi |
| |
| if [ ! -f $1.asc ]; |
| then |
| echo -e "${RED}skipping signature check!${NC} (signature file $1.asc not found)" |
| else |
| echo "GPG verification output" |
| LC_MESSAGES=en_EN.UTF-8 gpg --verify $1.asc $1 |
| fi |
