| #!/bin/sh |
| |
| # |
| # Checks signatures and digests of source-releases. |
| # |
| # Usage: check_signatures_and_digests.sh <DIR_WITH_SOURCE_RELEASE.ZIPs> |
| # |
| |
| echo "################################################################################" |
| echo " CHECK SIGNATURES AND DIGESTS " |
| echo "################################################################################" |
| |
| for i in `find "$1" -maxdepth 1 -type f | grep -v '\.\(asc\|sha1\|md5\)$'` |
| do |
| f=`echo $i | sed 's/\.asc$//'` |
| echo "$f" |
| gpg --verify $f.asc 2>/dev/null |
| if [ "$?" = "0" ]; then CHKSUM="GOOD"; else CHKSUM="BAD!!!!!!!!"; fi |
| if [ ! -f "$f.asc" ]; then CHKSUM="----"; fi |
| echo "gpg: ${CHKSUM}" |
| |
| for tp in md5 sha1 |
| do |
| if [ ! -f "$f.$tp" ] |
| then |
| CHKSUM="----" |
| else |
| A="`cat $f.$tp 2>/dev/null`" |
| B="`openssl $tp < $f 2>/dev/null | sed 's/.*= *//' `" |
| if [ "$A" = "$B" ]; then CHKSUM="GOOD (`cat $f.$tp`)"; else CHKSUM="BAD!! : $A not equal to $B"; fi |
| fi |
| echo "$tp : ${CHKSUM}" |
| done |
| |
| done |
| |
| if [ -z "${CHKSUM}" ]; then echo "WARNING: no files found!"; fi |
| |
| echo "################################################################################" |
