forked from tianon/docker-brew-ubuntu-core
-
Notifications
You must be signed in to change notification settings - Fork 0
/
verify.sh
executable file
·54 lines (47 loc) · 1.32 KB
/
verify.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
#!/bin/bash
set -Eeuo pipefail
cd "$(dirname "$BASH_SOURCE")"
versions=( "$@" )
if [ ${#versions[@]} -eq 0 ]; then
versions=( */ )
fi
versions=( "${versions[@]%/}" )
badness=
gpgFingerprint="$(grep -v '^#' gpg-fingerprint 2>/dev/null || true)"
if [ -z "$gpgFingerprint" ]; then
echo >&2 'warning: missing gpg-fingerprint! skipping PGP verification!'
badness=1
else
export GNUPGHOME="$(mktemp -d)"
trap "rm -r '$GNUPGHOME'" EXIT
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$gpgFingerprint"
fi
hostArch="$(dpkg --print-architecture)"
arch="$(cat arch 2>/dev/null || true)"
: ${arch:=$hostArch}
for v in "${versions[@]}"; do
thisTarBase="ubuntu-$v-core-cloudimg-$arch"
thisTar="$thisTarBase-root.tar.gz"
baseUrl="https://partner-images.canonical.com/core/$v"
for sums in sha256 sha1 md5; do
sumsFile="$v/${sums^^}SUMS" # "SHA256SUMS"
sumCmd="${sums}sum" # "sha256sum"
if [ "$gpgFingerprint" ]; then
if [ ! -f "$sumsFile.gpg" ]; then
echo >&2 "warning: '$sumsFile.gpg' appears to be missing!"
badness=1
else
( set -x; gpg --batch --verify "$sumsFile.gpg" "$sumsFile" )
fi
fi
if [ -f "$sumsFile" ]; then
grep " *$thisTar\$" "$sumsFile" | ( set -x; cd "$v" && "$sumCmd" -c - )
else
echo >&2 "warning: missing '$sumsFile'!"
badness=1
fi
done
done
if [ "$badness" ]; then
false
fi