Skip to content

Instantly share code, notes, and snippets.

@Karunamon
Last active August 29, 2015 14:04
Show Gist options
  • Save Karunamon/b59a967ea939d5e760a8 to your computer and use it in GitHub Desktop.
Save Karunamon/b59a967ea939d5e760a8 to your computer and use it in GitHub Desktop.
Shell script integrity verification
#!/usr/bin/env bash
#Add this function to any shell script. You require a HTTP(preferrably HTTPS)
#server to serve up a .asc file named identically to your script. Your public key
#must also be installed on the server. Requires curl and gpg.
#To generate the signature file: gpg -a --detach-sig <script filename>
verify-integrity(){
base=$(basename $0)
temp=`mktemp /tmp/$(basename $0).XXXXX`
curl -sS http://someserver/$base.asc -o $temp >/dev/null 2>&1
if [ $? != 0 ]; then
echo "Could not retrieve signature. Cannot validate integrity. Exiting."
exit 1
fi
gpg --verify --enable-special-filenames - '-&5' <$temp 5<$0
if [ $? != 0 ]; then
echo "Invalid signature, you either do not have the author's key installed"
echo "or this script has been tampered with. Bailing out."
rm $temp
exit 1
fi
rm $temp
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment