josephbisch/gitian_verify.sh

## gitian_verify.sh
#!/bin/bash
################################
# Gitian Downloader and Verifier
################################
declare -a github_keys=("aschildbach-key.pgp" "bluematt-key.pgp" "cfields-key.pgp" \
    "devrandom-key.pgp" "gavinandresen-key.pgp" "laanwj-key.pgp" \
    "luke-jr-key.pgp" "michagogo-key.pgp" "sipa-key.pgp" "tcatm-key.pgp" \
    "wtogami-key.pgp")
#declare -a bitcoin_org_keys=("andreas_schildbach.asc" "gavinandresen.asc" \
#    "gmaxwell.asc" "jgarzik-bitpay.asc" "jgarzik-exmulti.asc" "laanwj.asc" \
#    "luke-jr.asc" "pieterwuille.asc" "satoshinakamoto.asc" "schneider.asc"
declare -a gitian_verifiers=("aschildbach" "cfields" "gavinandresen" \
    "laanwj" "michagogo")

while getopts h: f; do
    case $f in
        h)
            printf '%s [-h]\n\n' "$(basename $0)"
            printf 'OPTIONS\n'
            printf -- '-h\t\tThis text.\n'
            exit 0
            ;;
    esac
done

# create temp_dir to do all operations in
temp_dir=`mktemp -d` && cd $temp_dir
printf "temp_dir is $temp_dir\n"

# get current version
page='https://bitcoin.org/en/download'
version=`curl -s $page | sed -rn 's/.*Latest version: [^0-9]*([0-9.]+).*/\1/p'`
printf "Version of Bitcoin being downloaded is $version\n"

# get binary
binary_url="https://bitcoin.org/bin/$version/bitcoin-$version-linux.tar.gz"
printf "Download URL of binary is $binary_url\n"
wget $binary_url

# get sha256sums
sha_sums="https://bitcoin.org/bin/$version/SHA256SUMS.asc"
printf "Download URL of sha256sums is $sha_sums\n"
wget $sha_sums

mkdir github_keys && cd github_keys

# get signing keys for Bitcoin devs from GitHub
base_key_url="https://github.com/bitcoin/bitcoin/raw/master/contrib/gitian-downloader/"
for key in "${github_keys[@]}"
do
    key_url=$base_key_url$key
    printf "Downloading $key signing key from $key_url\n"
    wget $key_url
done

cd ..

#mkdir bitcoin_org_keys && cd bitcoin_org_keys

# get keys for Bitcoin devs from bitcoin.org

#base_key_url="https://bitcoin.org/"
#for key in "${bitcoin_org_keys[@]}"
#do
#    key_url=$base_key_url$key
#    printf "Downloading $key key from $key_url\n"
#    wget $key_url
#done

#cd ..

mkdir gpg-home
chmod 700 gpg-home

# import github_keys
for key in "${github_keys[@]}"
do
    output=`gpg --homedir gpg-home --import github_keys/$key`
    ret="$?"
    if [ $ret -ne 0 ]; then
        printf "Error with importing key $key\n"
        printf "GPG output:\n"
        printf "$output" | sed 's/^/\t/g'
        exit $ret
    fi
done

# verify signature on sha256sums
output=`gpg --yes --homedir gpg-home --decrypt SHA256SUMS.asc`
ret="$?"
if [ $ret -ne 0 ]; then
    if [ $ret -eq 1 ]; then
        printf "Bad signature\n"
    elif [ $ret -eq 2 ]; then
        printf "Unspecified GPG error\n"
    fi
    printf "GPG output:\n"
    printf "$output" | sed 's/^/\t/g'
    exit $ret
fi

# get sha256sum of binary
filename="bitcoin-$version-linux.tar.gz"
sha_regex="((?:\w+\W*){1})\b *bitcoin-0\.9\.3-linux\.tar\.gz"
rematch=`echo $output | grep -oP "$sha_regex" | grep -oP "[A-Fa-f0-9]{64}"`
printf "sha256sum of $filename is $rematch\n"
sha256sum=`sha256sum $filename | grep -oP "[A-Fa-f0-9]{64}"`
printf "Calculated sha256sum of $filename is $sha256sum\n"
if [ "$sha256sum" == "$rematch" ]; then
    printf "sha256sum of $filename matches that from decrypted SHA256SUMS.asc\n"
else
    printf "sha256sum of $filename does not match that from decrypted SHA256SUMS.asc\n"
    exit 1
fi

mkdir gitian && cd gitian

# get gitian asserts and signatures for current version
base_assert_url="https://github.com/bitcoin/gitian.sigs/raw/master/"
for verifier in "${gitian_verifiers[@]}"
do
    mkdir $verifier
    cd $verifier
    assert_url=$base_assert_url$version"/"$verifier"/bitcoin-build.assert"
    sig_url=$assert_url".sig"
    wget $assert_url
    wget $sig_url
    cd ..
done

# check gitian signatures
for verifier in "${gitian_verifiers[@]}"
do
    cd $verifier
    output=`gpg --yes --homedir ../../gpg-home --verify bitcoin-build.assert.sig`
    ret="$?"
    if [ $ret -ne 0 ]; then
        printf "Unspecified GPG error\n"
        printf "GPG output:\n"
        printf "$output" | sed 's/^/\t/g'
        exit $ret
    fi
    cd ..
done

cd ..

# everything ran successfully
printf "Verification successful, you can use binary $filename in ~/$filename\n"
cp $filename ~
exit 0
	#!/bin/bash
	################################
	# Gitian Downloader and Verifier
	################################
	declare -a github_keys=("aschildbach-key.pgp" "bluematt-key.pgp" "cfields-key.pgp" \
	"devrandom-key.pgp" "gavinandresen-key.pgp" "laanwj-key.pgp" \
	"luke-jr-key.pgp" "michagogo-key.pgp" "sipa-key.pgp" "tcatm-key.pgp" \
	"wtogami-key.pgp")
	#declare -a bitcoin_org_keys=("andreas_schildbach.asc" "gavinandresen.asc" \
	# "gmaxwell.asc" "jgarzik-bitpay.asc" "jgarzik-exmulti.asc" "laanwj.asc" \
	# "luke-jr.asc" "pieterwuille.asc" "satoshinakamoto.asc" "schneider.asc"
	declare -a gitian_verifiers=("aschildbach" "cfields" "gavinandresen" \
	"laanwj" "michagogo")

	while getopts h: f; do
	case $f in
	h)
	printf '%s [-h]\n\n' "$(basename $0)"
	printf 'OPTIONS\n'
	printf -- '-h\t\tThis text.\n'
	exit 0
	;;
	esac
	done

	# create temp_dir to do all operations in
	temp_dir=`mktemp -d` && cd $temp_dir
	printf "temp_dir is $temp_dir\n"

	# get current version
	page='https://bitcoin.org/en/download'
	version=`curl -s $page \| sed -rn 's/.Latest version: [^0-9]([0-9.]+).*/\1/p'`
	printf "Version of Bitcoin being downloaded is $version\n"

	# get binary
	binary_url="https://bitcoin.org/bin/$version/bitcoin-$version-linux.tar.gz"
	printf "Download URL of binary is $binary_url\n"
	wget $binary_url

	# get sha256sums
	sha_sums="https://bitcoin.org/bin/$version/SHA256SUMS.asc"
	printf "Download URL of sha256sums is $sha_sums\n"
	wget $sha_sums

	mkdir github_keys && cd github_keys

	# get signing keys for Bitcoin devs from GitHub
	base_key_url="https://github.com/bitcoin/bitcoin/raw/master/contrib/gitian-downloader/"
	for key in "${github_keys[@]}"
	do
	key_url=$base_key_url$key
	printf "Downloading $key signing key from $key_url\n"
	wget $key_url
	done

	cd ..

	#mkdir bitcoin_org_keys && cd bitcoin_org_keys

	# get keys for Bitcoin devs from bitcoin.org

	#base_key_url="https://bitcoin.org/"
	#for key in "${bitcoin_org_keys[@]}"
	#do
	# key_url=$base_key_url$key
	# printf "Downloading $key key from $key_url\n"
	# wget $key_url
	#done

	#cd ..

	mkdir gpg-home
	chmod 700 gpg-home

	# import github_keys
	for key in "${github_keys[@]}"
	do
	output=`gpg --homedir gpg-home --import github_keys/$key`
	ret="$?"
	if [ $ret -ne 0 ]; then
	printf "Error with importing key $key\n"
	printf "GPG output:\n"
	printf "$output" \| sed 's/^/\t/g'
	exit $ret
	fi
	done

	# verify signature on sha256sums
	output=`gpg --yes --homedir gpg-home --decrypt SHA256SUMS.asc`
	ret="$?"
	if [ $ret -ne 0 ]; then
	if [ $ret -eq 1 ]; then
	printf "Bad signature\n"
	elif [ $ret -eq 2 ]; then
	printf "Unspecified GPG error\n"
	fi
	printf "GPG output:\n"
	printf "$output" \| sed 's/^/\t/g'
	exit $ret
	fi

	# get sha256sum of binary
	filename="bitcoin-$version-linux.tar.gz"
	sha_regex="((?:\w+\W){1})\b bitcoin-0\.9\.3-linux\.tar\.gz"
	rematch=`echo $output \| grep -oP "$sha_regex" \| grep -oP "[A-Fa-f0-9]{64}"`
	printf "sha256sum of $filename is $rematch\n"
	sha256sum=`sha256sum $filename \| grep -oP "[A-Fa-f0-9]{64}"`
	printf "Calculated sha256sum of $filename is $sha256sum\n"
	if [ "$sha256sum" == "$rematch" ]; then
	printf "sha256sum of $filename matches that from decrypted SHA256SUMS.asc\n"
	else
	printf "sha256sum of $filename does not match that from decrypted SHA256SUMS.asc\n"
	exit 1
	fi

	mkdir gitian && cd gitian

	# get gitian asserts and signatures for current version
	base_assert_url="https://github.com/bitcoin/gitian.sigs/raw/master/"
	for verifier in "${gitian_verifiers[@]}"
	do
	mkdir $verifier
	cd $verifier
	assert_url=$base_assert_url$version"/"$verifier"/bitcoin-build.assert"
	sig_url=$assert_url".sig"
	wget $assert_url
	wget $sig_url
	cd ..
	done

	# check gitian signatures
	for verifier in "${gitian_verifiers[@]}"
	do
	cd $verifier
	output=`gpg --yes --homedir ../../gpg-home --verify bitcoin-build.assert.sig`
	ret="$?"
	if [ $ret -ne 0 ]; then
	printf "Unspecified GPG error\n"
	printf "GPG output:\n"
	printf "$output" \| sed 's/^/\t/g'
	exit $ret
	fi
	cd ..
	done

	cd ..

	# everything ran successfully
	printf "Verification successful, you can use binary $filename in ~/$filename\n"
	cp $filename ~
	exit 0