tcooper/get_gnu_package.sh

## get_gnu_package.sh
#!/bin/bash

#
# Gets a GNU software package from GNU and verifies signature with GPG
#
#  Author: Trevor Cooper <tcooper@sdsc.edu>
# Twitter: @HPCDevOps
#  GitHub: https://github.com/tcooper
#

if [ "$#" == "0" ]; then
    echo "You must provide the name of the GNU package as an input."
    exit 1
fi

ROOTDIR=`pwd`
URL_BASE=http://ftp.gnu.org/gnu
PKG=$1
PKG_SIG=$1.sig
PKG_NAME=`echo $PKG | cut -d\- -f1`
PKG_DIR=$PKG_NAME/`basename ${PKG} .tar.gz`
KEYRING=gnu-keyring.gpg

# Download package...
if [ ! -f "${ROOTDIR}/${PKG}" ];
then
	echo -n "Downloading ${URL_BASE}/${PKG_DIR}/${PKG}... "
	curl -f -s -LO "${URL_BASE}/${PKG_DIR}/${PKG}"
	# Handle curl error(s)
	ret_code_pkg=$?
	if [ $ret_code_pkg != 0 ];
	then
		echo "FAILED ($ret_code_pkg)"
		echo -n "Attempting to download ${URL_BASE}/${PKG_NAME}/${PKG}... "
		curl -f -s -LO "${URL_BASE}/${PKG_NAME}/${PKG}"
		ret_code_pkg_2=$?
		if [ $ret_code_pkg_2 != 0 ];
		then
			echo "FAILED ($ret_code_pkg_2). Exiting"
			exit $ret_code_pkg_2
		else
			echo "SUCCESS"
		fi
	else
		echo "SUCCESS"
	fi
fi

# Download signature...
if [ ! -f "${ROOTDIR}/${PKG_SIG}" ];
then
	# Download package signature
	echo -n "Downloading ${URL_BASE}/${PKG_DIR}/${PKG_SIG}... "
	curl -f -s -LO "${URL_BASE}/${PKG_DIR}/${PKG_SIG}"
	ret_code_sig=$?
	if [ $ret_code_sig != 0 ]; then
		echo "FAILED ($ret_code_sig)"
		echo -n "Attempting download of ${URL_BASE}/${PKG_NAME}/${PKG_SIG}... "
		curl -f -s -LO "${URL_BASE}/${PKG_NAME}/${PKG_SIG}"
		ret_code_sig_2=$?
		if [ $ret_code_sig_2 != 0 ]; then
			echo "FAILED ($ret_code_sig_2). Exiting."
			exit $ret_code_sig_2
		else
			echo "SUCCESS"
		fi
	else
		echo "SUCCESS"
	fi
fi

# Download package keyring...
if [ ! -f "${ROOTDIR}/${KEYRING}" ];
then
	echo -n "Downloading ${URL_BASE}/${KEYRING}... "
	curl -f -s -LO "${URL_BASE}/${KEYRING}"
	ret_code_kr=$?
	if [ $ret_code_kr != 0 ]; then
		echo "FAILED ($ret_code_kr). Exiting..."
		exit $ret_code_kr
	else
		echo "SUCCESS"
	fi
fi

# Verify signature...
if [ -f "${ROOTDIR}/${PKG}" ] && [ -f "${ROOTDIR}/${PKG_SIG}" ] && [ -f "${ROOTDIR}/${KEYRING}" ]; then
	# Verify package signature
	echo -n "Verifying package signature... "
	gpg2 --no-default-keyring --keyring "${ROOTDIR}/${KEYRING}" --verify "${ROOTDIR}/${PKG_SIG}" 2>/dev/null
	ret_code_ver=$?
	if [ $ret_code_ver != 0 ]; then
		# Some signatures are not in the 'standard' keyring. Attempt to pull from keyserver...
		echo "FAILED ($ret_code_ver)"
		echo -n "Attempting to import key ID "
		KEYID=`gpg2 --no-default-keyring --keyring "${ROOTDIR}/${KEYRING}" --verify "${ROOTDIR}/${PKG_SIG}" 2>&1 | grep ID | awk '{print $14}'`
		echo "$KEYID from keyserver... "
		TMPKEYRING=${PKG_NAME}-keyring.gpg
		gpg2 --no-default-keyring --keyring "./${TMPKEYRING}" --keyserver "hkp://keys.gnupg.net" --search-keys "0x${KEYID}"
		ret_code_imp=$?
		# For some reason the return code for gpg2 when importing successfully is NOT 0
		#if [ $ret_code_imp != 0 ]; then
		#	echo "FAILED ($ret_code_imp). Exiting."
		#	exit $ret_code_imp;
		#else
			if [ -f "./${TMPKEYRING}" ]; then
				# Verify package signature with imported key
				echo -n "Verifying package signature... "
				gpg2 --no-default-keyring --keyring "./${TMPKEYRING}" --verify "${ROOTDIR}/${PKG_SIG}" 2>/dev/null
				ret_code_ver_2=$?
				if [ $ret_code_ver_2 != 0 ]; then
					echo "FAILED ($ret_code_ver_2). Exiting."
					exit $ret_code_ver_2
				else
					echo "SUCCESS"
				fi
			fi
		#fi
	else
		echo "SUCCESS"
	fi
fi

# Generate binary_hash for roll binary_hashes file
OBJ=$PKG
if [ -f "${OBJ}" ]; then
	echo "Generating binary_hash... "
	echo ""
	OBJ_SIZE=`ls -l ${PKG} | awk '{print $5}'`
	OBJ_HASH=`git hash-object -t blob ${OBJ}`
	OBJ_NAME=${OBJ}
	printf "%15d  %40s  %s\n" $OBJ_SIZE $OBJ_HASH $OBJ_NAME
	echo ""
fi

exit 0
	#!/bin/bash

	#
	# Gets a GNU software package from GNU and verifies signature with GPG
	#
	# Author: Trevor Cooper <tcooper@sdsc.edu>
	# Twitter: @HPCDevOps
	# GitHub: https://github.com/tcooper
	#

	if [ "$#" == "0" ]; then
	echo "You must provide the name of the GNU package as an input."
	exit 1
	fi

	ROOTDIR=`pwd`
	URL_BASE=http://ftp.gnu.org/gnu
	PKG=$1
	PKG_SIG=$1.sig
	PKG_NAME=`echo $PKG \| cut -d\- -f1`
	PKG_DIR=$PKG_NAME/`basename ${PKG} .tar.gz`
	KEYRING=gnu-keyring.gpg

	# Download package...
	if [ ! -f "${ROOTDIR}/${PKG}" ];
	then
	echo -n "Downloading ${URL_BASE}/${PKG_DIR}/${PKG}... "
	curl -f -s -LO "${URL_BASE}/${PKG_DIR}/${PKG}"
	# Handle curl error(s)
	ret_code_pkg=$?
	if [ $ret_code_pkg != 0 ];
	then
	echo "FAILED ($ret_code_pkg)"
	echo -n "Attempting to download ${URL_BASE}/${PKG_NAME}/${PKG}... "
	curl -f -s -LO "${URL_BASE}/${PKG_NAME}/${PKG}"
	ret_code_pkg_2=$?
	if [ $ret_code_pkg_2 != 0 ];
	then
	echo "FAILED ($ret_code_pkg_2). Exiting"
	exit $ret_code_pkg_2
	else
	echo "SUCCESS"
	fi
	else
	echo "SUCCESS"
	fi
	fi

	# Download signature...
	if [ ! -f "${ROOTDIR}/${PKG_SIG}" ];
	then
	# Download package signature
	echo -n "Downloading ${URL_BASE}/${PKG_DIR}/${PKG_SIG}... "
	curl -f -s -LO "${URL_BASE}/${PKG_DIR}/${PKG_SIG}"
	ret_code_sig=$?
	if [ $ret_code_sig != 0 ]; then
	echo "FAILED ($ret_code_sig)"
	echo -n "Attempting download of ${URL_BASE}/${PKG_NAME}/${PKG_SIG}... "
	curl -f -s -LO "${URL_BASE}/${PKG_NAME}/${PKG_SIG}"
	ret_code_sig_2=$?
	if [ $ret_code_sig_2 != 0 ]; then
	echo "FAILED ($ret_code_sig_2). Exiting."
	exit $ret_code_sig_2
	else
	echo "SUCCESS"
	fi
	else
	echo "SUCCESS"
	fi
	fi

	# Download package keyring...
	if [ ! -f "${ROOTDIR}/${KEYRING}" ];
	then
	echo -n "Downloading ${URL_BASE}/${KEYRING}... "
	curl -f -s -LO "${URL_BASE}/${KEYRING}"
	ret_code_kr=$?
	if [ $ret_code_kr != 0 ]; then
	echo "FAILED ($ret_code_kr). Exiting..."
	exit $ret_code_kr
	else
	echo "SUCCESS"
	fi
	fi

	# Verify signature...
	if [ -f "${ROOTDIR}/${PKG}" ] && [ -f "${ROOTDIR}/${PKG_SIG}" ] && [ -f "${ROOTDIR}/${KEYRING}" ]; then
	# Verify package signature
	echo -n "Verifying package signature... "
	gpg2 --no-default-keyring --keyring "${ROOTDIR}/${KEYRING}" --verify "${ROOTDIR}/${PKG_SIG}" 2>/dev/null
	ret_code_ver=$?
	if [ $ret_code_ver != 0 ]; then
	# Some signatures are not in the 'standard' keyring. Attempt to pull from keyserver...
	echo "FAILED ($ret_code_ver)"
	echo -n "Attempting to import key ID "
	KEYID=`gpg2 --no-default-keyring --keyring "${ROOTDIR}/${KEYRING}" --verify "${ROOTDIR}/${PKG_SIG}" 2>&1 \| grep ID \| awk '{print $14}'`
	echo "$KEYID from keyserver... "
	TMPKEYRING=${PKG_NAME}-keyring.gpg
	gpg2 --no-default-keyring --keyring "./${TMPKEYRING}" --keyserver "hkp://keys.gnupg.net" --search-keys "0x${KEYID}"
	ret_code_imp=$?
	# For some reason the return code for gpg2 when importing successfully is NOT 0
	#if [ $ret_code_imp != 0 ]; then
	# echo "FAILED ($ret_code_imp). Exiting."
	# exit $ret_code_imp;
	#else
	if [ -f "./${TMPKEYRING}" ]; then
	# Verify package signature with imported key
	echo -n "Verifying package signature... "
	gpg2 --no-default-keyring --keyring "./${TMPKEYRING}" --verify "${ROOTDIR}/${PKG_SIG}" 2>/dev/null
	ret_code_ver_2=$?
	if [ $ret_code_ver_2 != 0 ]; then
	echo "FAILED ($ret_code_ver_2). Exiting."
	exit $ret_code_ver_2
	else
	echo "SUCCESS"
	fi
	fi
	#fi
	else
	echo "SUCCESS"
	fi
	fi

	# Generate binary_hash for roll binary_hashes file
	OBJ=$PKG
	if [ -f "${OBJ}" ]; then
	echo "Generating binary_hash... "
	echo ""
	OBJ_SIZE=`ls -l ${PKG} \| awk '{print $5}'`
	OBJ_HASH=`git hash-object -t blob ${OBJ}`
	OBJ_NAME=${OBJ}
	printf "%15d %40s %s\n" $OBJ_SIZE $OBJ_HASH $OBJ_NAME
	echo ""
	fi

	exit 0