tho/verify-digest

## verify-digest
#!/usr/bin/env bash

set -euf -o pipefail

if (($# < 2 || $# > 4)); then
    echo "usage: ${0##*/} file digest [signature [PGP key|key ID]]"
    exit 1
fi

file=$1
digest=$2
signature=${3:-}
key=${4:-}

if [[ -n $key ]]; then
    printf "[+] Importing PGP key\n"
    if [[ -f $key ]]; then
        gpg --import "$key"
    else
        gpg --keyserver pool.sks-keyservers.net --recv-keys "$key"
    fi
fi

if [[ -n $signature ]]; then
    printf "[+] Verifying digest signature..."
    is_valid=$(gpg --quiet --status-fd 1 --verify \
                   "$signature" "$digest" 2>/dev/null | \
               grep -c "VALIDSIG" || true)
    if [[ $is_valid -eq 0 ]]; then
        printf "FAILED\n"
        exit 1
    else
        printf "OK\n"
    fi
fi

printf "[+] Verifying digest..."
set +e
grep "$file" "$digest" | shasum -c - >/dev/null 2>&1
exit_code=$?
set -e
if [[ $exit_code -ne 0 ]]; then
    printf "FAILED\n"
    exit 1
else
    printf "OK\n"
fi
	#!/usr/bin/env bash

	set -euf -o pipefail

	if (($# < 2 \|\| $# > 4)); then
	echo "usage: ${0##*/} file digest [signature [PGP key\|key ID]]"
	exit 1
	fi

	file=$1
	digest=$2
	signature=${3:-}
	key=${4:-}

	if [[ -n $key ]]; then
	printf "[+] Importing PGP key\n"
	if [[ -f $key ]]; then
	gpg --import "$key"
	else
	gpg --keyserver pool.sks-keyservers.net --recv-keys "$key"
	fi
	fi

	if [[ -n $signature ]]; then
	printf "[+] Verifying digest signature..."
	is_valid=$(gpg --quiet --status-fd 1 --verify \
	"$signature" "$digest" 2>/dev/null \| \
	grep -c "VALIDSIG" \|\| true)
	if [[ $is_valid -eq 0 ]]; then
	printf "FAILED\n"
	exit 1
	else
	printf "OK\n"
	fi
	fi

	printf "[+] Verifying digest..."
	set +e
	grep "$file" "$digest" \| shasum -c - >/dev/null 2>&1
	exit_code=$?
	set -e
	if [[ $exit_code -ne 0 ]]; then
	printf "FAILED\n"
	exit 1
	else
	printf "OK\n"
	fi