Skip to content

Instantly share code, notes, and snippets.

@tho
Last active January 9, 2018 02:43
Show Gist options
  • Save tho/5c0950510022c1e745b6dcf878d086fd to your computer and use it in GitHub Desktop.
Save tho/5c0950510022c1e745b6dcf878d086fd to your computer and use it in GitHub Desktop.
Verify digests/SHASUMS of files and optionally validate digests' PGP signature if specified
#!/usr/bin/env bash
set -euf -o pipefail
if (($# < 2 || $# > 4)); then
echo "usage: ${0##*/} file digest [signature [PGP key|key ID]]"
exit 1
fi
file=$1
digest=$2
signature=${3:-}
key=${4:-}
if [[ -n $key ]]; then
printf "[+] Importing PGP key\n"
if [[ -f $key ]]; then
gpg --import "$key"
else
gpg --keyserver pool.sks-keyservers.net --recv-keys "$key"
fi
fi
if [[ -n $signature ]]; then
printf "[+] Verifying digest signature..."
is_valid=$(gpg --quiet --status-fd 1 --verify \
"$signature" "$digest" 2>/dev/null | \
grep -c "VALIDSIG" || true)
if [[ $is_valid -eq 0 ]]; then
printf "FAILED\n"
exit 1
else
printf "OK\n"
fi
fi
printf "[+] Verifying digest..."
set +e
grep "$file" "$digest" | shasum -c - >/dev/null 2>&1
exit_code=$?
set -e
if [[ $exit_code -ne 0 ]]; then
printf "FAILED\n"
exit 1
else
printf "OK\n"
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment