aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorWladimir J. van der Laan <laanwj@gmail.com>2016-09-01 15:55:25 +0200
committerWladimir J. van der Laan <laanwj@gmail.com>2016-09-01 15:57:01 +0200
commit44691f3c51c9bbb6d49ef14c723f84cb06bb1201 (patch)
tree87b6dc749820b3aacc26e1e7418a8f77275dbab2
parent0e563d89c07573d56885f69e44adf9c28247b917 (diff)
parentfaaed8874f83373e54a1878c5c7381ce47557bb8 (diff)
Merge #8557: [contrib] Rework verifybinaries
faaed88 [contrib] verifybinaries: Mention mandatory preparation step (MarcoFalke) fa917f6 [contrib] verifybinaries: Keep downloads by default (MarcoFalke) fab1f92 [contrib] verifybinaries: Adjust parsing to new rc path (MarcoFalke)
-rw-r--r--contrib/verifybinaries/README.md22
-rwxr-xr-xcontrib/verifybinaries/verify.sh19
2 files changed, 33 insertions, 8 deletions
diff --git a/contrib/verifybinaries/README.md b/contrib/verifybinaries/README.md
index 8970f3daa4..ed3e14fb6c 100644
--- a/contrib/verifybinaries/README.md
+++ b/contrib/verifybinaries/README.md
@@ -1,13 +1,33 @@
### Verify Binaries
+
+#### Preparation:
+
+Make sure you obtain the proper release signing key and verify the fingerprint with several independent sources.
+
+```sh
+$ gpg --fingerprint "Bitcoin Core binary release signing key"
+pub 4096R/36C2E964 2015-06-24 [expires: 2017-02-13]
+ Key fingerprint = 01EA 5486 DE18 A882 D4C2 6845 90C8 019E 36C2 E964
+uid Wladimir J. van der Laan (Bitcoin Core binary release signing key) <laanwj@gmail.com>
+```
+
+#### Usage:
+
This script attempts to download the signature file `SHA256SUMS.asc` from https://bitcoin.org.
It first checks if the signature passes, and then downloads the files specified in the file, and checks if the hashes of these files match those that are specified in the signature file.
The script returns 0 if everything passes the checks. It returns 1 if either the signature check or the hash check doesn't pass. If an error occurs the return value is 2.
-Usage:
```sh
./verify.sh bitcoin-core-0.11.2
./verify.sh bitcoin-core-0.12.0
+./verify.sh bitcoin-core-0.13.0-rc3
+```
+
+If you do not want to keep the downloaded binaries, specify anything as the second parameter.
+
+```sh
+./verify.sh bitcoin-core-0.13.0 delete
```
diff --git a/contrib/verifybinaries/verify.sh b/contrib/verifybinaries/verify.sh
index 657c3bd33c..e22b911743 100755
--- a/contrib/verifybinaries/verify.sh
+++ b/contrib/verifybinaries/verify.sh
@@ -14,11 +14,11 @@ function clean_up {
done
}
-WORKINGDIR="/tmp/bitcoin"
+WORKINGDIR="/tmp/bitcoin_verify_binaries"
TMPFILE="hashes.tmp"
SIGNATUREFILENAME="SHA256SUMS.asc"
-RCSUBDIR="test/"
+RCSUBDIR="test"
BASEDIR="https://bitcoin.org/bin/"
VERSIONPREFIX="bitcoin-core-"
RCVERSIONSTRING="rc"
@@ -43,7 +43,7 @@ if [ -n "$1" ]; then
# and simultaneously add RCSUBDIR to BASEDIR, where we will look for SIGNATUREFILENAME
if [[ $VERSION == *"$RCVERSIONSTRING"* ]]; then
BASEDIR="$BASEDIR${VERSION/%-$RCVERSIONSTRING*}/"
- BASEDIR="$BASEDIR$RCSUBDIR"
+ BASEDIR="$BASEDIR$RCSUBDIR.$RCVERSIONSTRING${VERSION: -1}/"
else
BASEDIR="$BASEDIR$VERSION/"
fi
@@ -93,7 +93,7 @@ fi
FILES=$(awk '{print $2}' "$TMPFILE")
#and download these one by one
-for file in in $FILES
+for file in $FILES
do
wget --quiet -N "$BASEDIR$file"
done
@@ -108,11 +108,16 @@ if [ $? -eq 1 ]; then
exit 1
elif [ $? -gt 1 ]; then
echo "Error executing 'diff'"
- exit 2
+ exit 2
fi
-#everything matches! clean up the mess
-clean_up $FILES $SIGNATUREFILENAME $TMPFILE
+if [ -n "$2" ]; then
+ echo "Clean up the binaries"
+ clean_up $FILES $SIGNATUREFILENAME $TMPFILE
+else
+ echo "Keep the binaries in $WORKINGDIR"
+ clean_up $TMPFILE
+fi
echo -e "Verified hashes of \n$FILES"