aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatt Corallo <git@bluematt.me>2017-06-22 13:44:31 -0400
committerMatt Corallo <git@bluematt.me>2017-06-22 13:54:27 -0400
commit6270d624cf6bc235b3e47bbbf5d49039fe1e172a (patch)
tree76a6671c69cb2a610ef282a2fda7af9343507adf
parentb750b33c3ceaf370bd90868f727d49d65d216b36 (diff)
Verify binaries from bitcoincore.org and bitcoin.org
-rwxr-xr-xcontrib/verifybinaries/verify.sh31
1 files changed, 25 insertions, 6 deletions
diff --git a/contrib/verifybinaries/verify.sh b/contrib/verifybinaries/verify.sh
index c2cc2b7013..409f517c9f 100755
--- a/contrib/verifybinaries/verify.sh
+++ b/contrib/verifybinaries/verify.sh
@@ -3,7 +3,8 @@
# Distributed under the MIT software license, see the accompanying
# file COPYING or http://www.opensource.org/licenses/mit-license.php.
-### This script attempts to download the signature file SHA256SUMS.asc from bitcoin.org
+### This script attempts to download the signature file SHA256SUMS.asc from
+### bitcoincore.org and bitcoin.org and compares them.
### It first checks if the signature passes, and then downloads the files specified in
### the file, and checks if the hashes of these files match those that are specified
### in the signature file.
@@ -22,7 +23,9 @@ TMPFILE="hashes.tmp"
SIGNATUREFILENAME="SHA256SUMS.asc"
RCSUBDIR="test"
-BASEDIR="https://bitcoin.org/bin/"
+HOST1="https://bitcoincore.org"
+HOST2="https://bitcoin.org"
+BASEDIR="/bin/"
VERSIONPREFIX="bitcoin-core-"
RCVERSIONSTRING="rc"
@@ -81,7 +84,7 @@ else
fi
#first we fetch the file containing the signature
-WGETOUT=$(wget -N "$BASEDIR$SIGNATUREFILENAME" 2>&1)
+WGETOUT=$(wget -N "$HOST1$BASEDIR$SIGNATUREFILENAME" 2>&1)
#and then see if wget completed successfully
if [ $? -ne 0 ]; then
@@ -92,6 +95,22 @@ if [ $? -ne 0 ]; then
exit 2
fi
+WGETOUT=$(wget -N -O "$SIGNATUREFILENAME.2" "$HOST2$BASEDIR$SIGNATUREFILENAME" 2>&1)
+if [ $? -ne 0 ]; then
+ echo "bitcoin.org failed to provide signature file, but bitcoincore.org did?"
+ echo "wget output:"
+ echo "$WGETOUT"|sed 's/^/\t/g'
+ clean_up $SIGNATUREFILENAME
+ exit 3
+fi
+
+SIGFILEDIFFS="$(diff $SIGNATUREFILENAME $SIGNATUREFILENAME.2)"
+if [ "$SIGFILEDIFFS" != "" ]; then
+ echo "bitcoin.org and bitcoincore.org signature files were not equal?"
+ clean_up $SIGNATUREFILENAME $SIGNATUREFILENAME.2
+ exit 4
+fi
+
#then we check it
GPGOUT=$(gpg --yes --decrypt --output "$TMPFILE" "$SIGNATUREFILENAME" 2>&1)
@@ -111,7 +130,7 @@ if [ $RET -ne 0 ]; then
echo "gpg output:"
echo "$GPGOUT"|sed 's/^/\t/g'
- clean_up $SIGNATUREFILENAME $TMPFILE
+ clean_up $SIGNATUREFILENAME $SIGNATUREFILENAME.2 $TMPFILE
exit "$RET"
fi
@@ -131,7 +150,7 @@ FILES=$(awk '{print $2}' "$TMPFILE")
for file in $FILES
do
echo "Downloading $file"
- wget --quiet -N "$BASEDIR$file"
+ wget --quiet -N "$HOST1$BASEDIR$file"
done
#check hashes
@@ -149,7 +168,7 @@ fi
if [ -n "$2" ]; then
echo "Clean up the binaries"
- clean_up $FILES $SIGNATUREFILENAME $TMPFILE
+ clean_up $FILES $SIGNATUREFILENAME $SIGNATUREFILENAME.2 $TMPFILE
else
echo "Keep the binaries in $WORKINGDIR"
clean_up $TMPFILE