Karunamon · August 29, 2015 14:04
diff --git a/verify.sh b/verify.sh
 #!/usr/bin/env bash
 #Add this function to any shell script. You require a HTTP(preferrably HTTPS)
 #server to serve up a .asc file named identically to your script. Your public key
 #must also be installed on the server. Requires curl and gpg.
 #To generate the signature file: gpg -a --detach-sig <script filename>

 verify-integrity(){
  base=$(basename $0)
  temp=`mktemp /tmp/$(basename $0).XXXXX`
  curl -sS http://someserver/$base.asc -o $temp >/dev/null 2>&1
    if [ $? != 0 ]; then
    echo "Could not retrieve signature. Cannot validate integrity. Exiting."
    exit 1
  fi
  gpg --verify --enable-special-filenames - '-&5' <$temp 5<$0
  if [ $? != 0 ]; then
    echo "Invalid signature, you either do not have the author's key installed"
    echo "or this script has been tampered with. Bailing out."
    rm $temp
    exit 1
  fi
  rm $temp
 }
	#!/usr/bin/env bash
	#Add this function to any shell script. You require a HTTP(preferrably HTTPS)
	#server to serve up a .asc file named identically to your script. Your public key
	#must also be installed on the server. Requires curl and gpg.
	#To generate the signature file: gpg -a --detach-sig <script filename>

	verify-integrity(){
	base=$(basename $0)
	temp=`mktemp /tmp/$(basename $0).XXXXX`
	curl -sS http://someserver/$base.asc -o $temp >/dev/null 2>&1
	if [ $? != 0 ]; then
	echo "Could not retrieve signature. Cannot validate integrity. Exiting."
	exit 1
	fi
	gpg --verify --enable-special-filenames - '-&5' <$temp 5<$0
	if [ $? != 0 ]; then
	echo "Invalid signature, you either do not have the author's key installed"
	echo "or this script has been tampered with. Bailing out."
	rm $temp
	exit 1
	fi
	rm $temp
	}