angeloh · June 1, 2012 21:31
diff --git a/signcheck.sh b/signcheck.sh
 #!/bin/sh
 # This routine was written by "Amerefelie"
 #	https://www.linuxquestions.org/quest...nature-137111/
 #Last updated 090507 by Andy Lavarre [email protected] to insert comment analysis documentation
 #Last edited 081231 by Amerefelieat 07:58 AM.. Reason: updated script for hash test fail. 
 #Usage:
 #	tar_verify $1
 #	where $1 is the name of the xxx.tar.gz file
 # Name the key ring
 VENDOR_KEYRING=vendors.gpg
 # Report the input
 echo "tar file is "$1
 # If the signature file xxx.tar.gz.sig exists
 if [ -e "$1.sig" ]
 #	Then strip off the name of the file
 then KEYID="0x`gpg --verify $1.sig $1 2>&1 | grep 'key ID' | awk '{print $NF}'`"
 echo "The key ID is "$KEYID
 #	Pull the public key from the default key server to the Vendor keyring
 gpg --no-default-keyring --keyring $VENDOR_KEYRING --keyserver pgp.mit.edu --recv-key $KEYID
 #	Verify the file
 gpg --keyring $VENDOR_KEYRING --verify $1.sig $1
 # Otherwise, if the signature file is an ASCII
 elif [ -e "$1.asc" ]
 #	Then strip off the name of the file
 then KEYID="0x`gpg --verify $1.asc $1 2>&1 | grep 'key ID' | awk '{print $NF}'`"
 echo "The key ID is "$KEYID
 #	Pull the public key from the default key server to the Vendor keyring
 gpg --no-default-keyring --keyring $VENDOR_KEYRING --keyserver pgp.mit.edu --recv-key $KEYID
 #	Verify the file
 gpg --keyring $VENDOR_KEYRING --verify $1.asc $1
 # Otherwise complain that it does not exist
 else echo "No GPG signature File"
 # Finish
 fi
 # Now if not PGP/GPG, but an MD5 instead and the hash file exists
 if [ -e "$1.md5" ]
 #	Then calculate the MD5 hash and compare to the hash file; if the same
 then if md5sum $1 | diff -i - $1.md5 2> /dev/null
 #	 Then success
 then echo "Md5 hash match!"
 #	Otherwise complain
 else echo "Md5 hash does not match!"
 # Finish
 fi
 # Otherwise complain that it does not exist
 else echo "Md5 hash file not found."
 # Finish
 fi
 # Now if not PGP/GPG, but an sha1 instead and the hash file exists
 if [ -e "$1.sha1" ]
 #	Then calculate the sha1 hash and compare to the hash file; if the same
 then if sha1sum $1 | diff -i - $1.sha1 2> /dev/null
 #	 Then success
 then echo "Sha1 hash match!"
 #	Otherwise complain
 else echo "Sha1 hash does not match!"
 # Finish
 fi
 # Otherwise complain that it does not exist
 else echo "Sha1 hash file not found."
 # Finish
 fi
 # Now if not PGP/GPG, but an sha256 instead and the hash file exists
 if [ -e "$1.sha256" ]
 #	Then calculate the sha1 hash and compare to the hash file; if the same
 #	 Then success
 then if sha256sum $1 | diff -i - $1.sha256 2> /dev/null
 #	 Then success
 then echo "Sha256 hash match!"
 #	Otherwise complain
 else echo "Sha256 hash does not match!"
 # Finish
 fi
 # Otherwise complain that it does not exist
 else echo "Sha256 hash file not found."
 # Finish
 fi
 # Quit
 exit 0
	#!/bin/sh
	# This routine was written by "Amerefelie"
	# https://www.linuxquestions.org/quest...nature-137111/
	#Last updated 090507 by Andy Lavarre [email protected] to insert comment analysis documentation
	#Last edited 081231 by Amerefelieat 07:58 AM.. Reason: updated script for hash test fail.
	#Usage:
	# tar_verify $1
	# where $1 is the name of the xxx.tar.gz file
	# Name the key ring
	VENDOR_KEYRING=vendors.gpg
	# Report the input
	echo "tar file is "$1
	# If the signature file xxx.tar.gz.sig exists
	if [ -e "$1.sig" ]
	# Then strip off the name of the file
	then KEYID="0x`gpg --verify $1.sig $1 2>&1 \| grep 'key ID' \| awk '{print $NF}'`"
	echo "The key ID is "$KEYID
	# Pull the public key from the default key server to the Vendor keyring
	gpg --no-default-keyring --keyring $VENDOR_KEYRING --keyserver pgp.mit.edu --recv-key $KEYID
	# Verify the file
	gpg --keyring $VENDOR_KEYRING --verify $1.sig $1
	# Otherwise, if the signature file is an ASCII
	elif [ -e "$1.asc" ]
	# Then strip off the name of the file
	then KEYID="0x`gpg --verify $1.asc $1 2>&1 \| grep 'key ID' \| awk '{print $NF}'`"
	echo "The key ID is "$KEYID
	# Pull the public key from the default key server to the Vendor keyring
	gpg --no-default-keyring --keyring $VENDOR_KEYRING --keyserver pgp.mit.edu --recv-key $KEYID
	# Verify the file
	gpg --keyring $VENDOR_KEYRING --verify $1.asc $1
	# Otherwise complain that it does not exist
	else echo "No GPG signature File"
	# Finish
	fi
	# Now if not PGP/GPG, but an MD5 instead and the hash file exists
	if [ -e "$1.md5" ]
	# Then calculate the MD5 hash and compare to the hash file; if the same
	then if md5sum $1 \| diff -i - $1.md5 2> /dev/null
	# Then success
	then echo "Md5 hash match!"
	# Otherwise complain
	else echo "Md5 hash does not match!"
	# Finish
	fi
	# Otherwise complain that it does not exist
	else echo "Md5 hash file not found."
	# Finish
	fi
	# Now if not PGP/GPG, but an sha1 instead and the hash file exists
	if [ -e "$1.sha1" ]
	# Then calculate the sha1 hash and compare to the hash file; if the same
	then if sha1sum $1 \| diff -i - $1.sha1 2> /dev/null
	# Then success
	then echo "Sha1 hash match!"
	# Otherwise complain
	else echo "Sha1 hash does not match!"
	# Finish
	fi
	# Otherwise complain that it does not exist
	else echo "Sha1 hash file not found."
	# Finish
	fi
	# Now if not PGP/GPG, but an sha256 instead and the hash file exists
	if [ -e "$1.sha256" ]
	# Then calculate the sha1 hash and compare to the hash file; if the same
	# Then success
	then if sha256sum $1 \| diff -i - $1.sha256 2> /dev/null
	# Then success
	then echo "Sha256 hash match!"
	# Otherwise complain
	else echo "Sha256 hash does not match!"
	# Finish
	fi
	# Otherwise complain that it does not exist
	else echo "Sha256 hash file not found."
	# Finish
	fi
	# Quit
	exit 0