Last active
June 5, 2024 22:43
-
-
Save sethforprivacy/ad5848767d9319520a6905b7111dc021 to your computer and use it in GitHub Desktop.
Bash script that downloads and verifies the latest Linux x64/x86 binaries.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Download binaryfate's GPG key | |
| wget -q -O binaryfate.asc https://raw.githubusercontent.com/monero-project/monero/master/utils/gpg_keys/binaryfate.asc | |
| # Verify binaryfate's GPG key | |
| echo "1. Verify binaryfate's GPG key: " | |
| gpg --keyid-format long --with-fingerprint binaryfate.asc | |
| # Prompt user to confirm the key matches that posted on https://src.getmonero.org/resources/user-guides/verification-allos-advanced.html | |
| echo | |
| read -p "Does the above output match https://src.getmonero.org/resources/user-guides/verification-allos-advanced.html?" -n 1 -r | |
| echo | |
| if [[ $REPLY =~ ^[Yy]$ ]] | |
| then | |
| # Import binaryfate's GPG key | |
| echo | |
| echo "----------------------------" | |
| echo "2. Import binaryfate's GPG key" | |
| gpg --import binaryfate.asc | |
| fi | |
| # Delete stale .bz2 Monero downloads | |
| rm monero-linux-x64-*.tar.bz2 | |
| # Download hashes.txt | |
| wget -q -O hashes.txt https://getmonero.org/downloads/hashes.txt | |
| # Verify hashes.txt | |
| echo | |
| echo "--------------------" | |
| echo "3. Verify hashes.txt" | |
| gpg --verify hashes.txt | |
| # Download latest 64-bit binaries | |
| echo | |
| echo "-------------------------------------" | |
| echo "4. Download latest Linux binaries" | |
| echo "Downloading..." | |
| wget -q --content-disposition https://downloads.getmonero.org/cli/linux64 | |
| # Verify shasum of downloaded binaries | |
| echo | |
| echo "---------------------------------------" | |
| echo "5. Verify hashes of downloaded binaries" | |
| if shasum -a 256 -c hashes.txt -s --ignore-missing | |
| then | |
| echo | |
| echo "Success: The downloaded binaries verified properly!" | |
| else | |
| echo | |
| echo -e "\e[31mDANGER: The download binaries have been tampered with or corrupted\e[0m" | |
| rm -rf monero-linux-x64-*.tar.bz2 | |
| exit 1 | |
| fi |
Thanks, that makes sense to me after taking a deeper look at how shasum works 👍
Made the change!
shasum was missing from debian 11 in my case. Installing libdigest-sha-perl solves this.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The
--ignore-missingis there because you're only downloading one tar. If you had them all, then you wouldn't need it. The-scauses it to be silent but still output a non-zero exit code on failure. This allows your conditional to still function correctly without polluting the terminal output. What you're suggesting looks like it would work as well but it would probably still output a number and may cause your conditional to always pass since I believe thatwcwill give you a positive exit code no matter what you do. So that conditional will actually not be good at all now that I'm thinking about it because I think it will always pass