tho · January 9, 2018 02:43
diff --git a/verify-digest b/verify-digest
 #!/usr/bin/env bash

 set -euf -o pipefail

 if (($# < 2 || $# > 4)); then
    echo "usage: ${0##*/} file digest [signature [PGP key|key ID]]"
    exit 1
 fi

 file=$1
 digest=$2
 signature=${3:-}
 key=${4:-}

 if [[ -n $key ]]; then
    printf "[+] Importing PGP key\n"
    if [[ -f $key ]]; then
        gpg --import "$key"
    else
        gpg --keyserver pool.sks-keyservers.net --recv-keys "$key"
    fi
 fi

 if [[ -n $signature ]]; then
    printf "[+] Verifying digest signature..."
    is_valid=$(gpg --quiet --status-fd 1 --verify \
                   "$signature" "$digest" 2>/dev/null | \
               grep -c "VALIDSIG" || true)
    if [[ $is_valid -eq 0 ]]; then
        printf "FAILED\n"
        exit 1
    else
        printf "OK\n"
    fi
 fi

 printf "[+] Verifying digest..."
 set +e
 grep "$file" "$digest" | shasum -c - >/dev/null 2>&1
 exit_code=$?
 set -e
 if [[ $exit_code -ne 0 ]]; then
    printf "FAILED\n"
    exit 1
 else
    printf "OK\n"
 fi
	#!/usr/bin/env bash

	set -euf -o pipefail

	if (($# < 2 \|\| $# > 4)); then
	echo "usage: ${0##*/} file digest [signature [PGP key\|key ID]]"
	exit 1
	fi

	file=$1
	digest=$2
	signature=${3:-}
	key=${4:-}

	if [[ -n $key ]]; then
	printf "[+] Importing PGP key\n"
	if [[ -f $key ]]; then
	gpg --import "$key"
	else
	gpg --keyserver pool.sks-keyservers.net --recv-keys "$key"
	fi
	fi

	if [[ -n $signature ]]; then
	printf "[+] Verifying digest signature..."
	is_valid=$(gpg --quiet --status-fd 1 --verify \
	"$signature" "$digest" 2>/dev/null \| \
	grep -c "VALIDSIG" \|\| true)
	if [[ $is_valid -eq 0 ]]; then
	printf "FAILED\n"
	exit 1
	else
	printf "OK\n"
	fi
	fi

	printf "[+] Verifying digest..."
	set +e
	grep "$file" "$digest" \| shasum -c - >/dev/null 2>&1
	exit_code=$?
	set -e
	if [[ $exit_code -ne 0 ]]; then
	printf "FAILED\n"
	exit 1
	else
	printf "OK\n"
	fi