From fab1f9272c4999cd505f1e56eb348b5eb4bb38cb Mon Sep 17 00:00:00 2001 From: MarcoFalke Date: Sun, 21 Aug 2016 21:29:18 +0200 Subject: [PATCH 1/3] [contrib] verifybinaries: Adjust parsing to new rc path --- contrib/verifybinaries/README.md | 1 + contrib/verifybinaries/verify.sh | 8 ++++---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/contrib/verifybinaries/README.md b/contrib/verifybinaries/README.md index 8970f3daa..d43a60ca0 100644 --- a/contrib/verifybinaries/README.md +++ b/contrib/verifybinaries/README.md @@ -10,4 +10,5 @@ Usage: ```sh ./verify.sh bitcoin-core-0.11.2 ./verify.sh bitcoin-core-0.12.0 +./verify.sh bitcoin-core-0.13.0-rc3 ``` diff --git a/contrib/verifybinaries/verify.sh b/contrib/verifybinaries/verify.sh index 657c3bd33..40759c36b 100755 --- a/contrib/verifybinaries/verify.sh +++ b/contrib/verifybinaries/verify.sh @@ -14,11 +14,11 @@ function clean_up { done } -WORKINGDIR="/tmp/bitcoin" +WORKINGDIR="/tmp/bitcoin_verify_binaries" TMPFILE="hashes.tmp" SIGNATUREFILENAME="SHA256SUMS.asc" -RCSUBDIR="test/" +RCSUBDIR="test" BASEDIR="https://bitcoin.org/bin/" VERSIONPREFIX="bitcoin-core-" RCVERSIONSTRING="rc" @@ -43,7 +43,7 @@ if [ -n "$1" ]; then # and simultaneously add RCSUBDIR to BASEDIR, where we will look for SIGNATUREFILENAME if [[ $VERSION == *"$RCVERSIONSTRING"* ]]; then BASEDIR="$BASEDIR${VERSION/%-$RCVERSIONSTRING*}/" - BASEDIR="$BASEDIR$RCSUBDIR" + BASEDIR="$BASEDIR$RCSUBDIR.$RCVERSIONSTRING${VERSION: -1}/" else BASEDIR="$BASEDIR$VERSION/" fi @@ -93,7 +93,7 @@ fi FILES=$(awk '{print $2}' "$TMPFILE") #and download these one by one -for file in in $FILES +for file in $FILES do wget --quiet -N "$BASEDIR$file" done From fa917f662346868486cdffce92a1fbe34980a72b Mon Sep 17 00:00:00 2001 From: MarcoFalke Date: Sun, 21 Aug 2016 21:37:21 +0200 Subject: [PATCH 2/3] [contrib] verifybinaries: Keep downloads by default --- contrib/verifybinaries/README.md | 6 ++++++ contrib/verifybinaries/verify.sh | 11 ++++++++--- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/contrib/verifybinaries/README.md b/contrib/verifybinaries/README.md index d43a60ca0..516af8575 100644 --- a/contrib/verifybinaries/README.md +++ b/contrib/verifybinaries/README.md @@ -12,3 +12,9 @@ Usage: ./verify.sh bitcoin-core-0.12.0 ./verify.sh bitcoin-core-0.13.0-rc3 ``` + +If you do not want to keep the downloaded binaries, specify anything as the second parameter. + +```sh +./verify.sh bitcoin-core-0.13.0 delete +``` diff --git a/contrib/verifybinaries/verify.sh b/contrib/verifybinaries/verify.sh index 40759c36b..e22b91174 100755 --- a/contrib/verifybinaries/verify.sh +++ b/contrib/verifybinaries/verify.sh @@ -108,11 +108,16 @@ if [ $? -eq 1 ]; then exit 1 elif [ $? -gt 1 ]; then echo "Error executing 'diff'" - exit 2 + exit 2 fi -#everything matches! clean up the mess -clean_up $FILES $SIGNATUREFILENAME $TMPFILE +if [ -n "$2" ]; then + echo "Clean up the binaries" + clean_up $FILES $SIGNATUREFILENAME $TMPFILE +else + echo "Keep the binaries in $WORKINGDIR" + clean_up $TMPFILE +fi echo -e "Verified hashes of \n$FILES" From faaed8874f83373e54a1878c5c7381ce47557bb8 Mon Sep 17 00:00:00 2001 From: MarcoFalke Date: Sun, 21 Aug 2016 21:58:29 +0200 Subject: [PATCH 3/3] [contrib] verifybinaries: Mention mandatory preparation step --- contrib/verifybinaries/README.md | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/contrib/verifybinaries/README.md b/contrib/verifybinaries/README.md index 516af8575..ed3e14fb6 100644 --- a/contrib/verifybinaries/README.md +++ b/contrib/verifybinaries/README.md @@ -1,11 +1,24 @@ ### Verify Binaries + +#### Preparation: + +Make sure you obtain the proper release signing key and verify the fingerprint with several independent sources. + +```sh +$ gpg --fingerprint "Bitcoin Core binary release signing key" +pub 4096R/36C2E964 2015-06-24 [expires: 2017-02-13] + Key fingerprint = 01EA 5486 DE18 A882 D4C2 6845 90C8 019E 36C2 E964 +uid Wladimir J. van der Laan (Bitcoin Core binary release signing key) +``` + +#### Usage: + This script attempts to download the signature file `SHA256SUMS.asc` from https://bitcoin.org. It first checks if the signature passes, and then downloads the files specified in the file, and checks if the hashes of these files match those that are specified in the signature file. The script returns 0 if everything passes the checks. It returns 1 if either the signature check or the hash check doesn't pass. If an error occurs the return value is 2. -Usage: ```sh ./verify.sh bitcoin-core-0.11.2