2021-11-30 11:43:52 +00:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
|
|
# command info
|
|
|
|
|
if [ $# -lt 3 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
|
|
|
|
|
echo "script use to verify a git commit or tag"
|
|
|
|
|
echo "Usage:"
|
|
|
|
|
echo "Run after 'git reset --hard VERSION' with the user running the installation"
|
|
|
|
|
echo "To verify the checked out commit:"
|
|
|
|
|
echo "blitz.git-verify.sh [PGPsigner] [PGPpubkeyLink] [PGPpubkeyFingerprint]"
|
|
|
|
|
echo "To use 'git verify-tag' add the 'tag':"
|
|
|
|
|
echo "blitz.git-verify.sh [PGPsigner] [PGPpubkeyLink] [PGPpubkeyFingerprint] <tag>"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Example for commits created on GitHub:
|
|
|
|
|
# PGPsigner="web-flow"
|
|
|
|
|
# PGPpubkeyLink="https://github.com/${PGPsigner}.gpg"
|
|
|
|
|
# PGPpubkeyFingerprint="4AEE18F83AFDEB23"
|
|
|
|
|
|
|
|
|
|
# Example for commits signed with a personal PGP key:
|
|
|
|
|
# PGPsigner="janoside"
|
|
|
|
|
# PGPpubkeyLink="https://github.com/${PGPsigner}.gpg"
|
|
|
|
|
# PGPpubkeyFingerprint="F579929B39B119CC7B0BB71FB326ACF51F317B69"
|
|
|
|
|
|
2022-01-26 16:37:19 +00:00
|
|
|
# Run with the installing user to clear permissions:
|
2021-11-30 11:43:52 +00:00
|
|
|
# sudo -u btcrpcexplorer /home/admin/config.scripts/blitz.git-verify.sh \
|
|
|
|
|
# "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1
|
|
|
|
|
|
|
|
|
|
PGPsigner="$1"
|
|
|
|
|
PGPpubkeyLink="$2"
|
|
|
|
|
PGPpubkeyFingerprint="$3"
|
|
|
|
|
|
2022-01-28 10:48:38 +01:00
|
|
|
wget -O /var/cache/raspiblitz/pgp_keys_${PGPsigner}.asc "${PGPpubkeyLink}"
|
|
|
|
|
gpg --import --import-options show-only /var/cache/raspiblitz/pgp_keys_${PGPsigner}.asc
|
v1.9.0rc3 Merge (#3742)
* cln: use default normal feerate to withdraw all
* Bugfix: bad subsititution (#3668)
Fix for error:
/home/admin/config.scripts/bonus.go.sh: line 31: ${goOSversion{}: bad substitution
* whiptail one line
* fix syntax
* lnproxy: fix api access through nginx (#3671)
* lnproxy: fix api access through nginx
* fix tor config and fit the menu
* add to the menu and provision
* merge #3682
* cln update to v23.02, backup-plugin update, add poetry (#3684)
* cln backup-plugin update, add poetry
* fix mkdir error, remove commented code, fmt #3677
* poetry and path fixes
* add terminal feedback, format #3676
* detect the full name of the plugin
* install pyln-client tqdm with pip
* git-verify: add --keyid-format LONG
to recognise if the signing key is not the main key
* cln update to v23.02
* cln-grpc: add protobuf-compiler dep
* rtl update to v0.13.6 and formatting
* C-lightningREST update to v0.10.1
* CLN FAQ update (#3666)
* improve the detection of existing cln aliases
* add the emergencyrecover instructions to CLN FAQ
* update help entries
* Update Tallycoin to version 1.8.0 (#3693)
* add tallycoin update info to CHANGES
* Fix typo in README.md (#3699)
excepted -> accepted
* #3694 add LCD info
* #3664 att timeout 30s to ln monitor calls (#3665)
* fix setting LND_REST_ENDPOINT (#3689)
* btcpay update v1.8.2, postgres database fix (#3697)
* btcpay update v1.8.0, postgres database fix
* btcpayserver update to v1.8.2
* update lnbits to 0.10.2 and use poetry instead of venv (#3703)
* fix apt update Key error for influx repo (#3711)
Co-authored-by: Patrick Scheich <patrick.scheich@syscovery.de>
* fix missing timeout value for nc cmnd (#3712)
Co-authored-by: Patrick Scheich <patrick.scheich@syscovery.de>
* #3706 Update CLN v23.02.2 (#3716)
* used patched/rolledback 23.02.2 release
* check rusty sig
* fix typo
* fix default lightning setting
* #3683 Update LIT to 0.8.6 (#3717)
* update LIT to 0.8.6
* activate lnd rpcmiddleware
* CHANGES.md
* #3667 change all up/download from sftp tp scp (#3718)
* #3722 add no hostkeys available detection (#3723)
* #1186 FinTS/HBCI interface (#3704)
* #1186 FinTS install script first draft
* only start app when blitz is ready
* improve menu
* improve dit lnbits config
* preserve edit
* improve edit
* improve edit
* fix insertion
* dont use fingerprint
* now use main repo
* add port
* show local ip
* fix typo
* show port SSL
* Update bonus.lndg.sh (#3725)
* Update bonus.lndg.sh
Changes version to v1.6.0.
Fixes update menu bug.
Cleans up code a bit (removes tabs and changes to spaces to match raspiblitz formats).
* Update bonus.lndg.sh
Cleaned up code, added requirements.txt install to updates (needed for this update, may be needed in future).
* #3725 update lndg version in CHANGES
* #3692 update lnd to v0.16.0-beta (#3732)
* update SD CARD base image info
* Clenaup CHANGES info
* RTL install fix (#3739)
* c-lightning-REST update to 0.10.2, fmt
* rtl: npm insatll with --legacy-peer-deps
* purge c-lightning-REST as well with RTL
* jam update to v0.1.5 (#3736)
* 3733 CLN GRPC > JRPC (#3741)
* change exit code
* change to cln_jrpc
* deactivate the cln_grpc settings
* set v1.9.0rc3 version
---------
Co-authored-by: openoms <oms@tuta.io>
Co-authored-by: Metallicc <72348+metallicc@users.noreply.github.com>
Co-authored-by: openoms <43343391+openoms@users.noreply.github.com>
Co-authored-by: DJ Booth <djbooth007@gmail.com>
Co-authored-by: Yuck Fou <115867254+YuckFouBTC@users.noreply.github.com>
Co-authored-by: dni ⚡ <office@dnilabs.com>
Co-authored-by: PatrickScheich <50054697+PatrickScheich@users.noreply.github.com>
Co-authored-by: Patrick Scheich <patrick.scheich@syscovery.de>
Co-authored-by: allyourbankarebelongtous <100060902+allyourbankarebelongtous@users.noreply.github.com>
2023-04-08 23:10:01 +02:00
|
|
|
fingerprint=$(gpg --show-keys --keyid-format LONG /var/cache/raspiblitz/pgp_keys_${PGPsigner}.asc 2>/dev/null | grep "${PGPpubkeyFingerprint}" -c)
|
2021-11-30 11:43:52 +00:00
|
|
|
if [ "${fingerprint}" -lt 1 ]; then
|
|
|
|
|
echo
|
2022-07-18 21:07:14 +01:00
|
|
|
echo "# WARNING --> the PGP fingerprint is not as expected for ${PGPsigner}" >&2
|
2021-11-30 11:43:52 +00:00
|
|
|
echo "# Should contain PGP: ${PGPpubkeyFingerprint}" >&2
|
|
|
|
|
echo "# Exiting" >&2
|
|
|
|
|
exit 7
|
|
|
|
|
fi
|
2022-01-28 10:48:38 +01:00
|
|
|
gpg --import /var/cache/raspiblitz/pgp_keys_${PGPsigner}.asc
|
|
|
|
|
rm /var/cache/raspiblitz/pgp_keys_${PGPsigner}.asc
|
2021-11-30 11:43:52 +00:00
|
|
|
|
|
|
|
|
trap 'rm -f "$_temp"' EXIT
|
|
|
|
|
_temp="$(mktemp -p /dev/shm/)"
|
|
|
|
|
|
|
|
|
|
if [ $# -eq 3 ]; then
|
|
|
|
|
commitHash="$(git log --oneline | head -1 | awk '{print $1}')"
|
|
|
|
|
gitCommand="git verify-commit $commitHash"
|
2022-02-07 14:19:25 +00:00
|
|
|
commitOrTag="$commitHash commit"
|
2021-11-30 11:43:52 +00:00
|
|
|
elif [ $# -eq 4 ]; then
|
|
|
|
|
gitCommand="git verify-tag $4"
|
2022-02-07 14:19:25 +00:00
|
|
|
commitOrTag="$4 tag"
|
2021-11-30 11:43:52 +00:00
|
|
|
fi
|
2022-01-27 22:27:04 +01:00
|
|
|
echo "# running: ${gitCommand}"
|
2021-11-30 11:43:52 +00:00
|
|
|
if ${gitCommand} 2>&1 >&"$_temp"; then
|
|
|
|
|
goodSignature=1
|
|
|
|
|
else
|
|
|
|
|
goodSignature=0
|
|
|
|
|
fi
|
|
|
|
|
echo
|
2022-02-07 14:19:25 +00:00
|
|
|
cat "$_temp"
|
2021-11-30 11:43:52 +00:00
|
|
|
echo "# goodSignature(${goodSignature})"
|
|
|
|
|
|
v1.9.0rc3 Merge (#3742)
* cln: use default normal feerate to withdraw all
* Bugfix: bad subsititution (#3668)
Fix for error:
/home/admin/config.scripts/bonus.go.sh: line 31: ${goOSversion{}: bad substitution
* whiptail one line
* fix syntax
* lnproxy: fix api access through nginx (#3671)
* lnproxy: fix api access through nginx
* fix tor config and fit the menu
* add to the menu and provision
* merge #3682
* cln update to v23.02, backup-plugin update, add poetry (#3684)
* cln backup-plugin update, add poetry
* fix mkdir error, remove commented code, fmt #3677
* poetry and path fixes
* add terminal feedback, format #3676
* detect the full name of the plugin
* install pyln-client tqdm with pip
* git-verify: add --keyid-format LONG
to recognise if the signing key is not the main key
* cln update to v23.02
* cln-grpc: add protobuf-compiler dep
* rtl update to v0.13.6 and formatting
* C-lightningREST update to v0.10.1
* CLN FAQ update (#3666)
* improve the detection of existing cln aliases
* add the emergencyrecover instructions to CLN FAQ
* update help entries
* Update Tallycoin to version 1.8.0 (#3693)
* add tallycoin update info to CHANGES
* Fix typo in README.md (#3699)
excepted -> accepted
* #3694 add LCD info
* #3664 att timeout 30s to ln monitor calls (#3665)
* fix setting LND_REST_ENDPOINT (#3689)
* btcpay update v1.8.2, postgres database fix (#3697)
* btcpay update v1.8.0, postgres database fix
* btcpayserver update to v1.8.2
* update lnbits to 0.10.2 and use poetry instead of venv (#3703)
* fix apt update Key error for influx repo (#3711)
Co-authored-by: Patrick Scheich <patrick.scheich@syscovery.de>
* fix missing timeout value for nc cmnd (#3712)
Co-authored-by: Patrick Scheich <patrick.scheich@syscovery.de>
* #3706 Update CLN v23.02.2 (#3716)
* used patched/rolledback 23.02.2 release
* check rusty sig
* fix typo
* fix default lightning setting
* #3683 Update LIT to 0.8.6 (#3717)
* update LIT to 0.8.6
* activate lnd rpcmiddleware
* CHANGES.md
* #3667 change all up/download from sftp tp scp (#3718)
* #3722 add no hostkeys available detection (#3723)
* #1186 FinTS/HBCI interface (#3704)
* #1186 FinTS install script first draft
* only start app when blitz is ready
* improve menu
* improve dit lnbits config
* preserve edit
* improve edit
* improve edit
* fix insertion
* dont use fingerprint
* now use main repo
* add port
* show local ip
* fix typo
* show port SSL
* Update bonus.lndg.sh (#3725)
* Update bonus.lndg.sh
Changes version to v1.6.0.
Fixes update menu bug.
Cleans up code a bit (removes tabs and changes to spaces to match raspiblitz formats).
* Update bonus.lndg.sh
Cleaned up code, added requirements.txt install to updates (needed for this update, may be needed in future).
* #3725 update lndg version in CHANGES
* #3692 update lnd to v0.16.0-beta (#3732)
* update SD CARD base image info
* Clenaup CHANGES info
* RTL install fix (#3739)
* c-lightning-REST update to 0.10.2, fmt
* rtl: npm insatll with --legacy-peer-deps
* purge c-lightning-REST as well with RTL
* jam update to v0.1.5 (#3736)
* 3733 CLN GRPC > JRPC (#3741)
* change exit code
* change to cln_jrpc
* deactivate the cln_grpc settings
* set v1.9.0rc3 version
---------
Co-authored-by: openoms <oms@tuta.io>
Co-authored-by: Metallicc <72348+metallicc@users.noreply.github.com>
Co-authored-by: openoms <43343391+openoms@users.noreply.github.com>
Co-authored-by: DJ Booth <djbooth007@gmail.com>
Co-authored-by: Yuck Fou <115867254+YuckFouBTC@users.noreply.github.com>
Co-authored-by: dni ⚡ <office@dnilabs.com>
Co-authored-by: PatrickScheich <50054697+PatrickScheich@users.noreply.github.com>
Co-authored-by: Patrick Scheich <patrick.scheich@syscovery.de>
Co-authored-by: allyourbankarebelongtous <100060902+allyourbankarebelongtous@users.noreply.github.com>
2023-04-08 23:10:01 +02:00
|
|
|
correctKey=$(tr -d " \t\n\r" <"$_temp" | grep "${PGPpubkeyFingerprint}" -c)
|
2021-11-30 11:43:52 +00:00
|
|
|
echo "# correctKey(${correctKey})"
|
|
|
|
|
|
|
|
|
|
if [ "${correctKey}" -lt 1 ] || [ "${goodSignature}" -lt 1 ]; then
|
|
|
|
|
echo
|
2022-07-18 21:07:14 +01:00
|
|
|
echo "# BUILD FAILED --> PGP verification not OK / signature(${goodSignature}) verify(${correctKey})"
|
2021-11-30 11:43:52 +00:00
|
|
|
exit 1
|
|
|
|
|
else
|
|
|
|
|
echo
|
|
|
|
|
echo "##########################################################################"
|
2022-02-07 14:19:25 +00:00
|
|
|
echo "# OK --> the PGP signature of the checked out ${commitOrTag} is correct"
|
2021-11-30 11:43:52 +00:00
|
|
|
echo "##########################################################################"
|
|
|
|
|
echo
|
|
|
|
|
exit 0
|
|
|
|
|
fi
|
