raspiblitz/home.admin/config.scripts/blitz.git-verify.sh

#!/bin/bash

# command info
if [ $# -lt 3 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
  echo "script use to verify a git commit or tag"
  echo "Usage:"
  echo "Run after 'git reset --hard VERSION' with the user running the installation"
  echo "To verify the checked out commit:"
  echo "blitz.git-verify.sh [PGPsigner] [PGPpubkeyLink] [PGPpubkeyFingerprint]"
  echo "To use 'git verify-tag' add the 'tag':"
  echo "blitz.git-verify.sh [PGPsigner] [PGPpubkeyLink] [PGPpubkeyFingerprint] <tag>"
  exit 1
fi

# Example for commits created on GitHub:
# PGPsigner="web-flow"
# PGPpubkeyLink="https://github.com/${PGPsigner}.gpg"
# PGPpubkeyFingerprint="4AEE18F83AFDEB23"

# Example for commits signed with a personal PGP key:
# PGPsigner="janoside"
# PGPpubkeyLink="https://github.com/${PGPsigner}.gpg"
# PGPpubkeyFingerprint="F579929B39B119CC7B0BB71FB326ACF51F317B69"

# Run with the installing user to clear permissions:
# sudo -u btcrpcexplorer /home/admin/config.scripts/blitz.git-verify.sh \
#  "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1

PGPsigner="$1"
PGPpubkeyLink="$2"
PGPpubkeyFingerprint="$3"

wget -O /var/cache/raspiblitz/pgp_keys_${PGPsigner}.asc "${PGPpubkeyLink}"

# in the case the wget above fails, try to use curl instead
if [ $? -ne 0 ]; then
  echo "# WARNING --> wget failed to download the PGP key, trying curl instead" >&2
  curl -o /var/cache/raspiblitz/pgp_keys_${PGPsigner}.asc "${PGPpubkeyLink}"
  if [ $? -ne 0 ]; then
    echo "# ERROR --> curl failed to download the PGP key" >&2
    echo "# Exiting" >&2
    exit 6
  fi
fi

gpg --import --import-options show-only /var/cache/raspiblitz/pgp_keys_${PGPsigner}.asc
fingerprint=$(gpg --show-keys --keyid-format LONG /var/cache/raspiblitz/pgp_keys_${PGPsigner}.asc 2>/dev/null | grep "${PGPpubkeyFingerprint}" -c)
if [ "${fingerprint}" -lt 1 ]; then
  echo
  echo "# WARNING --> the PGP fingerprint is not as expected for ${PGPsigner}" >&2
  echo "# Should contain PGP: ${PGPpubkeyFingerprint}" >&2
  echo "# Exiting" >&2
  exit 7
fi
gpg --import /var/cache/raspiblitz/pgp_keys_${PGPsigner}.asc
rm /var/cache/raspiblitz/pgp_keys_${PGPsigner}.asc

trap 'rm -f "$_temp"' EXIT
_temp="$(mktemp -p /dev/shm/)"

if [ $# -eq 3 ]; then
  commitHash="$(git log --oneline | head -1 | awk '{print $1}')"
  gitCommand="git verify-commit $commitHash"
  commitOrTag="$commitHash commit"
elif [ $# -eq 4 ]; then
  gitCommand="git verify-tag $4"
  commitOrTag="$4 tag"
fi
echo "# running: ${gitCommand}"
if ${gitCommand} 2>&1 >&"$_temp"; then
  goodSignature=1
else
  goodSignature=0
fi
echo
cat "$_temp"
echo "# goodSignature(${goodSignature})"

correctKey=$(tr -d " \t\n\r" <"$_temp" | grep "${PGPpubkeyFingerprint}" -c)
echo "# correctKey(${correctKey})"

if [ "${correctKey}" -lt 1 ] || [ "${goodSignature}" -lt 1 ]; then
  echo
  echo "# BUILD FAILED --> PGP verification not OK / signature(${goodSignature}) verify(${correctKey})"
  exit 1
else
  echo
  echo "##########################################################################"
  echo "# OK --> the PGP signature of the checked out ${commitOrTag} is correct"
  echo "##########################################################################"
  echo
  exit 0
fi
Git verify everywhere + updates (#2708) 2021-11-30 11:43:52 +00:00			`#!/bin/bash`

			`# command info`
			`if [ $# -lt 3 ] \|\| [ "$1" = "-h" ] \|\| [ "$1" = "-help" ]; then`
			`echo "script use to verify a git commit or tag"`
			`echo "Usage:"`
			`echo "Run after 'git reset --hard VERSION' with the user running the installation"`
			`echo "To verify the checked out commit:"`
			`echo "blitz.git-verify.sh [PGPsigner] [PGPpubkeyLink] [PGPpubkeyFingerprint]"`
			`echo "To use 'git verify-tag' add the 'tag':"`
			`echo "blitz.git-verify.sh [PGPsigner] [PGPpubkeyLink] [PGPpubkeyFingerprint] <tag>"`
			`exit 1`
			`fi`

			`# Example for commits created on GitHub:`
			`# PGPsigner="web-flow"`
			`# PGPpubkeyLink="https://github.com/${PGPsigner}.gpg"`
			`# PGPpubkeyFingerprint="4AEE18F83AFDEB23"`

			`# Example for commits signed with a personal PGP key:`
			`# PGPsigner="janoside"`
			`# PGPpubkeyLink="https://github.com/${PGPsigner}.gpg"`
			`# PGPpubkeyFingerprint="F579929B39B119CC7B0BB71FB326ACF51F317B69"`

joininbox update to v0.6.6 2022-01-26 16:37:19 +00:00			`# Run with the installing user to clear permissions:`
Git verify everywhere + updates (#2708) 2021-11-30 11:43:52 +00:00			`# sudo -u btcrpcexplorer /home/admin/config.scripts/blitz.git-verify.sh \`
			`# "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" \|\| exit 1`

			`PGPsigner="$1"`
			`PGPpubkeyLink="$2"`
			`PGPpubkeyFingerprint="$3"`

fix git-verify 2022-01-28 10:48:38 +01:00			`wget -O /var/cache/raspiblitz/pgp_keys_${PGPsigner}.asc "${PGPpubkeyLink}"`
Fatpack external (#3743) * cln: use default normal feerate to withdraw all * Bugfix: bad subsititution (#3668) Fix for error: /home/admin/config.scripts/bonus.go.sh: line 31: ${goOSversion{}: bad substitution * whiptail one line * fix syntax * lnproxy: fix api access through nginx (#3671) * lnproxy: fix api access through nginx * fix tor config and fit the menu * add to the menu and provision * merge #3682 * cln update to v23.02, backup-plugin update, add poetry (#3684) * cln backup-plugin update, add poetry * fix mkdir error, remove commented code, fmt #3677 * poetry and path fixes * add terminal feedback, format #3676 * detect the full name of the plugin * install pyln-client tqdm with pip * git-verify: add --keyid-format LONG to recognise if the signing key is not the main key * cln update to v23.02 * cln-grpc: add protobuf-compiler dep * rtl update to v0.13.6 and formatting * C-lightningREST update to v0.10.1 * CLN FAQ update (#3666) * improve the detection of existing cln aliases * add the emergencyrecover instructions to CLN FAQ * update help entries * Update Tallycoin to version 1.8.0 (#3693) * add tallycoin update info to CHANGES * Fix typo in README.md (#3699) excepted -> accepted * #3694 add LCD info * #3664 att timeout 30s to ln monitor calls (#3665) * fix setting LND_REST_ENDPOINT (#3689) * btcpay update v1.8.2, postgres database fix (#3697) * btcpay update v1.8.0, postgres database fix * btcpayserver update to v1.8.2 * update lnbits to 0.10.2 and use poetry instead of venv (#3703) * fix apt update Key error for influx repo (#3711) Co-authored-by: Patrick Scheich <patrick.scheich@syscovery.de> * fix missing timeout value for nc cmnd (#3712) Co-authored-by: Patrick Scheich <patrick.scheich@syscovery.de> * #3706 Update CLN v23.02.2 (#3716) * used patched/rolledback 23.02.2 release * check rusty sig * fix typo * fix default lightning setting * #3683 Update LIT to 0.8.6 (#3717) * update LIT to 0.8.6 * activate lnd rpcmiddleware * CHANGES.md * #3667 change all up/download from sftp tp scp (#3718) * #3722 add no hostkeys available detection (#3723) * #1186 FinTS/HBCI interface (#3704) * #1186 FinTS install script first draft * only start app when blitz is ready * improve menu * improve dit lnbits config * preserve edit * improve edit * improve edit * fix insertion * dont use fingerprint * now use main repo * add port * show local ip * fix typo * show port SSL * Update bonus.lndg.sh (#3725) * Update bonus.lndg.sh Changes version to v1.6.0. Fixes update menu bug. Cleans up code a bit (removes tabs and changes to spaces to match raspiblitz formats). * Update bonus.lndg.sh Cleaned up code, added requirements.txt install to updates (needed for this update, may be needed in future). * #3725 update lndg version in CHANGES * #3692 update lnd to v0.16.0-beta (#3732) * update SD CARD base image info * Clenaup CHANGES info * RTL install fix (#3739) * c-lightning-REST update to 0.10.2, fmt * rtl: npm insatll with --legacy-peer-deps * purge c-lightning-REST as well with RTL * jam update to v0.1.5 (#3736) * 3733 CLN GRPC > JRPC (#3741) * change exit code * change to cln_jrpc * deactivate the cln_grpc settings * set v1.9.0rc3 version * improve git verify * move fatpack into external script --------- Co-authored-by: openoms <oms@tuta.io> Co-authored-by: Metallicc <72348+metallicc@users.noreply.github.com> Co-authored-by: openoms <43343391+openoms@users.noreply.github.com> Co-authored-by: DJ Booth <djbooth007@gmail.com> Co-authored-by: Yuck Fou <115867254+YuckFouBTC@users.noreply.github.com> Co-authored-by: dni ⚡ <office@dnilabs.com> Co-authored-by: PatrickScheich <50054697+PatrickScheich@users.noreply.github.com> Co-authored-by: Patrick Scheich <patrick.scheich@syscovery.de> Co-authored-by: allyourbankarebelongtous <100060902+allyourbankarebelongtous@users.noreply.github.com> 2023-04-09 23:25:43 +02:00
			`# in the case the wget above fails, try to use curl instead`
			`if [ $? -ne 0 ]; then`
			`echo "# WARNING --> wget failed to download the PGP key, trying curl instead" >&2`
			`curl -o /var/cache/raspiblitz/pgp_keys_${PGPsigner}.asc "${PGPpubkeyLink}"`
			`if [ $? -ne 0 ]; then`
			`echo "# ERROR --> curl failed to download the PGP key" >&2`
			`echo "# Exiting" >&2`
			`exit 6`
			`fi`
			`fi`

fix git-verify 2022-01-28 10:48:38 +01:00			`gpg --import --import-options show-only /var/cache/raspiblitz/pgp_keys_${PGPsigner}.asc`
v1.9.0rc3 Merge (#3742) * cln: use default normal feerate to withdraw all * Bugfix: bad subsititution (#3668) Fix for error: /home/admin/config.scripts/bonus.go.sh: line 31: ${goOSversion{}: bad substitution * whiptail one line * fix syntax * lnproxy: fix api access through nginx (#3671) * lnproxy: fix api access through nginx * fix tor config and fit the menu * add to the menu and provision * merge #3682 * cln update to v23.02, backup-plugin update, add poetry (#3684) * cln backup-plugin update, add poetry * fix mkdir error, remove commented code, fmt #3677 * poetry and path fixes * add terminal feedback, format #3676 * detect the full name of the plugin * install pyln-client tqdm with pip * git-verify: add --keyid-format LONG to recognise if the signing key is not the main key * cln update to v23.02 * cln-grpc: add protobuf-compiler dep * rtl update to v0.13.6 and formatting * C-lightningREST update to v0.10.1 * CLN FAQ update (#3666) * improve the detection of existing cln aliases * add the emergencyrecover instructions to CLN FAQ * update help entries * Update Tallycoin to version 1.8.0 (#3693) * add tallycoin update info to CHANGES * Fix typo in README.md (#3699) excepted -> accepted * #3694 add LCD info * #3664 att timeout 30s to ln monitor calls (#3665) * fix setting LND_REST_ENDPOINT (#3689) * btcpay update v1.8.2, postgres database fix (#3697) * btcpay update v1.8.0, postgres database fix * btcpayserver update to v1.8.2 * update lnbits to 0.10.2 and use poetry instead of venv (#3703) * fix apt update Key error for influx repo (#3711) Co-authored-by: Patrick Scheich <patrick.scheich@syscovery.de> * fix missing timeout value for nc cmnd (#3712) Co-authored-by: Patrick Scheich <patrick.scheich@syscovery.de> * #3706 Update CLN v23.02.2 (#3716) * used patched/rolledback 23.02.2 release * check rusty sig * fix typo * fix default lightning setting * #3683 Update LIT to 0.8.6 (#3717) * update LIT to 0.8.6 * activate lnd rpcmiddleware * CHANGES.md * #3667 change all up/download from sftp tp scp (#3718) * #3722 add no hostkeys available detection (#3723) * #1186 FinTS/HBCI interface (#3704) * #1186 FinTS install script first draft * only start app when blitz is ready * improve menu * improve dit lnbits config * preserve edit * improve edit * improve edit * fix insertion * dont use fingerprint * now use main repo * add port * show local ip * fix typo * show port SSL * Update bonus.lndg.sh (#3725) * Update bonus.lndg.sh Changes version to v1.6.0. Fixes update menu bug. Cleans up code a bit (removes tabs and changes to spaces to match raspiblitz formats). * Update bonus.lndg.sh Cleaned up code, added requirements.txt install to updates (needed for this update, may be needed in future). * #3725 update lndg version in CHANGES * #3692 update lnd to v0.16.0-beta (#3732) * update SD CARD base image info * Clenaup CHANGES info * RTL install fix (#3739) * c-lightning-REST update to 0.10.2, fmt * rtl: npm insatll with --legacy-peer-deps * purge c-lightning-REST as well with RTL * jam update to v0.1.5 (#3736) * 3733 CLN GRPC > JRPC (#3741) * change exit code * change to cln_jrpc * deactivate the cln_grpc settings * set v1.9.0rc3 version --------- Co-authored-by: openoms <oms@tuta.io> Co-authored-by: Metallicc <72348+metallicc@users.noreply.github.com> Co-authored-by: openoms <43343391+openoms@users.noreply.github.com> Co-authored-by: DJ Booth <djbooth007@gmail.com> Co-authored-by: Yuck Fou <115867254+YuckFouBTC@users.noreply.github.com> Co-authored-by: dni ⚡ <office@dnilabs.com> Co-authored-by: PatrickScheich <50054697+PatrickScheich@users.noreply.github.com> Co-authored-by: Patrick Scheich <patrick.scheich@syscovery.de> Co-authored-by: allyourbankarebelongtous <100060902+allyourbankarebelongtous@users.noreply.github.com> 2023-04-08 23:10:01 +02:00			`fingerprint=$(gpg --show-keys --keyid-format LONG /var/cache/raspiblitz/pgp_keys_${PGPsigner}.asc 2>/dev/null \| grep "${PGPpubkeyFingerprint}" -c)`
Git verify everywhere + updates (#2708) 2021-11-30 11:43:52 +00:00			`if [ "${fingerprint}" -lt 1 ]; then`
			`echo`
fix error messages using exclamation marks (#3232) 2022-07-18 21:07:14 +01:00			`echo "# WARNING --> the PGP fingerprint is not as expected for ${PGPsigner}" >&2`
Git verify everywhere + updates (#2708) 2021-11-30 11:43:52 +00:00			`echo "# Should contain PGP: ${PGPpubkeyFingerprint}" >&2`
			`echo "# Exiting" >&2`
			`exit 7`
			`fi`
fix git-verify 2022-01-28 10:48:38 +01:00			`gpg --import /var/cache/raspiblitz/pgp_keys_${PGPsigner}.asc`
			`rm /var/cache/raspiblitz/pgp_keys_${PGPsigner}.asc`
Git verify everywhere + updates (#2708) 2021-11-30 11:43:52 +00:00
			`trap 'rm -f "$_temp"' EXIT`
			`_temp="$(mktemp -p /dev/shm/)"`

			`if [ $# -eq 3 ]; then`
			`commitHash="$(git log --oneline \| head -1 \| awk '{print $1}')"`
			`gitCommand="git verify-commit $commitHash"`
CL install from source from github instead of zip (#2936) 2022-02-07 14:19:25 +00:00			`commitOrTag="$commitHash commit"`
Git verify everywhere + updates (#2708) 2021-11-30 11:43:52 +00:00			`elif [ $# -eq 4 ]; then`
			`gitCommand="git verify-tag $4"`
CL install from source from github instead of zip (#2936) 2022-02-07 14:19:25 +00:00			`commitOrTag="$4 tag"`
Git verify everywhere + updates (#2708) 2021-11-30 11:43:52 +00:00			`fi`
add debug 2022-01-27 22:27:04 +01:00			`echo "# running: ${gitCommand}"`
Git verify everywhere + updates (#2708) 2021-11-30 11:43:52 +00:00			`if ${gitCommand} 2>&1 >&"$_temp"; then`
			`goodSignature=1`
			`else`
			`goodSignature=0`
			`fi`
			`echo`
CL install from source from github instead of zip (#2936) 2022-02-07 14:19:25 +00:00			`cat "$_temp"`
Git verify everywhere + updates (#2708) 2021-11-30 11:43:52 +00:00			`echo "# goodSignature(${goodSignature})"`

v1.9.0rc3 Merge (#3742) * cln: use default normal feerate to withdraw all * Bugfix: bad subsititution (#3668) Fix for error: /home/admin/config.scripts/bonus.go.sh: line 31: ${goOSversion{}: bad substitution * whiptail one line * fix syntax * lnproxy: fix api access through nginx (#3671) * lnproxy: fix api access through nginx * fix tor config and fit the menu * add to the menu and provision * merge #3682 * cln update to v23.02, backup-plugin update, add poetry (#3684) * cln backup-plugin update, add poetry * fix mkdir error, remove commented code, fmt #3677 * poetry and path fixes * add terminal feedback, format #3676 * detect the full name of the plugin * install pyln-client tqdm with pip * git-verify: add --keyid-format LONG to recognise if the signing key is not the main key * cln update to v23.02 * cln-grpc: add protobuf-compiler dep * rtl update to v0.13.6 and formatting * C-lightningREST update to v0.10.1 * CLN FAQ update (#3666) * improve the detection of existing cln aliases * add the emergencyrecover instructions to CLN FAQ * update help entries * Update Tallycoin to version 1.8.0 (#3693) * add tallycoin update info to CHANGES * Fix typo in README.md (#3699) excepted -> accepted * #3694 add LCD info * #3664 att timeout 30s to ln monitor calls (#3665) * fix setting LND_REST_ENDPOINT (#3689) * btcpay update v1.8.2, postgres database fix (#3697) * btcpay update v1.8.0, postgres database fix * btcpayserver update to v1.8.2 * update lnbits to 0.10.2 and use poetry instead of venv (#3703) * fix apt update Key error for influx repo (#3711) Co-authored-by: Patrick Scheich <patrick.scheich@syscovery.de> * fix missing timeout value for nc cmnd (#3712) Co-authored-by: Patrick Scheich <patrick.scheich@syscovery.de> * #3706 Update CLN v23.02.2 (#3716) * used patched/rolledback 23.02.2 release * check rusty sig * fix typo * fix default lightning setting * #3683 Update LIT to 0.8.6 (#3717) * update LIT to 0.8.6 * activate lnd rpcmiddleware * CHANGES.md * #3667 change all up/download from sftp tp scp (#3718) * #3722 add no hostkeys available detection (#3723) * #1186 FinTS/HBCI interface (#3704) * #1186 FinTS install script first draft * only start app when blitz is ready * improve menu * improve dit lnbits config * preserve edit * improve edit * improve edit * fix insertion * dont use fingerprint * now use main repo * add port * show local ip * fix typo * show port SSL * Update bonus.lndg.sh (#3725) * Update bonus.lndg.sh Changes version to v1.6.0. Fixes update menu bug. Cleans up code a bit (removes tabs and changes to spaces to match raspiblitz formats). * Update bonus.lndg.sh Cleaned up code, added requirements.txt install to updates (needed for this update, may be needed in future). * #3725 update lndg version in CHANGES * #3692 update lnd to v0.16.0-beta (#3732) * update SD CARD base image info * Clenaup CHANGES info * RTL install fix (#3739) * c-lightning-REST update to 0.10.2, fmt * rtl: npm insatll with --legacy-peer-deps * purge c-lightning-REST as well with RTL * jam update to v0.1.5 (#3736) * 3733 CLN GRPC > JRPC (#3741) * change exit code * change to cln_jrpc * deactivate the cln_grpc settings * set v1.9.0rc3 version --------- Co-authored-by: openoms <oms@tuta.io> Co-authored-by: Metallicc <72348+metallicc@users.noreply.github.com> Co-authored-by: openoms <43343391+openoms@users.noreply.github.com> Co-authored-by: DJ Booth <djbooth007@gmail.com> Co-authored-by: Yuck Fou <115867254+YuckFouBTC@users.noreply.github.com> Co-authored-by: dni ⚡ <office@dnilabs.com> Co-authored-by: PatrickScheich <50054697+PatrickScheich@users.noreply.github.com> Co-authored-by: Patrick Scheich <patrick.scheich@syscovery.de> Co-authored-by: allyourbankarebelongtous <100060902+allyourbankarebelongtous@users.noreply.github.com> 2023-04-08 23:10:01 +02:00			`correctKey=$(tr -d " \t\n\r" <"$_temp" \| grep "${PGPpubkeyFingerprint}" -c)`
Git verify everywhere + updates (#2708) 2021-11-30 11:43:52 +00:00			`echo "# correctKey(${correctKey})"`

			`if [ "${correctKey}" -lt 1 ] \|\| [ "${goodSignature}" -lt 1 ]; then`
			`echo`
fix error messages using exclamation marks (#3232) 2022-07-18 21:07:14 +01:00			`echo "# BUILD FAILED --> PGP verification not OK / signature(${goodSignature}) verify(${correctKey})"`
Git verify everywhere + updates (#2708) 2021-11-30 11:43:52 +00:00			`exit 1`
			`else`
			`echo`
			`echo "##########################################################################"`
CL install from source from github instead of zip (#2936) 2022-02-07 14:19:25 +00:00			`echo "# OK --> the PGP signature of the checked out ${commitOrTag} is correct"`
Git verify everywhere + updates (#2708) 2021-11-30 11:43:52 +00:00			`echo "##########################################################################"`
			`echo`
			`exit 0`
			`fi`