#!/bin/bash # parameters and default values ARCH="i686" DATE=$(date +%Y.%m.%d) #DATE="2024.07.10" ISO="archlinux32-${DATE}-${ARCH}.iso" OUTPUT_DIR="${HOME}/archisos" #Andreas Baumann (sign) SIGN_KEY='16194A82231E9EF823562181C8E8F5A0AF9BA7E7' # Archlinux 32 Release Key #SIGN_KEY='33CA3597B0D161AAE4173F65C17F1214114574A4' usage() { >&2 echo "" >&2 echo "check-iso: checks sanity of ISOs built for Archlinux32 and returns data about the ISO" >&2 echo "" >&2 echo "possible options:" >&2 echo " -h|--help: show this help and exit" >&2 echo " --iso name of ISO to be checked, default is '${ISO}'." >&2 echo " --output-dir where to write the isos, default is '${OUTPUT_DIR}." >&2 echo " --check check sanity of the image, returns an exit code only." >&2 echo " --expected-sign-key expected PGP key the ISO has to be signed with, default '${SIGN_KEY}'." >&2 echo " --md5sum get md5 of the ISO." >&2 echo " --sha512sum get sha512sum of the ISO." >&2 echo " --sign-key get GPG signing key of the ISO." >&2 echo " --size get size of the ISO." >&2 echo " --kernel-version get version of the kernel on the ISO." >&2 echo " --no-cleanup do not clean up tmpdir after run, for debugging." [ -z "$1" ] && exit 1 || exit "$1" } # fail on first error set -e # cleanup hook tmp_dir="$(mktemp -d)" cleanup() { if mountpoint -q "${tmp_dir}"; then sudo umount "${tmp_dir}" fi rm -rf --one-file-system "${tmp_dir}" } trap cleanup EXIT eval set -- "$( getopt -o h \ --long help \ --long iso: \ --long output-dir: \ --long check \ --long expected-sign-key: \ --long md5sum \ --long sha512sum \ --long sign-key \ --long size \ --long kernel-version \ -n "$(basename "$0")" -- "$@" || \ echo usage )" iso="$ISO" output_dir="${OUTPUT_DIR}" check=0 expected_sign_key="${SIGN_KEY}" md5sum=0 sha512sum=0 sign_key=0 size=0 kernel_version=0 while [ $# -gt 0 ]; do case "$1" in '--iso') shift iso="$1" ;; '--output-dir') shift output_dir="$1" ;; '--check') check=1 ;; '--expected-sign-key') shift expected_sign_key="$1" ;; '--md5sum') md5sum=1 ;; '--sha512sum') sha512sum=1 ;; '--sign-key') sign_key=1 ;; '--size') size=1 ;; '--kernel-version') kernel_version=1 ;; '--help'|'-h') usage 0 ;; '--') shift break ;; *) printf 'Whoops, option "%s" is not yet implemented!\n' "$1" >&2 exit 42 ;; esac shift done if [ $# -gt 0 ]; then >&2 echo 'Too many arguments.' exit 2 fi if [ "${md5sum}" = 1 ]; then md5sum="$( grep "\s${iso/}\$" "${output_dir}/md5sums" | \ awk '{print $1}' )" echo "${md5sum}" fi if [ "${sha512sum}" = 1 ]; then sha512sum="$( grep "\s${iso/}\$" "${output_dir}/sha512sums" | \ awk '{print $1}' )" echo "${sha512sum}" fi if [ "${sign_key}" = 1 -o "${check}" = 1 ]; then sign_keys="$( printf '%s\n' $( gpg --status-fd=1 --verify "${output_dir}/${iso}.sig" "${output_dir}/${iso}" 2> /dev/null | \ grep '^\[GNUPG:] VALIDSIG [0-9A-F]\+ ' | \ cut -d' ' -f3 ) | \ sort -u )" if [ $(echo "${sign_keys}" | grep -c '\S') -ne 1 ]; then >&2 echo 'Not exactly one key used for signing the iso:' >&2 echo "'${sign_keys}'" exit 1 fi sign_key="${sign_keys}" if [ "${sign_key}" != "${expected_sign_key}" ]; then >&2 printf "Isos are signed with key '%s' instead of '%s'.\n" \ "${sign_key}" \ "${expected_sign_key}" exit 1 fi if [ "${check}" = 0 ]; then echo "${sign_key}" fi fi if [ "${size}" = 1 ]; then size="$( printf 'scale=1; %s/1024/1024\n' "$(stat -c'%s' "${output_dir}/${iso}")" | \ bc )" echo "${size}" fi if [ "${kernel_version}" = 1 -o "${check}" = 1 ]; then sudo mount -o loop,ro "${output_dir}/${iso}" "${tmp_dir}" kernels="$( printf '%s\n' $( find "${tmp_dir}/arch" \ -maxdepth 1 \ -name 'pkglist.*.txt' \ -not -name 'pkglist.x86_64.txt' \ -execdir cat {} \; \ | sed ' s/^linux\s\+\([^-]\+-[^-]\+\)$/\1/ t d ' ) | \ sort -u )" sudo umount "${tmp_dir}" if [ $(echo "${kernels}" | grep -c '\S') -ne 1 ]; then >&2 echo 'Not exactly one kernel on the iso:' >&2 echo "${kernels}" exit 1 fi kernel_version="${kernels}" if [ "${check}" = 0 ]; then echo "${kernel_version}" fi fi exit 0