diff --git a/content/index.smd b/content/index.smd index 66bfdd0..5962d74 100644 --- a/content/index.smd +++ b/content/index.smd @@ -41,6 +41,11 @@ Install latest nightly build and specify the install prefix: ``` curl -fsSL https://flow-control.dev/install | sh -s -- --nightly --prefix ~/.local/bin ``` +Install latest nightly build and verify against gpg signature: + +``` curl -fsSL https://flow-control.dev/install | sh -s -- --nightly --verify ``` + + ### Prebuilt Binaries - Stable: [Releases](https://github.com/neurocyte/flow/releases) - Nightly: [Nightly Builds](https://github.com/neurocyte/flow-nightly/releases) diff --git a/install b/install index e3803a4..a680b1b 100644 --- a/install +++ b/install @@ -4,6 +4,8 @@ set -e install_dir="/usr/local/bin" add_alias=0 nightly=0 +verify=0 +local=0 while true; do case "${1}" in @@ -19,6 +21,14 @@ while true; do install_dir=/$2 shift 2 ;; + -V | --verify) + verify=1 + shift 1 + ;; + -l | --local) + local=1 + shift 1 + ;; --) shift 1 break @@ -87,6 +97,27 @@ if [ "$filesize" -lt 100 ]; then exit 1 fi +if [ "$verify" -eq 0 ] && [ -t 0 ]; then + printf "do you want to download and verify the gpg signature? [y/N]: " + read -r answer_verify + if [ "$answer_verify" = "y" ] || [ "$answer_verify" = "Y" ]; then + verify=1 + fi +fi + +if [ "$verify" -eq 1 ]; then + curl -fL "$url.sig" -o "/tmp/$filename.$ext.sig" + curl -fL 'https://flow-control.dev/public.gpg' -o /tmp/flow-control-public.gpg + gpg --no-default-keyring --keyring /tmp/flow-control-public.gpg --verify "/tmp/$filename.$ext.sig" "/tmp/$filename.$ext" + + if [ "$local" -eq 1 ]; then + gpg --verify "/tmp/$filename.$ext.sig" "/tmp/$filename.$ext" + fi + + rm /tmp/flow-control-public.gpg + rm "/tmp/$filename.$ext.sig" +fi + echo "installing $([ "$nightly" -eq 1 ] && echo 'NIGHTLY build' || echo 'flow')..." if [ "$ext" = "tar.gz" ]; then tar -xzf "/tmp/$filename.$ext" -C "$install_dir" diff --git a/public.gpg b/public.gpg new file mode 100644 index 0000000..f199e02 Binary files /dev/null and b/public.gpg differ