From 7d0f17d60801dc580201ed705a433893e419104f Mon Sep 17 00:00:00 2001 From: CJ van den Berg Date: Tue, 11 Feb 2025 20:18:06 +0100 Subject: [PATCH] add gpg verification --- content/index.smd | 5 +++++ install | 31 +++++++++++++++++++++++++++++++ public.gpg | Bin 0 -> 1837 bytes 3 files changed, 36 insertions(+) create mode 100644 public.gpg diff --git a/content/index.smd b/content/index.smd index 66bfdd0..5962d74 100644 --- a/content/index.smd +++ b/content/index.smd @@ -41,6 +41,11 @@ Install latest nightly build and specify the install prefix: ``` curl -fsSL https://flow-control.dev/install | sh -s -- --nightly --prefix ~/.local/bin ``` +Install latest nightly build and verify against gpg signature: + +``` curl -fsSL https://flow-control.dev/install | sh -s -- --nightly --verify ``` + + ### Prebuilt Binaries - Stable: [Releases](https://github.com/neurocyte/flow/releases) - Nightly: [Nightly Builds](https://github.com/neurocyte/flow-nightly/releases) diff --git a/install b/install index e3803a4..a680b1b 100644 --- a/install +++ b/install @@ -4,6 +4,8 @@ set -e install_dir="/usr/local/bin" add_alias=0 nightly=0 +verify=0 +local=0 while true; do case "${1}" in @@ -19,6 +21,14 @@ while true; do install_dir=/$2 shift 2 ;; + -V | --verify) + verify=1 + shift 1 + ;; + -l | --local) + local=1 + shift 1 + ;; --) shift 1 break @@ -87,6 +97,27 @@ if [ "$filesize" -lt 100 ]; then exit 1 fi +if [ "$verify" -eq 0 ] && [ -t 0 ]; then + printf "do you want to download and verify the gpg signature? [y/N]: " + read -r answer_verify + if [ "$answer_verify" = "y" ] || [ "$answer_verify" = "Y" ]; then + verify=1 + fi +fi + +if [ "$verify" -eq 1 ]; then + curl -fL "$url.sig" -o "/tmp/$filename.$ext.sig" + curl -fL 'https://flow-control.dev/public.gpg' -o /tmp/flow-control-public.gpg + gpg --no-default-keyring --keyring /tmp/flow-control-public.gpg --verify "/tmp/$filename.$ext.sig" "/tmp/$filename.$ext" + + if [ "$local" -eq 1 ]; then + gpg --verify "/tmp/$filename.$ext.sig" "/tmp/$filename.$ext" + fi + + rm /tmp/flow-control-public.gpg + rm "/tmp/$filename.$ext.sig" +fi + echo "installing $([ "$nightly" -eq 1 ] && echo 'NIGHTLY build' || echo 'flow')..." if [ "$ext" = "tar.gz" ]; then tar -xzf "/tmp/$filename.$ext" -C "$install_dir" diff --git a/public.gpg b/public.gpg new file mode 100644 index 0000000000000000000000000000000000000000..f199e027ab8ad1f6ccb322d6ff40a64eae4ef786 GIT binary patch literal 1837 zcmajecQ_je1IO_sf(UKZ7JJlIqe2^7RP7Pf*k{B_2$c|mqV_qXWYY(k&DJ{OqOrHOcYUAdp7;Il{rC6${`)>33NQog$(=(3asV1Tg!A8GlMWV3ib{R! z1?nN>Ie7{gcJx||7gmDmwO=0gNKb`;+tv_R49TjfqNa2;gt=WeKo_mP;4V3ND1bcJ6uCEYOuE2KFB z+y^2ga-@gJx2M*`xG00ME1VIUQqaA*>?fNz+i&s_kyg;% z1h@(W09z!H=HlU=cyWvmUfjqh)K6T;8*31b@e0NV2H<_Jdj|*Ur2$94+&~E6CZ7b@ zI`CM^=E9oCo|AZ**|gNh4!-eM2&u;L~j0{xgcfs9%b$y){y#QIv{#!O7LPW)wL^ zEgW`l_nDEP!&p=BJIFv*iJ$2(9o4sN_Z?iakU~_Ba>3#&P28nR6Vu{4tEld zdUBBL-M=mb{B}%KCeXUKrpYz}Vc7|!l_;u3v~FKQmZ8o)>A&*pvABaq zl{Zdx@)Hm{h6LdyuNwphF&|1jl~H6OuH~1vNE*zXSL5@24;^Wx9;c=(OeW zwR>5nlId&YVwiZgCwxBlHPRm}ne(tMCe;nhc@+W>`KRa4Llf=C4D@rFds$E+*~#sM z2nqe(Ggs<+w11Zm!GQ817Rf^3ne>ACT^qko%RG%4w@Y#XWq#*IGg7=L=M0)ReQci8 zxX0NV)bU^Az1&lU>8&uhXBh0I#5p6%vStjdPjO0{d1PG74cHlz+!ErvMASo!`7E_WZY&|_ zDnT!+Yvt2RDU8w(A0xrH)F~3d#qH~nWUMmleyi3|8t|4;{p@eR(t3I#Kf`07hxc#uu`au$3 z&;U5A6;!`rbP&)Ox2fBq_j!Dskvb1G@u2ad=V09lZS{l#LJkwG$f;bt3mfa*OjEmYhuZjv+6c8=B zKcKmOcP%MJr(LLYF5Qdl`m*|A;8vPNd@(B46Zg=Qf>>tnhgBd~Iuuwz z3LL>Hr~`+nKPp4Dc@fB^j^)SiQ`M4LwI5MCm%68$YwUyuXZuX~1}I5co{yf*7VSb0 z>1I$txrJS&Yii6K+~*|)CUQez@PK%?HekPLkhwjV5?Trk7~EprYA|TkJF{$C@z~z) z`)mFzwy*rxyq_%Qzana`Ya6@Wo5wp4TiM9Gu9bQ1wf8X?gZqZ-)NabR??R3g6Qi?>)lL3E}o5eRDX>7omHs4p(wRAZ0ewCsChPSO+8xI6t+=X zkZN;D*}$Z`7s@_uzKS2UGxw%}0x7386iQIcgSx-wv-5f1ti-?iw)cLfiA!^Qgs~uP SEQ@xDjI&iPE!5|FD)=|z3rgYu literal 0 HcmV?d00001