download, check & signify (automatic)
2021-12-23 · 286 words · 2 min
TagsĀ :  OpenBSD Setup

Just a snippet (highly extensible) for the download of .img/.iso files with automatic verification via. sha256 & signify. Currently prepared for OpenBSD 7.0 & Alpine-virt-3.14.3.

~$: cat ~/etc/scripts/download.sh
#!/usr/bin/env sh
# maybe with NoNo's (?) but working... 

print         "***************************************************************"
print         "*      write 'yes' to load a OpenBSD image, 'no' for exit     *"
print         "*           (change url & version inside the script)          *"
print         "***************************************************************"
read answer
case "$answer" in
    yes ) print "\033[1;31mdownload initialized\033[m";;
    * ) exit;;
esac
#curl -LOv https://cdn.openbsd.org/pub/OpenBSD/7.0/amd64/install70.iso
curl -LOv https://cdn.openbsd.org/pub/OpenBSD/7.0/amd64/install70.img
#curl -LOv https://dl-cdn.alpinelinux.org/alpine/v3.14/releases/x86_64/alpine-virt-3.14.3-x86_64.iso
print " "
print "\033[1;32mdownload complete\033[m"
print " "
print          "***************************************************************"
print          "* write 'yes' to load SHA256 & SHA256.sig files 'no' for exit *"
print          "***************************************************************"
read answer
case "$answer" in
    yes ) print "\033[1;31mdownload initialized\033[m";;
    * ) exit;;
esac
print " "
curl -LO https://cdn.openbsd.org/pub/OpenBSD/7.0/amd64/SHA256
#curl -LO https://dl-cdn.alpinelinux.org/alpine/v3.14/releases/x86_64/alpine-virt-3.14.3-x86_64.iso.sha256
print " " 
curl -LO https://cdn.openbsd.org/pub/OpenBSD/7.0/amd64/SHA256.sig
print " "
print "\033[1;32mdownload complete\033[m"
print " "
print          "***************************************************************"
print          "*   write 'yes' to check & verify the image, 'no' for exit    *"
print          "***************************************************************"
read answer
case "$answer" in
    yes ) print " ";;
    * ) exit;;
esac
print "check file integrity (SHA256), this will take a second"
# check mangled transit of image / accidental corruption
sha256 -C SHA256 install70.img
#sha256 -C alpine-virt-3.14.3-x86_64.iso.sha256 alpine-virt-3.14.3-x86_64.iso
print " "
print "verify cryptographically (SHA256.sig), please be patient"
# cryptographically verify the image
#  -C verify -p pubkey | location pubkey |   -x sigfile  | target file 
signify -Cp /etc/signify/openbsd-70-base.pub -x SHA256.sig install70.img
print " "

tech · about · visual · contact · home