diff options
Diffstat (limited to 'maandree-dl')
| -rwxr-xr-x | maandree-dl | 187 |
1 files changed, 187 insertions, 0 deletions
diff --git a/maandree-dl b/maandree-dl new file mode 100755 index 0000000..029adde --- /dev/null +++ b/maandree-dl @@ -0,0 +1,187 @@ +#!/bin/sh +signature_key=3683C4B70CFA859F0173F2CCE0DD13EBFC7D5E3E + + +# Copyright © 2024, 2025 Mattias Andrée (m@maandree.se) +# +# Copying and distribution of this script, with or without modification, +# are permitted in any medium without royalty provided the copyright +# notice and this notice are preserved. This script is offered as-is, +# without any warranty. + + +set -e + +fetchinfo () { + printf '%s\n' "${relpage}" | \ + sed 's/<[^>]*>//g' | \ + sed 's/[[:space:]]\{1,\}/ /g' | \ + sed 's/^ //' | \ + sed 's/ $//' | \ + grep "^$1:" || : +} + +readinfo () { + _line="$(fetchinfo "$@" | cut -d : -f 2- | sed 's/^ //')" + test "$(printf '%s\n' "${_line}" | wc -l)" = 1 || return 1 + printf '%s\n' "${_line}" +} + +readmultiinfo () { + _line="$(fetchinfo "$@" | cut -d : -f 2- | sed 's/^ //')" + printf '%s\n' "${_line}" +} + +checkhash_ () { + _file="$1" + _use="$2" + _algorithm="$3" + _expect="$(readmultiinfo "${_algorithm} checksum")" + + test -n "${_expect}" && which "${_use}" >/dev/null || return 1 + + _actual="$("${_use}" -- "${_file}" | cut -d ' ' -f 1)" + test -n "${_actual}" || return 1 + for _known in ${_expect}; do + if test "${_actual}" = "${_known}"; then + echo ok + return 0 + fi + done + printf '%s checksum for %s was not recognised\n' "${_algorithm}" "${_file}" >&2 + echo bad +} + +checkhash () { + set +e + _file="$1" + printf '%s %s\n' \ + sha224sum SHA224 \ + sha256sum SHA256 \ + sha384sum SHA384 \ + sha512sum SHA512 \ + sha512-224sum SHA512/224 \ + sha512-256sum SHA512/256 \ + sha3-224sum SHA3-224 \ + sha3-256sum SHA3-256 \ + sha3-384sum SHA3-384 \ + sha3-512sum SHA3-512 \ + b2sum BLAKE2b \ + | ( + _checked=0 + _result=ok + while read tool name; do + _result="$(checkhash_ "${_file}" "${tool}" "${name}")" + if test "${_result}" = ok; then + _checked=1 + elif test "${_result}" = bad; then + _checked=1 + _result=bad + return 1 + else + : skipped + fi + done + if test "${_checked}" = 0; then + printf '%s\n' 'No supported checksum found' >&2 + return 1 + fi + echo "${_result}" + ) + ret=$? + set -e + return $ret +} + +signature_key="$(printf '%s\n' "${signature_key}" | tr -d ' ')" + +set -v + +package="$1" +version="$2" + +if test -z "$version"; then + version=latest +fi + +sigkey="$(curl -L -- "https://maandree.se/.signkey")" +if test ! "${sigkey}" = "${signature_key}"; then + printf '\n\033[1m%s\033[m,' 'Expected signature keyfile seems to be out of date' >&2 + printf ' %s' 'have a look at https://maandree.se/ to find the newest and verify that it' >&2 + printf ' %s' 'has been signed by the previous key, continue until you find and old key' >&2 + printf ' %s' 'in the signature chain that is signed by '"${signature_key}"' (or older' >&2 + printf ' %s' 'that you trust). Once verified, update `signature_key` at the top of' >&2 + printf ' %s' 'this file to be the newest key, which should be '"${sigkey}"', and' >&2 + printf ' %s' 'import it into your key collection of PGP keys.' >&2 + printf '\n' >&2 + exit 1 +fi + +relurl="https://maandree.se/rel/${package}/${version}.html" +relpage="$(curl -L -- "${relurl}")" +relpagesig="$(curl -L -- "${relurl}".sig)" + +sigtest="$(printf '%s\n' "${relpage}" | (printf '%s\n' "${relpagesig}" | gpg --status-fd=8 --verify - /dev/fd/9) 9<&0 8>&1 1>&2)" +if ! printf '%s\n' "${sigtest}" | grep -q '^\[GNUPG:\] VALIDSIG'" ${sigkey} "; then + printf '\n\033[1m%s\033[m\n' 'The release metadata page seems to be signed with an unexpected key.' >&2 + exit 1 +fi + +relversion="$(readinfo 'This version')" +test -n "${relversion}" +test "${version}" = latest || test "${relversion}" = "${version}" +version="${relversion}" + +tarurls="$(readmultiinfo 'Tarball')" +tarurls="$(echo "${tarurls}" | grep '\.tar\.gz$' || :)" +test -n "${tarurls}" +unpack='gzip -d | tar -x' +tarext='tar.gz' +tardir="${package}-${version}" +tarfile="${package}-${version}.${tarext}" + +if test -f "${tarfile}"; then + status="$(checkhash "${tarfile}")" + test -n "${status}" + test "${status}" = ok +else + downloaded=0 + for tarurl in ${tarurls}; do + if ! curl -L -- "${tarurl}" > "${tarfile}"; then + rm -f -- "${tarfile}" + continue + fi + downloaded=1 + status="$(checkhash "${tarfile}")" + test -n "${status}" + test "${status}" = ok + break + done + (( downloaded )) +fi + +(fetchinfo 'License' ; fetchinfo '.* dependencies' ; fetchinfo '.* instruction' ; fetchinfo 'News') > new-relmeta +if test -f relmeta; then + diff -u relmeta new-relmeta +fi +mv new-relmeta relmeta + +actualtardir="$(gzip -d < "${tarfile}" | tar -t | head -n 1 | cut -d / -f 1)" +quote () { + printf '%s\n' | sed "s/'/'"'\\'"''/g" | sed '1s/^/'\'/ | sed '$s/$/'\'/ +} +if test ! "${actualtardir}" = "${tardir}"; then + unpack="${unpack} && mv -- $(quote "${actualtardir}") $(quote "${tardir}")" +fi +unpack="(${unpack})" +reldata="$(printf '%s = %s\n' \ + VERSION "${version}" \ + DVERSION "$(printf '%s\n' "${version}" | tr - .)" \ + TARBALL "${tarfile}" \ + DIRECTORY "${tardir}" \ + UNPACK "${unpack}" \ + )" + +if (! test -f release-data.mk) || printf '%s\n' "${reldata}" || diff - release-data.mk >/dev/null; then + printf '%s\n' "${reldata}" > release-data.mk +fi |