aboutsummaryrefslogtreecommitdiffstats
path: root/download-iso
blob: e22b42e69282baf0d0aadc7bd8651fde8e7b46c9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
#!/bin/sh

set -ue

ARCH=$(dpkg-architecture -qDEB_TARGET_ARCH)
DIST="./dist"
RSYNC_HOST="ftp.de.debian.org"
unset DEBIAN_VERSION

HELP_MESSAGE="$(cat <<-EOF
	Download Debian stable's netinst ISO image and verify its integrity
	Usage $0 [OPTIONS]
	    --arch=ARCH                 target architecture (default: "$ARCH")
	    --dist-dir=DIR              build directory (default: "$DIST")
	    --rsync-host=HOSTNAME       remote rsync(1) hostname (default: "$RSYNC_HOST")
	    --debian-version=VERSION    Debian version to install (default: current stable)
	    --help, -?                  this help
EOF
)"

[ $(id -u) -ne 0 ] || echo "WARN: unecessary privileged network access" >&2

usage() {
    [ ${1+x} ] && echo "Unknown option '$1'" >&2
    echo "Usage: $0 [OPTIONS] OUTPUT" >&2
    echo "       $0 --help" >&2
    exit 1
}

while [ $# -gt 0 ]; do
    case "$1" in
        --arch)   ARCH="$2"; shift;;
        --arch=*) ARCH="${1#--arch=}";;
        --dist-dir)   DIST="$2"; shift;;
        --dist-dir=*) DIST="${1#--dist-dir=}";;
        --rsync-host)   RSYNC_HOST="$2"; shift;;
        --rsync-host=*) RSYNC_HOST="${1#--rsync-host=}";;
        --debian-version)   DEBIAN_VERSION="$2"; shift;;
        --debian-version=*) DEBIAN_VERSION="${1#--debian-version=}";;
        --help|-\?) printf '%s\n' "$HELP_MESSAGE"; exit;;
        -*) usage "$1";;
        *) break;;
    esac
    shift
done
[ $# -eq 0 ] || usage

# Get current Debian stable version (incl. point release)
RSYNC="rsync --no-motd --info=NAME --inplace"
[ ${DEBIAN_VERSION+x} ] || DEBIAN_VERSION="$(
    dir="$(mktemp --tmpdir --directory)"
    rsync -lq "$RSYNC_HOST::debian-cd/current" "$dir"
    readlink "$dir/current"
    rm -f "$dir/current"
    rmdir "$dir"
)"
ISO_FILENAME="debian-$DEBIAN_VERSION-$ARCH-netinst.iso"


#######################################################################
# Download netinst ISO image and verify its integrity
#
mkdir -pv "$DIST"
$RSYNC -t --files-from=- "$RSYNC_HOST::debian-cd/$DEBIAN_VERSION/$ARCH/iso-cd/" "$DIST" <<-EOF
	/$ISO_FILENAME
	/SHA512SUMS
	/SHA512SUMS.sign
EOF

echo "Verifying integrity (OpenPGP signature on SHA-512 manifest)..." >&2
gpgv --keyring './signing-key.gpg' "$DIST/SHA512SUMS.sign" "$DIST/SHA512SUMS"

echo -n "Verifying integrity (SHA-512 checksum)... " >&2
if ( cd "$DIST" && sha512sum -c SHA512SUMS 2>/dev/null ) | grep -Fxq "$ISO_FILENAME: OK" ; then
    echo OK >&2
else
    echo 'Failed!' >&2
    exit 1
fi

echo "$DIST/$ISO_FILENAME"