blob: e22b42e69282baf0d0aadc7bd8651fde8e7b46c9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
#!/bin/sh
set -ue
ARCH=$(dpkg-architecture -qDEB_TARGET_ARCH)
DIST="./dist"
RSYNC_HOST="ftp.de.debian.org"
unset DEBIAN_VERSION
HELP_MESSAGE="$(cat <<-EOF
Download Debian stable's netinst ISO image and verify its integrity
Usage $0 [OPTIONS]
--arch=ARCH target architecture (default: "$ARCH")
--dist-dir=DIR build directory (default: "$DIST")
--rsync-host=HOSTNAME remote rsync(1) hostname (default: "$RSYNC_HOST")
--debian-version=VERSION Debian version to install (default: current stable)
--help, -? this help
EOF
)"
[ $(id -u) -ne 0 ] || echo "WARN: unecessary privileged network access" >&2
usage() {
[ ${1+x} ] && echo "Unknown option '$1'" >&2
echo "Usage: $0 [OPTIONS] OUTPUT" >&2
echo " $0 --help" >&2
exit 1
}
while [ $# -gt 0 ]; do
case "$1" in
--arch) ARCH="$2"; shift;;
--arch=*) ARCH="${1#--arch=}";;
--dist-dir) DIST="$2"; shift;;
--dist-dir=*) DIST="${1#--dist-dir=}";;
--rsync-host) RSYNC_HOST="$2"; shift;;
--rsync-host=*) RSYNC_HOST="${1#--rsync-host=}";;
--debian-version) DEBIAN_VERSION="$2"; shift;;
--debian-version=*) DEBIAN_VERSION="${1#--debian-version=}";;
--help|-\?) printf '%s\n' "$HELP_MESSAGE"; exit;;
-*) usage "$1";;
*) break;;
esac
shift
done
[ $# -eq 0 ] || usage
# Get current Debian stable version (incl. point release)
RSYNC="rsync --no-motd --info=NAME --inplace"
[ ${DEBIAN_VERSION+x} ] || DEBIAN_VERSION="$(
dir="$(mktemp --tmpdir --directory)"
rsync -lq "$RSYNC_HOST::debian-cd/current" "$dir"
readlink "$dir/current"
rm -f "$dir/current"
rmdir "$dir"
)"
ISO_FILENAME="debian-$DEBIAN_VERSION-$ARCH-netinst.iso"
#######################################################################
# Download netinst ISO image and verify its integrity
#
mkdir -pv "$DIST"
$RSYNC -t --files-from=- "$RSYNC_HOST::debian-cd/$DEBIAN_VERSION/$ARCH/iso-cd/" "$DIST" <<-EOF
/$ISO_FILENAME
/SHA512SUMS
/SHA512SUMS.sign
EOF
echo "Verifying integrity (OpenPGP signature on SHA-512 manifest)..." >&2
gpgv --keyring './signing-key.gpg' "$DIST/SHA512SUMS.sign" "$DIST/SHA512SUMS"
echo -n "Verifying integrity (SHA-512 checksum)... " >&2
if ( cd "$DIST" && sha512sum -c SHA512SUMS 2>/dev/null ) | grep -Fxq "$ISO_FILENAME: OK" ; then
echo OK >&2
else
echo 'Failed!' >&2
exit 1
fi
echo "$DIST/$ISO_FILENAME"
|
