add secure dl script

rotkonetworks · Apr 3, 2024 · 60d136d · 60d136d
1 parent acd362b
commit 60d136d
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 11 deletions.
diff --git a/README.md b/README.md
@@ -10,11 +10,10 @@ These instructions will help you get a copy of `genpeerid` up and
 running on your local machine for development and testing purposes.
 See deployment for notes on how to deploy the project on a live system.
 
-## Using gh workflow built binary
+## Installation with binary
+
 ```bash
-curl -sL $(curl -s https://api.github.com/repos/rotkonetworks/genpeerid/releases/latest | grep -oP '"browser_download_url": "\K(.*?)(?=")') -o genpeerid
-chmod +x genpeerid
-./genpeerid ../chains/$network/network/secret_ed25519
+curl -sL https://raw.githubusercontent.com/rotkonetworks/genpeerid/master/scripts/install.sh | bash
 ```
 
 ## Building from source
@@ -51,17 +50,11 @@ pip install -r requirements.txt
 To generate a PeerId, run:
 
 ```bash
-python src/generate_polka_peer_id.py <path_to_your_secret_key_file>
+python src/genpeerid.py <path_to_your_secret_key_file>
 ```
 
 The script will output a PeerId that can be used within the Polkadot network.
 
-## Building the Binary
-
-The GitHub Actions workflow automatically builds a binary for `genpeerid`.
-To download the latest binary, visit the "Actions" tab in the GitHub repository
-and select the latest successful build.
-
 ## License
 
 This project is licensed under the MIT License - see the [LICENSE.md](LICENSE.md) file for details
diff --git a/scripts/install.sh b/scripts/install.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+
+# URLs for the assets
+binary_url=$(curl -s https://api.github.com/repos/rotkonetworks/genpeerid/releases/latest | grep -oP '"browser_download_url": "\K(.*genpeerid)(?=")')
+hash_url=$(curl -s https://api.github.com/repos/rotkonetworks/genpeerid/releases/latest | grep -oP '"browser_download_url": "\K(.*genpeerid.sha512)(?=")')
+signature_url=$(curl -s https://api.github.com/repos/rotkonetworks/genpeerid/releases/latest | grep -oP '"browser_download_url": "\K(.*genpeerid.sha512.sig)(?=")')
+public_key_url="https://github.com/hitchhooker.gpg"
+
+# Download the binary, SHA512 hash, and the GPG signature of the hash
+curl -sL "${binary_url}" -o genpeerid
+curl -sL "${hash_url}" -o genpeerid.sha512
+curl -sL "${signature_url}" -o genpeerid.sha512.sig
+curl -sL "${public_key_url}" -o public_key.gpg
+
+# Import the public key
+gpg --import public_key.gpg
+
+# Verify the SHA512 hash against the downloaded binary
+echo "Verifying SHA512 hash..."
+sha512sum -c genpeerid.sha512
+
+if [ $? -ne 0 ]; then
+    echo "SHA512 verification failed!"
+    exit 1
+fi
+
+# Verify the GPG signature of the SHA512 hash
+echo "Verifying GPG signature..."
+gpg --verify genpeerid.sha512.sig genpeerid.sha512
+
+if [ $? -ne 0 ]; then
+    echo "GPG signature verification failed!"
+    exit 1
+fi
+
+# If all verifications passed, proceed to use the binary
+chmod +x genpeerid
+./genpeerid