From 60d136d590b7f6ebb2c3969ee6045023114fa7b6 Mon Sep 17 00:00:00 2001 From: hitchhooker Date: Wed, 3 Apr 2024 16:00:08 +0700 Subject: [PATCH] add secure dl script --- README.md | 15 ++++----------- scripts/install.sh | 38 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+), 11 deletions(-) create mode 100755 scripts/install.sh diff --git a/README.md b/README.md index 85a3e6f..0a8b398 100644 --- a/README.md +++ b/README.md @@ -10,11 +10,10 @@ These instructions will help you get a copy of `genpeerid` up and running on your local machine for development and testing purposes. See deployment for notes on how to deploy the project on a live system. -## Using gh workflow built binary +## Installation with binary + ```bash -curl -sL $(curl -s https://api.github.com/repos/rotkonetworks/genpeerid/releases/latest | grep -oP '"browser_download_url": "\K(.*?)(?=")') -o genpeerid -chmod +x genpeerid -./genpeerid ../chains/$network/network/secret_ed25519 +curl -sL https://raw.githubusercontent.com/rotkonetworks/genpeerid/master/scripts/install.sh | bash ``` ## Building from source @@ -51,17 +50,11 @@ pip install -r requirements.txt To generate a PeerId, run: ```bash -python src/generate_polka_peer_id.py +python src/genpeerid.py ``` The script will output a PeerId that can be used within the Polkadot network. -## Building the Binary - -The GitHub Actions workflow automatically builds a binary for `genpeerid`. -To download the latest binary, visit the "Actions" tab in the GitHub repository -and select the latest successful build. - ## License This project is licensed under the MIT License - see the [LICENSE.md](LICENSE.md) file for details diff --git a/scripts/install.sh b/scripts/install.sh new file mode 100755 index 0000000..e03c8b3 --- /dev/null +++ b/scripts/install.sh @@ -0,0 +1,38 @@ +#!/bin/bash + +# URLs for the assets +binary_url=$(curl -s https://api.github.com/repos/rotkonetworks/genpeerid/releases/latest | grep -oP '"browser_download_url": "\K(.*genpeerid)(?=")') +hash_url=$(curl -s https://api.github.com/repos/rotkonetworks/genpeerid/releases/latest | grep -oP '"browser_download_url": "\K(.*genpeerid.sha512)(?=")') +signature_url=$(curl -s https://api.github.com/repos/rotkonetworks/genpeerid/releases/latest | grep -oP '"browser_download_url": "\K(.*genpeerid.sha512.sig)(?=")') +public_key_url="https://github.com/hitchhooker.gpg" + +# Download the binary, SHA512 hash, and the GPG signature of the hash +curl -sL "${binary_url}" -o genpeerid +curl -sL "${hash_url}" -o genpeerid.sha512 +curl -sL "${signature_url}" -o genpeerid.sha512.sig +curl -sL "${public_key_url}" -o public_key.gpg + +# Import the public key +gpg --import public_key.gpg + +# Verify the SHA512 hash against the downloaded binary +echo "Verifying SHA512 hash..." +sha512sum -c genpeerid.sha512 + +if [ $? -ne 0 ]; then + echo "SHA512 verification failed!" + exit 1 +fi + +# Verify the GPG signature of the SHA512 hash +echo "Verifying GPG signature..." +gpg --verify genpeerid.sha512.sig genpeerid.sha512 + +if [ $? -ne 0 ]; then + echo "GPG signature verification failed!" + exit 1 +fi + +# If all verifications passed, proceed to use the binary +chmod +x genpeerid +./genpeerid