1+ #! /bin/bash
2+
3+ set -xeuo pipefail
4+
5+ # This script downloads the Linux kernel source code and verifies it using GPG.
6+
7+ function verify() {
8+ local kernel_sha256_sums=" $1 "
9+ local kernel_version=" $2 "
10+ local kernel_source=" $3 "
11+ local kernel_pgp2_sign=" $4 "
12+
13+ curl -fsSL ${kernel_sha256_sums} -o sha256sums.asc
14+ [ -f linux-${kernel_version} .tar.xz ] || curl -fsSLO ${kernel_source}
15+ gpg2 -q --import keys.asc
16+ gpg2 --verify sha256sums.asc
17+ KERNEL_SHA256=$( grep linux-${kernel_version} .tar.xz sha256sums.asc | cut -d ' ' )
18+ echo " ${KERNEL_SHA256} linux-${kernel_version} .tar.xz" | sha256sum -c -
19+ if [ $? -ne 0 ]; then
20+ return 1
21+ fi
22+ # Verify the signature of the kernel source
23+ [ -f linux-${kernel_version} .tar ] || xz -T 0 -d linux-${kernel_version} .tar.xz
24+ curl -fsSLO ${kernel_pgp2_sign}
25+ gpg2 --verify linux-${kernel_version} .tar.sign linux-${kernel_version} .tar
26+ if [ $? -ne 0 ]; then
27+ return 1
28+ fi
29+ }
30+
31+ function extract() {
32+ local kernel_version=" $1 "
33+
34+ if [ -d linux-${kernel_version} ]; then
35+ echo " Directory linux-${kernel_version} already exists, skipping extraction."
36+ else
37+ tar --absolute-names -xf linux-${kernel_version} .tar
38+ rm -rf ./linux
39+ mv ./linux-${kernel_version} ./linux
40+ fi
41+ }
42+
43+ # Main script execution
44+ function main() {
45+ local kernel_version=" $1 "
46+ local kernel_source=" $2 "
47+ local kernel_sha256_sums=" $3 "
48+ local kernel_pgp2_sign=" $4 "
49+ local kernel_source_backup=" $5 "
50+ local kernel_sha256_sums_backup=" $6 "
51+ local kernel_pgp2_sign_backup=" $7 "
52+
53+ verify " ${kernel_sha256_sums} " " ${kernel_version} " " ${kernel_source} " " ${kernel_pgp2_sign} " || \
54+ verify " ${kernel_sha256_sums_backup} " " ${kernel_version} " " ${kernel_source_backup} " " ${kernel_pgp2_sign_backup} "
55+
56+ extract " ${kernel_version} "
57+ }
58+
59+ main " $@ "
0 commit comments