diff options
| author | Craig Jennings <c@cjennings.net> | 2025-08-22 15:36:43 -0500 |
|---|---|---|
| committer | Craig Jennings <c@cjennings.net> | 2025-08-22 15:36:43 -0500 |
| commit | 4ceb2957d953b76ddff8a48f4806558cdf37ebc0 (patch) | |
| tree | bf26e2b15ce4c55e5965b8b286e72b7e9265157b /dotfiles/system/.local/bin/get-arch-iso.sh | |
| parent | 0679223b8337962e0a1444352d84abfcab9f0076 (diff) | |
adding script that fetches the latest arch iso
Diffstat (limited to 'dotfiles/system/.local/bin/get-arch-iso.sh')
| -rwxr-xr-x | dotfiles/system/.local/bin/get-arch-iso.sh | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/dotfiles/system/.local/bin/get-arch-iso.sh b/dotfiles/system/.local/bin/get-arch-iso.sh new file mode 100755 index 0000000..635034a --- /dev/null +++ b/dotfiles/system/.local/bin/get-arch-iso.sh @@ -0,0 +1,78 @@ +#!/usr/bin/env bash +# fetch-arch-iso.sh +# Downloads the latest Arch ISO + signature, checks GPG key, verifies the download. + +set -u +set -o pipefail + +# CONFIGURATION +BASE_DIR="${HOME}/downloads/isos" +ISO_NAME="archlinux-x86_64.iso" +SIG_NAME="${ISO_NAME}.sig" +ISO_URL="https://geo.mirror.pkgbuild.com/iso/latest/${ISO_NAME}" +SIG_URL="https://geo.mirror.pkgbuild.com/iso/latest/${SIG_NAME}" +# The “Arch Linux Master Key” is what signs the ISO. We look for its name in your keyring. +ARCH_KEY_SEARCH="Arch Linux Master Key" + +# 1) Build target directory, e.g. ~/downloads/isos/archlinux.2025.08.22 +today=$(date +%Y.%m.%d) +TARGET_DIR="${BASE_DIR}/archlinux.${today}" + +mkdir -p "${TARGET_DIR}" || { + echo "Error: could not create ${TARGET_DIR}" >&2 + exit 1 +} + +# 2) A small helper to download with one retry +download_with_retry() { + local url=$1 out=$2 + echo " -> Downloading ${url} to ${out}" + if ! wget -q --show-progress -O "${out}" "${url}"; then + echo " First attempt failed; retrying once..." + if ! wget -q --show-progress -O "${out}" "${url}"; then + echo "Error: failed to download ${url} after 2 tries." + echo " Please check your network connectivity." + exit 1 + fi + fi +} + +# 3) Make sure GPG is installed (we assume gpg binary exists) +if ! command -v gpg >/dev/null; then + echo "Error: gpg is not installed. Please install it and re-run." + exit 1 +fi + +# 4) Check for the Arch Linux signing key +if ! gpg --list-keys "${ARCH_KEY_SEARCH}" >/dev/null 2>&1; then + echo "Warning: Arch Linux signing key not found in your keyring." + read -p "Install archlinux-keyring package now? [y/N] " ans + ans=${ans,,} # tolower + if [[ "${ans}" == "y" || "${ans}" == "yes" ]]; then + sudo pacman -Sy --needed archlinux-keyring || { + echo "Error: could not install archlinux-keyring." >&2 + exit 1 + } + else + echo "Cannot verify ISO without the Arch key. Aborting." + exit 1 + fi +fi + +# 5) Download the ISO and its .sig +download_with_retry "${ISO_URL}" "${TARGET_DIR}/${ISO_NAME}" +download_with_retry "${SIG_URL}" "${TARGET_DIR}/${SIG_NAME}" + +# 6) Verify the ISO against the signature +echo " -> Verifying the ISO with GPG..." +if gpg --verify "${TARGET_DIR}/${SIG_NAME}" "${TARGET_DIR}/${ISO_NAME}"; then + echo + echo "SUCCESS: The ISO signature is valid." + echo "You can now burn or mount ${TARGET_DIR}/${ISO_NAME} with confidence." + exit 0 +else + echo + echo "ERROR: GPG signature verification failed!" + echo " The downloaded ISO may be corrupted or tampered with." + exit 1 +fi |