diff options
Diffstat (limited to 'dotfiles/system/.local/bin/get-arch-iso.sh')
| -rwxr-xr-x | dotfiles/system/.local/bin/get-arch-iso.sh | 78 |
1 files changed, 0 insertions, 78 deletions
diff --git a/dotfiles/system/.local/bin/get-arch-iso.sh b/dotfiles/system/.local/bin/get-arch-iso.sh deleted file mode 100755 index 635034a..0000000 --- a/dotfiles/system/.local/bin/get-arch-iso.sh +++ /dev/null @@ -1,78 +0,0 @@ -#!/usr/bin/env bash -# fetch-arch-iso.sh -# Downloads the latest Arch ISO + signature, checks GPG key, verifies the download. - -set -u -set -o pipefail - -# CONFIGURATION -BASE_DIR="${HOME}/downloads/isos" -ISO_NAME="archlinux-x86_64.iso" -SIG_NAME="${ISO_NAME}.sig" -ISO_URL="https://geo.mirror.pkgbuild.com/iso/latest/${ISO_NAME}" -SIG_URL="https://geo.mirror.pkgbuild.com/iso/latest/${SIG_NAME}" -# The “Arch Linux Master Key” is what signs the ISO. We look for its name in your keyring. -ARCH_KEY_SEARCH="Arch Linux Master Key" - -# 1) Build target directory, e.g. ~/downloads/isos/archlinux.2025.08.22 -today=$(date +%Y.%m.%d) -TARGET_DIR="${BASE_DIR}/archlinux.${today}" - -mkdir -p "${TARGET_DIR}" || { - echo "Error: could not create ${TARGET_DIR}" >&2 - exit 1 -} - -# 2) A small helper to download with one retry -download_with_retry() { - local url=$1 out=$2 - echo " -> Downloading ${url} to ${out}" - if ! wget -q --show-progress -O "${out}" "${url}"; then - echo " First attempt failed; retrying once..." - if ! wget -q --show-progress -O "${out}" "${url}"; then - echo "Error: failed to download ${url} after 2 tries." - echo " Please check your network connectivity." - exit 1 - fi - fi -} - -# 3) Make sure GPG is installed (we assume gpg binary exists) -if ! command -v gpg >/dev/null; then - echo "Error: gpg is not installed. Please install it and re-run." - exit 1 -fi - -# 4) Check for the Arch Linux signing key -if ! gpg --list-keys "${ARCH_KEY_SEARCH}" >/dev/null 2>&1; then - echo "Warning: Arch Linux signing key not found in your keyring." - read -p "Install archlinux-keyring package now? [y/N] " ans - ans=${ans,,} # tolower - if [[ "${ans}" == "y" || "${ans}" == "yes" ]]; then - sudo pacman -Sy --needed archlinux-keyring || { - echo "Error: could not install archlinux-keyring." >&2 - exit 1 - } - else - echo "Cannot verify ISO without the Arch key. Aborting." - exit 1 - fi -fi - -# 5) Download the ISO and its .sig -download_with_retry "${ISO_URL}" "${TARGET_DIR}/${ISO_NAME}" -download_with_retry "${SIG_URL}" "${TARGET_DIR}/${SIG_NAME}" - -# 6) Verify the ISO against the signature -echo " -> Verifying the ISO with GPG..." -if gpg --verify "${TARGET_DIR}/${SIG_NAME}" "${TARGET_DIR}/${ISO_NAME}"; then - echo - echo "SUCCESS: The ISO signature is valid." - echo "You can now burn or mount ${TARGET_DIR}/${ISO_NAME} with confidence." - exit 0 -else - echo - echo "ERROR: GPG signature verification failed!" - echo " The downloaded ISO may be corrupted or tampered with." - exit 1 -fi |