From 4ceb2957d953b76ddff8a48f4806558cdf37ebc0 Mon Sep 17 00:00:00 2001
From: Craig Jennings <c@cjennings.net>
Date: Fri, 22 Aug 2025 15:36:43 -0500
Subject: adding script that fetches the latest arch iso

---
 dotfiles/system/.local/bin/get-arch-iso.sh | 78 ++++++++++++++++++++++++++++++
 1 file changed, 78 insertions(+)
 create mode 100755 dotfiles/system/.local/bin/get-arch-iso.sh

diff --git a/dotfiles/system/.local/bin/get-arch-iso.sh b/dotfiles/system/.local/bin/get-arch-iso.sh
new file mode 100755
index 0000000..635034a
--- /dev/null
+++ b/dotfiles/system/.local/bin/get-arch-iso.sh
@@ -0,0 +1,78 @@
+#!/usr/bin/env bash
+# fetch-arch-iso.sh
+# Downloads the latest Arch ISO + signature, checks GPG key, verifies the download.
+
+set -u
+set -o pipefail
+
+# CONFIGURATION
+BASE_DIR="${HOME}/downloads/isos"
+ISO_NAME="archlinux-x86_64.iso"
+SIG_NAME="${ISO_NAME}.sig"
+ISO_URL="https://geo.mirror.pkgbuild.com/iso/latest/${ISO_NAME}"
+SIG_URL="https://geo.mirror.pkgbuild.com/iso/latest/${SIG_NAME}"
+# The “Arch Linux Master Key” is what signs the ISO. We look for its name in your keyring.
+ARCH_KEY_SEARCH="Arch Linux Master Key"
+
+# 1) Build target directory, e.g. ~/downloads/isos/archlinux.2025.08.22
+today=$(date +%Y.%m.%d)
+TARGET_DIR="${BASE_DIR}/archlinux.${today}"
+
+mkdir -p "${TARGET_DIR}" || {
+  echo "Error: could not create ${TARGET_DIR}" >&2
+  exit 1
+}
+
+# 2) A small helper to download with one retry
+download_with_retry() {
+  local url=$1 out=$2
+  echo " -> Downloading ${url} to ${out}"
+  if ! wget -q --show-progress -O "${out}" "${url}"; then
+    echo "   First attempt failed; retrying once..."
+    if ! wget -q --show-progress -O "${out}" "${url}"; then
+      echo "Error: failed to download ${url} after 2 tries."
+      echo "       Please check your network connectivity."
+      exit 1
+    fi
+  fi
+}
+
+# 3) Make sure GPG is installed (we assume gpg binary exists)
+if ! command -v gpg >/dev/null; then
+  echo "Error: gpg is not installed. Please install it and re-run."
+  exit 1
+fi
+
+# 4) Check for the Arch Linux signing key
+if ! gpg --list-keys "${ARCH_KEY_SEARCH}" >/dev/null 2>&1; then
+  echo "Warning: Arch Linux signing key not found in your keyring."
+  read -p "Install archlinux-keyring package now? [y/N] " ans
+  ans=${ans,,}  # tolower
+  if [[ "${ans}" == "y" || "${ans}" == "yes" ]]; then
+    sudo pacman -Sy --needed archlinux-keyring || {
+      echo "Error: could not install archlinux-keyring." >&2
+      exit 1
+    }
+  else
+    echo "Cannot verify ISO without the Arch key. Aborting."
+    exit 1
+  fi
+fi
+
+# 5) Download the ISO and its .sig
+download_with_retry "${ISO_URL}" "${TARGET_DIR}/${ISO_NAME}"
+download_with_retry "${SIG_URL}" "${TARGET_DIR}/${SIG_NAME}"
+
+# 6) Verify the ISO against the signature
+echo " -> Verifying the ISO with GPG..."
+if gpg --verify "${TARGET_DIR}/${SIG_NAME}" "${TARGET_DIR}/${ISO_NAME}"; then
+  echo
+  echo "SUCCESS: The ISO signature is valid."
+  echo "You can now burn or mount ${TARGET_DIR}/${ISO_NAME} with confidence."
+  exit 0
+else
+  echo
+  echo "ERROR: GPG signature verification failed!"
+  echo "       The downloaded ISO may be corrupted or tampered with."
+  exit 1
+fi
-- 
cgit v1.2.3