diff options
Diffstat (limited to 'contrib/sig-canaries')
| -rwxr-xr-x | contrib/sig-canaries | 113 |
1 files changed, 113 insertions, 0 deletions
diff --git a/contrib/sig-canaries b/contrib/sig-canaries new file mode 100755 index 0000000..26d8e4d --- /dev/null +++ b/contrib/sig-canaries @@ -0,0 +1,113 @@ +#!/bin/zsh +set -e +confirm() { + while true; do + echo -n "$1 [y/N] " + read -k 1 -s yn + case $yn in + [Yy]* ) echo -e "$yn";break;; + [Nn\r\n]* ) echo -e "$yn\nAborted." 1>&2; exit 1;; + * ) echo -e "\nMust answer with y/n.";; + esac + done +} +sign() { + clear + cat "$1" + confirm "Do you wish to sign $1, as shown above?" + gpg --default-key "${SIGKEY:-'B546778F06BBCC8EC167DB3CD919706487B8B6DE'}" -o "${2:-"$1.sig"}" --clearsign "$1" + if [[ "$2" == "" ]] && (grep ".sig" <<< "$1"); then + mv "$1.sig" "$1" + fi; +} + +export DAY="$(date -u "+%Y-%m-%d")" +export TIME="$(date -u "+%H:%M:%S")" + +statustext() { + gt() { + echo " ┏━ Date & Time ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┅┅┅┅┅┅┅┄┄┄┄┄ + ┃ + ┃ Canary will target $DAY, at $TIME + ┃ " + if [[ "$MONERO_HASH" != "" ]]; then + echo " ┣━ Monero ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┅┅┅┅┅┅┅┄┄┄┄┄ + ┃ + ┃ Canary will target monero blockhash $MONERO_HASH + ┃ " + fi; + if [[ "$KERNEL_COMMIT" != "" ]]; then + echo " ┣━ Kernel ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┅┅┅┅┅┅┅┄┄┄┄┄ + ┃ + ┃ Canary will target kernel commit $KERNEL_COMMIT + ┃ " + fi + echo " ┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┅┅┅┅┅┅┅┄┄┄┄┄" + } + clear 1>&2; + echo "$(gt)$(seq $(wc -l <<< "$(gt)") 15 | sed -E 's/[0-9]+/ /g')" 1>&2 +} +statustext +confirm "Do you wish to prepare canaries targetting $DAY at $TIME?" + +localmonero_blockhash_api() { + statustext + echo 'Fetching Monero Blockheight & Blockhash' 1>&2; + curl -fsSL "https://localmonero.co/blocks/api/get_block_data/$(curl -fsSL https://localmonero.co/blocks/api/get_stats | jq .height)" | jq '.block_data.result.block_header.hash' +} +manual_monero_hash_entry() { + statustext + echo -n "Please enter the current monero block hash: " + read MONERO_HASH + if [[ "$(wc -m <<< "$MONERO_HASH")" != "65" ]]; then + confirm "This is the incorrect length for a monero block hash. Are you sure?" || get_monero + fi + export MONERO_HASH +} +get_monero() { + IS_MANUAL=false; + export MONERO_HASH="$(localmonero_blockhash_api || (IS_MANUAL=true; manual_monero_hash_entry))" + statustext + echo -e 'Validation Sources:' + if [[ "$IS_MANUAL" == "true" ]]; then + echo -e '- https://localmonero.co/blocks (use if height was manually entered only)' + fi + echo -e '- https://moneroexplorer.org - click latest height' + echo -e '- https://xmrscan.org/blocks' + echo -e '- a local monerod' + confirm "Please validate that $MONERO_HASH is the latest monero hash - is it correct?" +} +get_kernel_commit() { + statustext + rm -rf /tmp/kernel + echo "Fetching kernel commit..." + git clone --depth 1 --bare --branch master https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git /tmp/kernel + export KERNEL_COMMIT="\"$(git --git-dir=/tmp/kernel rev-parse HEAD)\"" + rm -rf /tmp/kernel + statustext + confirm "Please validate that $KERNEL_COMMIT is the current latest commit hash of the linux kernel, as per https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/" +} +export KERNEL_COMMIT="" +export MONERO_HASH="" +get_monero +get_kernel_commit + +process_canary() { + FILE="$1" + replace_template() { + sed -i "s/\\[$1\\]/$2/g" "$FILE" + } + replace_template 'PRESENT_DAY' "$DAY" + replace_template 'PRESENT_TIME' "$TIME" + replace_template 'MONERO_HASH' "$(jq -r <<< "$MONERO_HASH")" + replace_template 'LINUX_KERNEL_COMMIT' "$(jq -r <<< "$KERNEL_COMMIT")" + rm -f "$FILE.sig" + sign "$FILE" "$FILE.sig" + mv "$FILE.sig" "$FILE" +} + +mkdir -p static/canaries +cp -r canary-templates/* static/canaries/ +for f in static/canaries/*; do + process_canary "$f" +done; |