github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/go/run/scripts/get_coreos_stable.sh

github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/go/run/scripts/get_coreos_stable.sh (about)

     1  #!/bin/bash
     2  
     3  set -o errexit
     4  set -o nounset
     5  
     6  # Download the latest stable version of the CoreOS image and script to the
     7  # current directory.
     8  curl -G http://stable.release.core-os.net/amd64-usr/current/coreos_production_qemu_image.img.bz2 > coreos_production_qemu_image.img.bz2
     9  curl -G http://stable.release.core-os.net/amd64-usr/current/coreos_production_qemu_image.img.bz2.sig > coreos_production_qemu_image.img.bz2.sig
    10  
    11  SCRIPT_PATH="$(readlink -e "$(dirname "$0")")"
    12  TEMP_FILE=$(mktemp -d /tmp/gnupg.XXXXXX)
    13  chmod 700 "${TEMP_FILE}"
    14  
    15  echo "Verifying the image signature."
    16  gpg --homedir "${TEMP_FILE}" --batch --import "${SCRIPT_PATH}"/coreos.pk 
    17  if ! gpg --homedir "${TEMP_FILE}" --trust-model always \
    18  	--verify coreos_production_qemu_image.img.bz2.sig \
    19  	coreos_production_qemu_image.img.bz2; then
    20  	echo "ERROR: the CoreOS image fails signature verification! "
    21  	echo "Do not use this image!"
    22  	exit 1
    23  fi
    24  
    25  echo "Unzipping the image."
    26  bunzip2 coreos_production_qemu_image.img.bz2
    27  
    28  echo "Now make sure the domain template points to this image."
    29  echo "Also make sure you have an authorized keys file with a key you control, "
    30  echo "and set up ssh-agent with this key."