[qmailtoaster-devel] Download script with SHA1 verification

Devel,

Attached is my first shot at a download script that:

(1) Makes 10 retry attempts on a file; in the long run probably 
overkill, but right now with some mirror issues, it should be enough 
attempts to resolve any problems.

(2) Verifies a download against an SHA1 checksum. A checksum fail is 
simply considered a download fail and the download will be reattempted 
up to the retry limit. (On a checksum fail, both the srpm and sha1 file 
are removed before the retry, under the premise that either one could 
have been corrupt on download.)

I tested this extensively on my own servers, but I obviously could not 
test against the live servers since there are no SHA1 checksum files on 
the live download mirrors at present. Well, not that I know of. ;)

The script assumes the standard convention of the SHA1 file being name 
file.ext.sha1 for a file named file.ext.

Cheers,

Ron

#!/bin/sh

# To sha1sum or not to sha1sum
if [ "$1" = "-nosha1" ]; then
	USESHA1=no
	echo "NOTE: Downloads will NOT be verified with sha1 checksums!"
	sleep 3
else
	USESHA1=yes
fi

# Verify that sha1sum is available
if [ "$USESHA1" = "yes" ] ; then
	which sha1sum >/dev/null 2>&1
	if [ $? -ne 0 ]; then
		echo "Cannot find sha1sum. Installing sha1sum is highly recommended,"
		echo "but you may run this script again with the -nosha1 option."
		exit 1
	fi
fi

# Got wget?
which wget >/dev/null 2>&1
if [ $? -ne 0 ]; then
	echo "Please install wget before proceeding."
	exit 1
fi

# Subroutine to download file and verify sha1 checksum
getfile() {

	# max retries; 10 seemed reasonable
	retries=10
	
	# success flag
	finished=no
	
	while [ "$finished" = "no" ]; do
	
		# bail if max retries reached
		if [ $retries -eq 0 ]; then
			echo "Failed downloading: http://$1/$2"
			echo "Please check your connection."
			exit 1
		else
			retries=`expr $retries - 1`
		fi
		
		# if we don't have the file already, wget it
		if [ ! -f $2 ]; then
			wget http://$1/$2
		fi
		
		# did we wget the file?
		if [ -f $2 ]; then
		
			# are we checking the sha1 sum?
			if [ "$USESHA1" = "yes" ]; then
			
				# if we don't have the sha1 checksum file, wget it
				if [ ! -f $2.sha1 ]; then
					wget http://$1/$2.sha1
				fi
				
				# if the sha1 file was retrieved, verify the checksum
				if [ -f $2.sha1 ]; then
					sha1sum -c $2.sha1
					if [ $? -eq 0 ]; then
						finished=yes
					fi
				fi
				
				# if we have both the srpm and sha1 files but the checksum failed,
				# then blow them both away for another attempt
				if [ -f $2.sha1 -a "$finished" = "no" ]; then
					rm -f $2 $2.sha1
				fi
				
			else
				finished=yes
			fi
		fi
	done
}

QT_RPMLIST="http://www.qmailtoaster.com/info/current.txt"
QT_MIRRORS="mirrors.qmailtoaster.com"
QT_RPMS=`wget -q -O - ${QT_RPMLIST}`

# Make sure we have the list
if [ -z "${QT_RPMS}" ] ; then
   echo "Qmail Toaster source RPM list could not be downloaded from"
   echo $QT_RPMLIST
   echo "Please check your connection and try again."
   exit 1
fi

# Download the packages
for SRPM in $QT_RPMS; do
	getfile $QT_MIRRORS $SRPM
done

---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-devel-unsubscribe <at> qmailtoaster.com
For additional commands, e-mail: qmailtoaster-devel-help <at> qmailtoaster.com