add gpg verify with automatic import pub key

shasumscript

@@ -13,7 +13,7 @@ err() { error "$*"; exit 1; }
 usage() { echo "Usage: $(basename "$0") [-V | -h] <file>";echo "  -V: Show version"; echo "  -h: Show this help"; }
 err_usage() { error "$*"; usage; exit 1; }
 step () { err="$?"; c=32; t=OK; test "$err" = 0 || { c=31; t=FAILED; }; printf "* %s \e[%dm%s\e[0m\n" "$*" "$c" "$t"; }
-compress() { cat | gzip -9 | base64; }
+compress() { cat | gzip -9 | base64 -w0; }
 	
 
 VERSION="0.0.1"
@@ -27,9 +27,19 @@ test -e "$file" || err "File not found: $file"
 sha="$(shasum -a 256 "$file" | cut -d' ' -f1)" || err "Failed to calculate SHA256 checksum"
 step "Checksum"
 
-bin=$(cat "$file" | compress)
+bin=$(compress < "$file")
 step "Compress"
 
+defkey=$(gpgconf --list-options gpg | awk -F: '$1 == "default-key" {print $10}' | tr -dc 'A-Z0-9')
+step "GPG default key" 
+if test -n "$defkey" 
+then 
+	pub=$(gpg --export --output - "$defkey" | compress)
+	step "Public key"
+	sig=$(gpg --detach-sig --output - "$file" | compress)
+	step "Signature"
+fi
+
 newfile="${file}_sha256"
 
 cat <<EOT > "$newfile"
@@ -37,28 +47,62 @@ cat <<EOT > "$newfile"
 # script generated by shasumscript at $(date)
 #
 # This script self-checkssum it's content and exit on error
-# The real script can be found after line 22.
+# The real script can be found after line 37.
 #
 # License: GNU GPL3
 # Author: Patrick Cao Huu Thien
 
-tmpexe="\$(mktemp)"
-trap 'rm -f "\$tmpexe"' EXIT
+set -e
 
-cat "\$0" | sed '1,21d' | base64 -d 2>/dev/null| gunzip 2>/dev/null > "\$tmpexe"
-test "\$(shasum -a 256 "\$tmpexe" | cut -d' ' -f1)" = "$sha" || {
+sig="$sig"
+pub="$pub"
+tmpexe="\$(mktemp)"
+tmpsig="\$(mktemp)"
+tmppub="\$(mktemp)"
+trap 'rm -f "\$tmpexe" "\$tmpsig" "\$tmppub"' EXIT
+
+cat "\$0" | sed '1,36d' | base64 -d 2>/dev/null| gunzip 2>/dev/null > "\$tmpexe"
+test "\$(sha256sum "\$tmpexe" | cut -d' ' -f1)" = "$sha" || {
 	echo "Checksum mismatch!" >&2
 	exit 1
 }
+txt='Checksum';printf -- "\r- \$txt";sleep 0.1;printf -- "\r/";sleep 0.1;printf -- "\r|";sleep 0.1;printf -- "\r\\\\";sleep 0.1;printf -- "\r  \e[32m%s OK\e[0m" "\$txt";sleep 0.3
+EOT
+step "pre-script"
+if test -n "$defkey"
+then
+cat <<EOT >> "$newfile"
+echo "\$sig" | base64 -d 2>/dev/null | gunzip 2>/dev/null > "\$tmpsig"
+echo "\$pub" | base64 -d 2>/dev/null | gunzip 2>/dev/null > "\$tmppub"
+gpg --verify -q --keyring "\$tmppub" "\$tmpsig" "\$tmpexe" 2>&1 | grep -q 'Good signature' || {
+	echo "Signature mismatch!" >&2
+	exit 1
+}
+txt='Verification';printf -- "\r- \$txt";sleep 0.1;printf -- "\r/";sleep 0.1;printf -- "\r|";sleep 0.1;printf -- "\r\\\\";sleep 0.1;printf -- "\r  \e[32m%s OK\e[0m" "\$txt";sleep 0.3
+EOT
+step "verify-script"
+else
+cat <<EOT >> "$newfile"
+
+#
+# No public key available
+#
+# skip GPG verification
+#
+
+EOT
+step "no-verify-script"
+fi
+cat <<EOT >> "$newfile"
+printf "\r                        \r"
 
 sh "\$tmpexe" "\$@"
 
 exit
 EOT
-step "pre-script"
 
 echo "$bin" >> "$newfile"
-step "post-script"
+step "binary"
 
 chmod +x "$newfile"
 step "make it executable"