#!/bin/sh
# Script to validate Scripts package after the incompatible signature
# format change. Contains verification code and checksums signed with
# a key from the standard keyring in 014.01, which will be extracted and
# executed automatically iff it validates using the command below.
# The unsigned portion of this script is intentionally simple so it can
# be verified by inspection.

scriptsDir="$(dirname $(which SymlinkProgram))/.."

gpg --decrypt --no-default-keyring \
 --keyring="$scriptsDir"/Data/gpg/goboring.gpg \
 "$0" | sh

# Signed data follows, stop here so we don't try to execute it.
exit 0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

#!/bin/sh
# HopValidate script
# Validate the GoboLinux Scripts package after an incompatible signature
# format change, using only trusted signatures from the 014.01 CD release.
# This script may either be used standalone and verified using a detached
# GPG signature, or be embedded in another script that performs verification
# automatically using the GoboLinux keyring.
# This currently works for Scripts 2.9.10, the latest release at the time of
# writing.

. GoboPath

version="2.10.1"
expected="c700b2382454211a1b66601fcfef6275"

cd $goboPrograms/Scripts/$version

checksum=$(find -type f|sort | xargs md5sum | md5sum | awk '{print $1}')

if [ "$checksum" = "$expected" ]
then
   echo "Checksum valid. Will symlink..."
   SymlinkProgram -f Scripts $version
   echo "Done. Scripts $version verified and enabled."
else
   echo "Package NOT VALID. Got checksum $checksum, expected $expected."
fi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAktkrjAACgkQtjw6l4s6SlufLwCghNT/+4B0dVJVv1IrtL+hZIi2
kccAoI5gtcX99GGA1HNQlt8Qdt8Cg/rC
=cjO0
-----END PGP SIGNATURE-----