#!/bin/sh
# File integrity checker
# Mik Mifflin, mik42@adelphia.net

openssl="/usr/sbin/openssl"
sum="/bin/sha1"

sums="/var/integ/sums"
list="/var/integ/list"
pubkey="/var/integ/pubdsa.pem"
umask="077"

usage="Usage: $0 command [arguments]
	check - Verify and check sums
	update privkey - Verify list, recalculate all sums and sign sums
	sign file privkey- Sign file
	verify file - Verify file"

if [ "$1" == "" ]; then
	echo "$usage"
	exit 1
fi

command="$1"
shift
case "$command" in
	check)
		"$0" verify "$sums"
		if [ "$?" != "0" ]; then
			exit 1
		fi

		echo -n "Checking sums... "
		failed=`$sum -c "$sums" | grep 'FAILED$'`
		if [ "$failed" != "" ]; then
			echo "FAILED"
			echo "The following files were changed:"
			echo "$failed"
			exit 1
		else
			echo "OK"
			exit 0
		fi
		;;
	update)
		if [ "$1" == "" -o ! -f "$1" ]; then
			echo "$usage"
			exit 1
		fi
	
		"$0" verify "$list"
		if [ "$?" != "0" ]; then
			exit 1
		fi
	
		(	for f in `cat $list`; do
				"$sum" "$f"
			done
		) >"$sums"
		"$0" sign "$sums" "$1"
		;;
	sign)
		if [ "$#" -ne "2" -o ! -f "$1" -o ! -f "$2" ]; then
			echo "$usage"
			exit 1
		fi

		echo "Signing $1..."
		"$openssl" dgst -dss1 -out "${1}.sig" -sign "$2" "$1"
		;;
	verify)
		if [ "$1" == "" -o ! -f "$1" ]; then
			echo "$usage"
			exit 1
		fi

		echo -n "Verifying $1... "
		"$openssl" dgst -dss1 -verify "$pubkey" -signature "${1}.sig" "$1"
		;;
	*)
		echo "$usage"
		exit 1
		;;
esac