Please update your scripts to use https://, such as https://ftp.mozilla.org/pub/firefox/releases/. Even with the GPG checking you seem to be doing, always better to download files over TLS to prevent MITM.
~reed On Tue, May 17, 2016 at 7:55 PM, Paul Kosinski <[email protected]> wrote: > Another handy script for updating Firefox, that goes with the download > script I just posted (1) does the GPG verification for the downloads, > and (2) computes and displays the SHA512 checksums for the downloaded > files right next to the checksums extracted from the SHA512SUMS file. > > Also shown is sample output, showing the "cleaned up" filenames. Note > that the checksum extracted from the SHA512SUMS file comes first, > followed by the locally computed checksum of the just-downloaded file. > > ----------------------------------------------------------------------- > > #!/bin/bash > > if [ "$1" == '' ] ; then > echo "Usage is: $0 ESR-version-number" > exit > fi > > VERSION="$1" > > cd /home/prk/Downloads/Mozilla-ESR/Firefox > > echo '' > /usr/bin/gpg --verify SHA512SUMS-FF-$VERSION-esr.txt.asc > > > # linux-i686/en-US/firefox-45.1.0esr.tar.bz2 > echo '' > /usr/bin/egrep ' linux-i686/en-US/firefox.*esr.tar.bz2$' > SHA512SUMS-FF-$VERSION-esr.txt > /usr/bin/sha512sum *$VERSION-esr-32.tar.bz2 > > > # linux-x86_64/en-US/firefox-45.1.0esr.tar.bz2 > echo '' > /usr/bin/egrep ' linux-x86_64/en-US/firefox.*esr.tar.bz2' > SHA512SUMS-FF-$VERSION-esr.txt > /usr/bin/sha512sum *$VERSION-esr-64.tar.bz2 > > > # win32/en-US/Firefox Setup 45.1.0esr.exe > echo '' > /usr/bin/egrep ' win32/en-US/Firefox Setup .*esr.exe$' > SHA512SUMS-FF-$VERSION-esr.txt > /usr/bin/sha512sum *$VERSION-esr-32.exe > > > # win64/en-US/Firefox Setup 45.1.0esr.exe > if [ "s$VERSION" \> 's45.0.0' ] ; then > echo '' > /usr/bin/egrep ' win64/en-US/Firefox Setup .*esr.exe$' > SHA512SUMS-FF-$VERSION-esr.txt > /usr/bin/sha512sum *$VERSION-esr-64.exe > fi > > echo '' > > > ----------------------------------------------------------------------- > > ~/ESR/esr-check-firefox 45.1.0 > > gpg: Signature made Thu 21 Apr 2016 02:46:57 AM EDT using RSA key ID > 5E9905DB > gpg: Good signature from "Mozilla Software Releases <[email protected]>" > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > Primary key fingerprint: 14F2 6682 D091 6CDD 81E3 7B6D 61B7 B526 D98F 0353 > Subkey fingerprint: F2EF 4E6E 6AE7 5B95 F11F 1EB5 1C69 C4E5 5E99 05DB > > f69f52450c606f05041364784eb2ad36e4d368a1583c017c0b672986ac620f17399ddee49d66e90fb992bdd6173340a01d48d7583b3792ab06413f9dc773915d > linux-i686/en-US/firefox-45.1.0esr.tar.bz2 > f69f52450c606f05041364784eb2ad36e4d368a1583c017c0b672986ac620f17399ddee49d66e90fb992bdd6173340a01d48d7583b3792ab06413f9dc773915d > firefox-45.1.0-esr-32.tar.bz2 > > e59058d89c4896ee44040f209cae07a7ad6c8119dfdc214091bb255f6ca717cb9eae903c01b6550f72f7438e19f1b9650a68141100f7d9cdd306ed40ddc3439d > linux-x86_64/en-US/firefox-45.1.0esr.tar.bz2 > e59058d89c4896ee44040f209cae07a7ad6c8119dfdc214091bb255f6ca717cb9eae903c01b6550f72f7438e19f1b9650a68141100f7d9cdd306ed40ddc3439d > firefox-45.1.0-esr-64.tar.bz2 > > 8c7c344d9e38f82cdee78b70cd8adb4878964b021f5cf2acb5cee2e11f80b1d8bdb890a37b65d07cdda0b28eecb1ec1271f2712ad38fc1dd519508f653b55316 > win32/en-US/Firefox Setup 45.1.0esr.exe > 8c7c344d9e38f82cdee78b70cd8adb4878964b021f5cf2acb5cee2e11f80b1d8bdb890a37b65d07cdda0b28eecb1ec1271f2712ad38fc1dd519508f653b55316 > Firefox-Setup-45.1.0-esr-32.exe > > fd509fdfc55d9649a38a0a046ea312dad0d3583d86426070661817388781bc57b68c772687957b57d0caa917b3ce38c9098155abc2edb8b926adcdebe319dcb0 > win64/en-US/Firefox Setup 45.1.0esr.exe > fd509fdfc55d9649a38a0a046ea312dad0d3583d86426070661817388781bc57b68c772687957b57d0caa917b3ce38c9098155abc2edb8b926adcdebe319dcb0 > Firefox-Setup-45.1.0-esr-64.exe > > > _______________________________________________ > Enterprise mailing list > [email protected] > https://mail.mozilla.org/listinfo/enterprise > > To unsubscribe from this list, please visit > https://mail.mozilla.org/listinfo/enterprise or send an email to > [email protected] with a subject of "unsubscribe" >
_______________________________________________ Enterprise mailing list [email protected] https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to [email protected] with a subject of "unsubscribe"
