#!/usr/bin/env bash
# Desc: Create and sign a checksum
# Usage: bksum file.txt
# Input: stdin: file list (newline delimited)
# arg(s): file paths (IFS delimited)
# Output: file containing sha256 hashes and file paths
# Depends: bash v5.1.16, date (GNU Coreutils 8.32), gpg v2.2.27, ots v0.7.0
# Version: 0.1.1
declare -Ag appRollCall # Associative array for storing app status
declare -Ag fileRollCall # Associative array for storing file status
declare -Ag dirRollCall # Associative array for storing dir status
declare -ag arrPosArgs; # positional arguments
declare -ag arrStdin; # standard input lines
declare -ag arrInFiles; # input files
yell() { echo "$0: $*" >&2; } # print script path and all args to stderr
die() { yell "$*"; exit 111; } # same as yell() but non-zero exit status
try() { "$@" || die "cannot $*"; } # runs args as command, reports args if command fails
vbm() {
# Description: Prints verbose message ("vbm") to stderr if opVerbose is set to "true".
# Usage: vbm "DEBUG :verbose message here"
# Version 0.2.0
# Input: arg1: string
# vars: opVerbose
# Output: stderr
# Depends: bash 5.1.16, GNU-coreutils 8.30 (echo, date)
if [ "$opVerbose" = "true" ]; then
functionTime="$(date --iso-8601=ns)"; # Save current time in nano seconds.
echo "[$functionTime]:$0:""$*" 1>&2; # Display argument text.
fi
# End function
return 0; # Function finished.
} # Displays message if opVerbose true
showUsage() {
# Desc: Display script usage information
# Usage: showUsage
# Version 0.0.2
# Input: none
# Output: stdout
# Depends: GNU-coreutils 8.30 (cat)
cat <<'EOF'
USAGE:
bksum [ options ] [FILE...]
DESCRIPTION:
Creates sha256 checksum of files.
OPTIONS:
-h, --help
Display help information.
--version
Display script version.
-v, --verbose
Display debugging info.
-o, --output-file
Define output file path. By default, the file
name includes the full ISO-8601 timestamp
without separators, e.g.:
20220920T2117+0000..SHA256SUM
-s, --sign
Sign with GnuPG the checksum file.
-t, --timestamp
Timestamp with OpenTimestamps the checksum file
(and GnuPG signature if -s/--sign specified).
-T, --timestamp-wait
Same as '-t/--timestamp' except that
OpenTimestamps will run as a background process
until a calendar server returns a completed
timestamp.
--
Indicate end of options.
EXAMPLE:
bksum file.txt
bksum file1.txt file2.txt
bksum -v -- file1.txt file2.txt
bksum -v -t -- file1.txt file2.txt
find . -type f | bksum
find . -type f | bksum -v -s -t -- file.txt
NOTE:
If GNU Coreutils 8.32 `sha256sum` used, checksum file
can be verified using:
sha256sum --check 20220920T2117+0000..SHA256SUM
EOF
} # Display information on how to use this script.
showVersion() {
# Desc: Displays script version and license information.
# Usage: showVersion
# Version: 0.0.2
# Input: scriptVersion var containing version string
# Output: stdout
# Depends: vbm(), yell, GNU-coreutils 8.30
# Initialize function
vbm "DEBUG:showVersion function called."
cat <<'EOF'
bksum 0.0.1
Copyright (C) 2022 Steven Baltakatei Sandoval
License GPLv3: GNU GPL version 3
This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
EOF
# End function
vbm "DEBUG:showVersion function ended."
return 0; # Function finished.
} # Display script version.
checkapp() {
# Desc: If arg is a command, save result in assoc array 'appRollCall'
# Usage: checkapp arg1 arg2 arg3 ...
# Version: 0.1.1
# Input: global assoc. array 'appRollCall'
# Output: adds/updates key(value) to global assoc array 'appRollCall'
# Depends: bash 5.0.3
local returnState
#===Process Args===
for arg in "$@"; do
if command -v "$arg" 1>/dev/null 2>&1; then # Check if arg is a valid command
appRollCall[$arg]="true";
if ! [ "$returnState" = "false" ]; then returnState="true"; fi;
else
appRollCall[$arg]="false"; returnState="false";
fi;
done;
#===Determine function return code===
if [ "$returnState" = "true" ]; then
return 0;
else
return 1;
fi;
} # Check that app exists
checkfile() {
# Desc: If arg is a file path, save result in assoc array 'fileRollCall'
# Usage: checkfile arg1 arg2 arg3 ...
# Version: 0.1.2
# Input: global assoc. array 'fileRollCall'
# Output: adds/updates key(value) to global assoc array 'fileRollCall';
# Output: returns 0 if app found, 1 otherwise
# Depends: bash 5.0.3
local returnState
#===Process Args===
for arg in "$@"; do
if [ -f "$arg" ]; then
fileRollCall["$arg"]="true";
if ! [ "$returnState" = "false" ]; then returnState="true"; fi;
elif [ -z "$arg" ]; then
fileRollCall["(no name)"]="false"; returnState="false";
else
fileRollCall["$arg"]="false"; returnState="false";
fi;
done;
#===Determine function return code===
if [ "$returnState" = "true" ]; then
return 0;
else
return 1;
fi;
} # Check that file exists
checkdir() {
# Desc: If arg is a dir path, save result in assoc array 'dirRollCall'
# Usage: checkdir arg1 arg2 arg3 ...
# Version 0.1.2
# Input: global assoc. array 'dirRollCall'
# Output: adds/updates key(value) to global assoc array 'dirRollCall';
# Output: returns 0 if all args are dirs; 1 otherwise
# Depends: Bash 5.0.3
local returnState
#===Process Args===
for arg in "$@"; do
if [ -z "$arg" ]; then
dirRollCall["(Unspecified Dirname(s))"]="false"; returnState="false";
elif [ -d "$arg" ]; then
dirRollCall["$arg"]="true";
if ! [ "$returnState" = "false" ]; then returnState="true"; fi
else
dirRollCall["$arg"]="false"; returnState="false";
fi
done
#===Determine function return code===
if [ "$returnState" = "true" ]; then
return 0;
else
return 1;
fi
} # Check that dir exists
displayMissing() {
# Desc: Displays missing apps, files, and dirs
# Usage: displayMissing
# Version 1.0.0
# Input: associative arrays: appRollCall, fileRollCall, dirRollCall
# Output: stderr: messages indicating missing apps, file, or dirs
# Output: returns exit code 0 if nothing missing; 1 otherwise
# Depends: bash 5, checkAppFileDir()
local missingApps value appMissing missingFiles fileMissing
local missingDirs dirMissing
#==BEGIN Display errors==
#===BEGIN Display Missing Apps===
missingApps="Missing apps :";
#for key in "${!appRollCall[@]}"; do echo "DEBUG:$key => ${appRollCall[$key]}"; done
for key in "${!appRollCall[@]}"; do
value="${appRollCall[$key]}";
if [ "$value" = "false" ]; then
#echo "DEBUG:Missing apps: $key => $value";
missingApps="$missingApps""$key ";
appMissing="true";
fi;
done;
if [ "$appMissing" = "true" ]; then # Only indicate if an app is missing.
echo "$missingApps" 1>&2;
fi;
unset value;
#===END Display Missing Apps===
#===BEGIN Display Missing Files===
missingFiles="Missing files:";
#for key in "${!fileRollCall[@]}"; do echo "DEBUG:$key => ${fileRollCall[$key]}"; done
for key in "${!fileRollCall[@]}"; do
value="${fileRollCall[$key]}";
if [ "$value" = "false" ]; then
#echo "DEBUG:Missing files: $key => $value";
missingFiles="$missingFiles""$key ";
fileMissing="true";
fi;
done;
if [ "$fileMissing" = "true" ]; then # Only indicate if an app is missing.
echo "$missingFiles" 1>&2;
fi;
unset value;
#===END Display Missing Files===
#===BEGIN Display Missing Directories===
missingDirs="Missing dirs:";
#for key in "${!dirRollCall[@]}"; do echo "DEBUG:$key => ${dirRollCall[$key]}"; done
for key in "${!dirRollCall[@]}"; do
value="${dirRollCall[$key]}";
if [ "$value" = "false" ]; then
#echo "DEBUG:Missing dirs: $key => $value";
missingDirs="$missingDirs""$key ";
dirMissing="true";
fi;
done;
if [ "$dirMissing" = "true" ]; then # Only indicate if an dir is missing.
echo "$missingDirs" 1>&2;
fi;
unset value;
#===END Display Missing Directories===
#==END Display errors==
#==BEGIN Determine function return code===
if [ "$appMissing" == "true" ] || [ "$fileMissing" == "true" ] || [ "$dirMissing" == "true" ]; then
return 1;
else
return 0;
fi
#==END Determine function return code===
} # Display missing apps, files, dirs
processArgs() {
# Desc: Processes arguments provided to script
# Usage: processArgs "$@"
# Version: 1.0.0 (modified)
# Input: "$@" (list of arguments provided to the function)
# Output: Sets following variables used by other functions:
# opVerbose Indicates verbose mode enable status. (ex: "true", "false")
# pathDirOut1 Path to output directory.
# pathFileOut1 Path to output file.
# opFileOut1_overwrite Indicates whether file pathFileOut1 should be overwritten (ex: "true", "false").
# opTs Indicates timestamp mode
# opTsWait Indicates timestamp mode with wait option
# arrPosArgs Array of remaining positional argments
# Depends:
# yell() Displays messages to stderr.
# vbm() Displays messsages to stderr if opVerbose set to "true".
# showUsage() Displays usage information about parent script.
# showVersion() Displays version about parent script.
# arrPosArgs Global array for storing non-option positional arguments (i.e. arguments following the `--` option).
# External dependencies: bash (5.1.16), echo
# Ref./Attrib.:
# [1]: Marco Aurelio (2014-05-08). "echo that outputs to stderr". https://stackoverflow.com/a/23550347
# [2]: "Handling positional parameters" (2018-05-12). https://wiki.bash-hackers.org/scripting/posparams
# Initialize function
vbm "DEBUG:processArgs function called."
# Perform work
while [ ! $# -eq 0 ]; do # While number of arguments ($#) is not (!) equal to (-eq) zero (0).
#yell "DEBUG:Starting processArgs while loop." # Debug stderr message. See [1].
#yell "DEBUG:Provided arguments are:""$*" # Debug stderr message. See [1].
case "$1" in
-h | --help) showUsage; exit 1;; # Display usage.
--version) showVersion; exit 1;; # Show version
-v | --verbose) opVerbose="true"; vbm "DEBUG:Verbose mode enabled.";; # Enable verbose mode. See [1].
-o | --output-file) # Define output file path
if [ -f "$2" ]; then # If $2 is file that exists, prompt user to continue to overwrite, set pathFileOut1 to $2, pop $2.
yell "Specified output file $2 already exists. Overwrite? (y/n):"
read -r m; case $m in
y | Y | yes) opFileOut1_overwrite="true";;
n | N | no) opFileOut1_overwrite="false";;
*) yell "Invalid selection. Exiting."; exit 1;;
esac
if [ "$opFileOut1_overwrite" == "true" ]; then
pathFileOut1="$2";
shift;
vbm "DEBUG:Output file pathFileOut1 set to:""$2";
else
yell "ERORR:Exiting in order to not overwrite output file:""$pathFileOut1";
exit 1;
fi
else
pathFileOut1="$2";
shift;
vbm "DEBUG:Output file pathFileOut1 set to:""$2";
fi ;;
-s | --sign) # sign with gpg
opSign="true"; vbm "DEBUG:Signing mode enabled.";;
-t | --timestamp) # timestamp with ots
opTs="true"; vbm "DEBUG:Timestamp mode enabled.";;
-T | --timestamp-wait) # timestamp with ots with wait option
opTs="true"; vbm "DEBUG:Timestamp mode enabled.";
opTsWait="true"; vbm "DEBUG:Timestamp wait mode enabled.";;
--) # End of all options. See [2].
shift;
for arg in "$@"; do
vbm "DEBUG:adding to arrPosArgs:$arg";
arrPosArgs+=("$arg");
done;
break;;
-*) showUsage; yell "ERROR: Unrecognized option."; exit 1;; # Display usage
*)
for arg in "$@"; do
vbm "DEBUG:adding to arrPosArgs:$arg";
arrPosArgs+=("$arg");
done;
break;;
esac;
shift;
done;
# End function
vbm "DEBUG:processArgs function ended."
return 0; # Function finished.
} # Evaluate script options from positional arguments (ex: $1, $2, $3, etc.).
processStdin() {
# Desc: Save stdin lines to array
# Input: stdin standard input
# arrStdin array for storing stdin lines
# Output: arrStdin array for storing stdin lines
# Ref/Attrib: [1] https://unix.stackexchange.com/a/484643 Check if no command line arguments and STDIN is empty
if [[ -t 0 ]]; then
return 1; # error if file descriptor 0 (stdin) open
else
while read -r line; do
arrStdin+=("$line"); done;
return 0;
fi;
}; # Save stdin to array
checkInput() {
# Desc: Check that files (specified by positional arguments and
# standard input lines) exist and are in the same directory.
# Input: arrPosArgs[@] positional arguments
# arrStdin[@] standard input lines
# Output: return code 0 success
# return code 1 failure
# arrInFiles list of verified files
# Depends: displayMissing(), checkfile();
local flagMissing flagDirErr workDir;
# Check that positional arguments are files
for elem in "${arrPosArgs[@]}"; do
if checkfile "$elem"; then
arrInFiles+=("$elem");
else
flagMissing="true";
fi;
done;
# Check that stdin lines are files
for elem in "${arrStdin[@]}"; do
if checkfile "$elem"; then
arrInFiles+=("$elem");
else
flagMissing="true";
fi;
done;
# Check that all files are in the same directory
if [[ "$flagMissing" != "true" ]]; then
workDir="$( dirname "$( readlink -f "${arrInFiles[0]}" )" )";
for elem in "${arrInFiles[@]}"; do
elem="$(readlink -f "$elem")"; # full path
if [[ "$(dirname "$elem")" != "$workDir" ]]; then
flagDirErr="true";
fi;
done;
fi;
# Return non-zero if displayMissing() reports files missing.
if [[ "$flagMissing" == "true" ]]; then
displayMissing; return 1; fi;
if [[ "$flagDirErr" == "true" ]]; then
yell "ERROR:All files not in same directory.";
return 1; fi;
return 0;
}; # Check positional arguments
checkDepends() {
# Desc: Check if expected commands available
checkapp date sha256sum;
if [[ $opSign == "true" ]]; then checkapp gpg; fi;
if [[ $opTs == "true" ]]; then checkapp ots; fi;
# Return failure is displayMissing() reports apps missing.
if ! displayMissing; then return 1; else return 0; fi;
}; # Check dependencies
count_jobs() {
# Desc: Count and return total number of jobs
# Usage: count_jobs
# Input: None.
# Output: stdout integer number of jobs
# Depends: Bash 5.1.16
# Example: while [[$(count_jobs) -gt 0]]; do echo "Working..."; sleep 1; done;
# Version: 0.0.1
local job_count;
job_count="$(jobs -r | wc -l | tr -d ' ' )";
#yell "DEBUG:job_count:$job_count";
if [[ -z $job_count ]]; then job_count="0"; fi;
echo "$job_count";
}; # Return number of background jobs
main() {
# Input: pathFileOut1 option-specified output file path
# appRollCall assoc-array for checkapp(), displayMissing()
# fileRollCall assoc-array for checkfile(), displayMissing()
# dirRollCall assoc-array for checkdir(), displayMissing()
# arrPosArgs array for processArgs()
# arrStdin array for processStdin()
# arrInFiles array for checkInput()
# (args) for processArgs()
# (stdin) for processStdin()
# Output: file written to $pathSumOut
# file written to $pathSigOut
#
local fileSumOut dirOut pathSumOut pathSigOut;
# Check dependencies and input
if ! checkDepends; then die "FATAL:Missing apps."; fi;
processArgs "$@";
processStdin;
vbm "DEBUG:$(declare -p arrPosArgs)";
vbm "DEBUG:$(declare -p arrStdin)";
if ! [[ "${#arrPosArgs[@]}" -ge 1 || "${#arrStdin[@]}" -ge 1 ]]; then
yell "ERROR:No positional arguments or stdin lines.";
showUsage; exit 1; fi;
if ! checkInput; then die "FATAL:Invalid file list."; fi;
vbm "DEBUG:$(declare -p arrInFiles)";
# Do work
if [[ -n "$pathFileOut1" ]]; then
pathSumOut="$pathFileOut1";
else
dirOut="$( dirname "${arrInFiles[0]}" )";
fileSumOut="$(date +%Y%m%dT%H%M%S%z)..SHA256SUMS";
pathSumOut="$dirOut"/"$fileSumOut";
fi;
pathSigOut="$pathSumOut".asc;
for file in "${arrInFiles[@]}"; do
sha256sum "$file" >> "$pathSumOut";
done;
# Do optional work
## Sign checksum file.
if [[ $opSign == "true" ]]; then
yell "STATUS:Signing checksum file...";
try gpg --detach-sign --armor --output "$pathSigOut" "$pathSumOut" && yell "STATUS:Checksum created.";
fi;
## Timestamp checksum file.
if [[ $opTs == "true" ]]; then
yell "STATUS:Timestamping checksum file...";
if [[ $opTsWait != "true" ]]; then
try ots s "$pathSumOut" &
elif [[ $opTsWait == "true" ]]; then
yell "NOTICE:Waiting for calendar server response in background. (This may take 8 to 24 hours)...";
yell "ADVICE:Do not close or suspend this terminal.";
try ots --wait s "$pathSumOut" 1>/dev/random 2>&1 &
fi;
fi;
## Timestamp checksum signature file.
if [[ $opTs == "true" && $opSign == "true" ]]; then
yell "STATUS:Timestamping signature file...";
if [[ $opTsWait != "true" ]]; then
try ots s "$pathSigOut" && yell "STATUS:Timestamp of checksum signature file created.";
elif [[ $opTsWait == "true" ]]; then
yell "NOTICE:Waiting for calendar server response in background. (This may take 8 to 24 hours)...";
yell "ADVICE:Do not close or suspend this terminal.";
try ots --wait s "$pathSigOut" 1>/dev/random 2>&1 &
fi;
fi;
## Wait until background jobs (if any) completed
for (( n = 1; "$(count_jobs)" > 0; n++ )); do
if ! [[ $((n % 60)) -eq 0 ]]; then
printf ".";
else
printf ".%05ds passed.\n" "$SECONDS";
fi;
sleep 60;
done;
yell "Done.";
return 0;
}; # main program
main "$@";
# Author: Steven Baltakatei Sandoval
# License: GPLv3+