"
Recently, I needed to automate verifying OPNsense signatures. I wrote a small and portable Python script for this.
I am sharing this for anyone in a similar situation or not familiar with the command line.
Github Gist | verify_opnsense.py
The script does:
How to use:
We could also include the script in the documentation to encourage users to verify downloads. ☺️
I am sharing this for anyone in a similar situation or not familiar with the command line.
Github Gist | verify_opnsense.py
The script does:
- Downloads the required files (*.pub, *.sig, *.sha256, CHANGELOG)
- Cross-checks the public key and checksum against the GitHub CHANGELOG for additional security
- Verifies the SHA256 checksum
- Decompresses the file
- Verifies the OpenSSL signature
- Runs test cases to ensure the logic works correctly
How to use:
- Make sure OpenSSL and Python are available on your system. If not, install them first.
- Download the script and save it as verify_opnsense.py.
- Run the script:Code Select
python verify_opnsense.py <DOWNLOADED_FILE_PATH> - After the script finishes, the decompressed file can be found in the same directory as the downloaded file.
We could also include the script in the documentation to encourage users to verify downloads. ☺️
