Automated script to verify OPNsense downloads

Started by potatochips, September 28, 2025, 11:48:21 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 28, 2025, 11:48:21 AM Last Edit: September 28, 2025, 11:52:12 AM by potatochips
Recently, I needed to automate verifying OPNsense signatures. I wrote a small and portable Python script for this.

I am sharing this for anyone in a similar situation or not familiar with the command line.

Github Gist | verify_opnsense.py

The script does:
    • Downloads the required files (*.pub, *.sig, *.sha256, CHANGELOG)
    • Cross-checks the public key and checksum against the GitHub CHANGELOG for additional security
    • Verifies the SHA256 checksum
    • Decompresses the file
    • Verifies the OpenSSL signature
    • Runs test cases to ensure the logic works correctly

    How to use:
    • Make sure OpenSSL and Python are available on your system. If not, install them first.
    • Download the script and save it as verify_opnsense.py.
    • Run the script:
      Code Select
      python verify_opnsense.py <DOWNLOADED_FILE_PATH>
    • After the script finishes, the decompressed file can be found in the same directory as the downloaded file.

    We could also include the script in the documentation to encourage users to verify downloads. ☺️

    Print
    Go Up Pages1
    User actions