#!/bin/bash

## Copyright (C) 2023 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
## See the file COPYING for copying conditions.

#### meta start
#### project Kicksecure
#### category security
#### description

## Verifies the integrity of VirtualBox.exe.
## This script assumes that the calling script previously changed directory
## into the folder which contains the VirtualBox.exe.

#### meta end

set -x
set -o errexit
set -o nounset
set -o pipefail
set -o errtrace
shopt -s inherit_errexit

source /usr/libexec/helper-scripts/has.sh

true "$0: START"

pwd

has osslsigncode
has sha256sum

counter=0
selected_file_name=""
for file_name in ./VirtualBox-*.exe ; do
  ## Default glob behaviour: with no matches the pattern is left
  ## literal, so guard against that explicitly. Also guard against
  ## accidentally matched directory names.
  test -f "$file_name" || continue
  selected_file_name="${file_name}"
  counter=$((counter + 1))
done

if [ "$counter" -eq "0" ]; then
  true "$0: ERROR: No file matching VirtualBox-*.exe!"
  exit 1
fi
if [ "$counter" -gt "1" ]; then
  true "$0: ERROR: Multiple files matching VirtualBox-*.exe!"
  exit 1
fi

test -r "${selected_file_name}"

osslsigncode verify -in "${selected_file_name}"

sha256sum --ignore-missing --strict --check SHA256SUMS

true "$0: SUCCESS"
