mirror of
https://github.com/pi-hole/pi-hole
synced 2024-12-22 23:08:07 +00:00
Verify that we actually downloaded a valid checksum before comparing it to the local one. This covers situations where downloading the checksum from remote might have failed
Signed-off-by: DL6ER <dl6er@dl6er.de>
This commit is contained in:
parent
dedaf5432e
commit
2fd0de4743
@ -2002,9 +2002,11 @@ FTLcheckUpdate() {
|
|||||||
local localSha1
|
local localSha1
|
||||||
|
|
||||||
if [[ ! "${ftlBranch}" == "master" ]]; then
|
if [[ ! "${ftlBranch}" == "master" ]]; then
|
||||||
# Check whether or not the binary for this FTL branch actually exists. If not, then there is no update!
|
# This is not the master branch
|
||||||
local path
|
local path
|
||||||
path="${ftlBranch}/${binary}"
|
path="${ftlBranch}/${binary}"
|
||||||
|
|
||||||
|
# Check whether or not the binary for this FTL branch actually exists. If not, then there is no update!
|
||||||
# shellcheck disable=SC1090
|
# shellcheck disable=SC1090
|
||||||
check_download_exists "$path"
|
check_download_exists "$path"
|
||||||
local ret=$?
|
local ret=$?
|
||||||
@ -2023,12 +2025,20 @@ FTLcheckUpdate() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ ${ftlLoc} ]]; then
|
if [[ ${ftlLoc} ]]; then
|
||||||
# We already have a pihole-FTL binary downloaded.
|
# We already have a pihole-FTL binary installed, check if it's the
|
||||||
# Alt branches don't have a tagged version against them, so just confirm the checksum of the local vs remote to decide whether we download or not
|
# same as the remote one
|
||||||
|
# Alt branches don't have a tagged version against them, so just
|
||||||
|
# confirm the checksum of the local vs remote to decide whether we
|
||||||
|
# download or not
|
||||||
remoteSha1=$(curl -sSL --fail "https://ftl.pi-hole.net/${ftlBranch}/${binary}.sha1" | cut -d ' ' -f 1)
|
remoteSha1=$(curl -sSL --fail "https://ftl.pi-hole.net/${ftlBranch}/${binary}.sha1" | cut -d ' ' -f 1)
|
||||||
localSha1=$(sha1sum "$(command -v pihole-FTL)" | cut -d ' ' -f 1)
|
localSha1=$(sha1sum "${ftlLoc}" | cut -d ' ' -f 1)
|
||||||
|
|
||||||
if [[ "${remoteSha1}" != "${localSha1}" ]]; then
|
# Check we downloaded a valid checksum (no 404 or other error like
|
||||||
|
# no DNS resolution)
|
||||||
|
if [[ ! "${remoteSha1}" =~ ^[a-f0-9]{40}$ ]]; then
|
||||||
|
printf " %b Remote checksum not available, trying to download binary from ftl.pi-hole.net.\\n" "${CROSS}"
|
||||||
|
return 0
|
||||||
|
elif [[ "${remoteSha1}" != "${localSha1}" ]]; then
|
||||||
printf " %b Checksums do not match, downloading from ftl.pi-hole.net.\\n" "${INFO}"
|
printf " %b Checksums do not match, downloading from ftl.pi-hole.net.\\n" "${INFO}"
|
||||||
return 0
|
return 0
|
||||||
else
|
else
|
||||||
@ -2039,7 +2049,10 @@ FTLcheckUpdate() {
|
|||||||
return 0
|
return 0
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
|
# This is the master branch
|
||||||
if [[ ${ftlLoc} ]]; then
|
if [[ ${ftlLoc} ]]; then
|
||||||
|
# We already have a pihole-FTL binary installed, check if it's the
|
||||||
|
# same as the remote one
|
||||||
local FTLversion
|
local FTLversion
|
||||||
FTLversion=$(/usr/bin/pihole-FTL tag)
|
FTLversion=$(/usr/bin/pihole-FTL tag)
|
||||||
local FTLlatesttag
|
local FTLlatesttag
|
||||||
@ -2053,15 +2066,24 @@ FTLcheckUpdate() {
|
|||||||
|
|
||||||
# Check if the installed version matches the latest version
|
# Check if the installed version matches the latest version
|
||||||
if [[ "${FTLversion}" != "${FTLlatesttag}" ]]; then
|
if [[ "${FTLversion}" != "${FTLlatesttag}" ]]; then
|
||||||
|
# If the installed version does not match the latest version, then download
|
||||||
return 0
|
return 0
|
||||||
else
|
else
|
||||||
|
# If the installed version matches the latest version, then
|
||||||
|
# check the installed sha1sum of the binary vs the remote
|
||||||
|
# sha1sum. If they do not match, then download
|
||||||
printf " %b Latest FTL Binary already installed (%s). Confirming Checksum...\\n" "${INFO}" "${FTLlatesttag}"
|
printf " %b Latest FTL Binary already installed (%s). Confirming Checksum...\\n" "${INFO}" "${FTLlatesttag}"
|
||||||
|
|
||||||
remoteSha1=$(curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${FTLversion%$'\r'}/${binary}.sha1" | cut -d ' ' -f 1)
|
remoteSha1=$(curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${FTLversion%$'\r'}/${binary}.sha1" | cut -d ' ' -f 1)
|
||||||
localSha1=$(sha1sum "$(command -v pihole-FTL)" | cut -d ' ' -f 1)
|
localSha1=$(sha1sum "${ftlLoc}" | cut -d ' ' -f 1)
|
||||||
|
|
||||||
if [[ "${remoteSha1}" != "${localSha1}" ]]; then
|
# Check we downloaded a valid checksum (no 404 or other error like
|
||||||
printf " %b Corruption detected...\\n" "${INFO}"
|
# no DNS resolution)
|
||||||
|
if [[ ! "${remoteSha1}" =~ ^[a-f0-9]{40}$ ]]; then
|
||||||
|
printf " %b Remote checksum not available, trying to redownload binary...\\n" "${CROSS}"
|
||||||
|
return 0
|
||||||
|
elif [[ "${remoteSha1}" != "${localSha1}" ]]; then
|
||||||
|
printf " %b Corruption detected, redownloading binary...\\n" "${CROSS}"
|
||||||
return 0
|
return 0
|
||||||
else
|
else
|
||||||
printf " %b Checksum correct. No need to download!\\n" "${INFO}"
|
printf " %b Checksum correct. No need to download!\\n" "${INFO}"
|
||||||
|
Loading…
Reference in New Issue
Block a user