From b36a44a954bfe2e249c40a5a8d2081a9ab407e84 Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Mon, 20 Feb 2017 14:44:34 -0800 Subject: [PATCH] Check sha1 of transferred file. --- automated install/basic-install.sh | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 04febe57..129f88fd 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1157,7 +1157,7 @@ FTLinstall() { local binary="${1}" local latesttag echo ":::" - echo -n "::: Installing FTL ... " + echo -n "::: Installing FTL... " latesttag=$(curl -sI https://github.com/pi-hole/FTL/releases/latest | grep "Location" | awk -F '/' '{print $NF}') # Tags should always start with v, check for that. @@ -1165,10 +1165,12 @@ FTLinstall() { echo "failed (error in getting latest release location from GitHub)" return 1 fi - if curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${latesttag%$'\r'}/${binary}" -o "/tmp/pihole-FTL"; then + if curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${latesttag%$'\r'}/${binary}" -o "/tmp/${binary}"; then + # Get sha1 of the binary we just downloaded for verification. + curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${latesttag%$'\r'}/${binary}.sha1" -o "/tmp/${binary}.sha1" # Check if we just downloaded text, or a binary file. - if ! grep -qI '.' /tmp/pihole-FTL; then - echo "done" + if sha1sum -c "${binary}".sha1; then + echo -n "transferred... " install -m 0755 /tmp/pihole-FTL /usr/bin touch /var/log/pihole-FTL.log /var/run/pihole-FTL.pid /var/run/pihole-FTL.port chmod 0666 /var/log/pihole-FTL.log /var/run/pihole-FTL.pid /var/run/pihole-FTL.port @@ -1177,7 +1179,7 @@ FTLinstall() { echo "failed (download of binary from Github failed)" return 1 fi - echo "done" + echo "done." else echo "failed (URL not found.)" fi