Verify that we actually downloaded a valid checksum before comparing it to the local one. This covers situations where downloading the checksum from remote might have failed
Signed-off-by: DL6ER <dl6er@dl6er.de>
This commit is contained in:
parent
dedaf5432e
commit
2fd0de4743
|
@ -2002,9 +2002,11 @@ FTLcheckUpdate() {
|
|||
local localSha1
|
||||
|
||||
if [[ ! "${ftlBranch}" == "master" ]]; then
|
||||
# Check whether or not the binary for this FTL branch actually exists. If not, then there is no update!
|
||||
# This is not the master branch
|
||||
local path
|
||||
path="${ftlBranch}/${binary}"
|
||||
|
||||
# Check whether or not the binary for this FTL branch actually exists. If not, then there is no update!
|
||||
# shellcheck disable=SC1090
|
||||
check_download_exists "$path"
|
||||
local ret=$?
|
||||
|
@ -2023,12 +2025,20 @@ FTLcheckUpdate() {
|
|||
fi
|
||||
|
||||
if [[ ${ftlLoc} ]]; then
|
||||
# We already have a pihole-FTL binary downloaded.
|
||||
# Alt branches don't have a tagged version against them, so just confirm the checksum of the local vs remote to decide whether we download or not
|
||||
# We already have a pihole-FTL binary installed, check if it's the
|
||||
# same as the remote one
|
||||
# Alt branches don't have a tagged version against them, so just
|
||||
# confirm the checksum of the local vs remote to decide whether we
|
||||
# download or not
|
||||
remoteSha1=$(curl -sSL --fail "https://ftl.pi-hole.net/${ftlBranch}/${binary}.sha1" | cut -d ' ' -f 1)
|
||||
localSha1=$(sha1sum "$(command -v pihole-FTL)" | cut -d ' ' -f 1)
|
||||
localSha1=$(sha1sum "${ftlLoc}" | cut -d ' ' -f 1)
|
||||
|
||||
if [[ "${remoteSha1}" != "${localSha1}" ]]; then
|
||||
# Check we downloaded a valid checksum (no 404 or other error like
|
||||
# no DNS resolution)
|
||||
if [[ ! "${remoteSha1}" =~ ^[a-f0-9]{40}$ ]]; then
|
||||
printf " %b Remote checksum not available, trying to download binary from ftl.pi-hole.net.\\n" "${CROSS}"
|
||||
return 0
|
||||
elif [[ "${remoteSha1}" != "${localSha1}" ]]; then
|
||||
printf " %b Checksums do not match, downloading from ftl.pi-hole.net.\\n" "${INFO}"
|
||||
return 0
|
||||
else
|
||||
|
@ -2039,7 +2049,10 @@ FTLcheckUpdate() {
|
|||
return 0
|
||||
fi
|
||||
else
|
||||
# This is the master branch
|
||||
if [[ ${ftlLoc} ]]; then
|
||||
# We already have a pihole-FTL binary installed, check if it's the
|
||||
# same as the remote one
|
||||
local FTLversion
|
||||
FTLversion=$(/usr/bin/pihole-FTL tag)
|
||||
local FTLlatesttag
|
||||
|
@ -2053,15 +2066,24 @@ FTLcheckUpdate() {
|
|||
|
||||
# Check if the installed version matches the latest version
|
||||
if [[ "${FTLversion}" != "${FTLlatesttag}" ]]; then
|
||||
# If the installed version does not match the latest version, then download
|
||||
return 0
|
||||
else
|
||||
# If the installed version matches the latest version, then
|
||||
# check the installed sha1sum of the binary vs the remote
|
||||
# sha1sum. If they do not match, then download
|
||||
printf " %b Latest FTL Binary already installed (%s). Confirming Checksum...\\n" "${INFO}" "${FTLlatesttag}"
|
||||
|
||||
remoteSha1=$(curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${FTLversion%$'\r'}/${binary}.sha1" | cut -d ' ' -f 1)
|
||||
localSha1=$(sha1sum "$(command -v pihole-FTL)" | cut -d ' ' -f 1)
|
||||
localSha1=$(sha1sum "${ftlLoc}" | cut -d ' ' -f 1)
|
||||
|
||||
if [[ "${remoteSha1}" != "${localSha1}" ]]; then
|
||||
printf " %b Corruption detected...\\n" "${INFO}"
|
||||
# Check we downloaded a valid checksum (no 404 or other error like
|
||||
# no DNS resolution)
|
||||
if [[ ! "${remoteSha1}" =~ ^[a-f0-9]{40}$ ]]; then
|
||||
printf " %b Remote checksum not available, trying to redownload binary...\\n" "${CROSS}"
|
||||
return 0
|
||||
elif [[ "${remoteSha1}" != "${localSha1}" ]]; then
|
||||
printf " %b Corruption detected, redownloading binary...\\n" "${CROSS}"
|
||||
return 0
|
||||
else
|
||||
printf " %b Checksum correct. No need to download!\\n" "${INFO}"
|
||||
|
|
Loading…
Reference in New Issue