Commit 34b59ed2 authored by Daniel Jagszent's avatar Daniel Jagszent
Browse files

Update: check integrity of downloaded tarball before extracting it

parent f9734966
Pipeline #9771 passed with stage
in 8 minutes and 7 seconds
#!/bin/bash
_UPD=1
# padding handles script being overwritten during updates
# see https://git.ispconfig.org/ispconfig/ispconfig3/issues/4227
......@@ -18,61 +16,66 @@ _UPD=1
##################################################
##################################################
SOURCE=$1
URL=""
{
SOURCE=$1
URL=""
SIG=""
if [[ "$SOURCE" == "stable" ]] ; then
URL="https://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz"
elif [[ "$SOURCE" == "nightly" ]] ; then
URL="https://www.ispconfig.org/downloads/ISPConfig-3-nightly.tar.gz"
elif [[ "$SOURCE" == "git-develop" ]] ; then
URL="https://git.ispconfig.org/ispconfig/ispconfig3/-/archive/develop/ispconfig3-develop.tar.gz"
else
echo "Please choose an installation source (stable, nightly, git-develop)"
exit 1
fi
if [[ "$SOURCE" == "stable" ]]; then
URL="https://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz"
SIG="https://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz.sig"
elif [[ "$SOURCE" == "nightly" ]]; then
URL="https://www.ispconfig.org/downloads/ISPConfig-3-nightly.tar.gz"
elif [[ "$SOURCE" == "git-develop" ]]; then
URL="https://git.ispconfig.org/ispconfig/ispconfig3/-/archive/develop/ispconfig3-develop.tar.gz"
else
echo "Please choose an installation source (stable, nightly, git-develop)"
exit 1
fi
CURDIR=$PWD
GPGV=$(command -pv gpgv)
KEYRING="/usr/local/ispconfig/security/trustedkeys.gpg"
cd /tmp
CURDIR=$PWD
{
if [ -n "${_UPD}" ]
then
{
save_umask=`umask`
umask 0077 \
&& tmpdir=`mktemp -dt "$(basename $0).XXXXXXXXXX"` \
&& test -d "${tmpdir}" \
&& cd "${tmpdir}"
umask $save_umask
} || {
echo 'mktemp failed'
exit 1
}
die() {
echo "$1"
# shellcheck disable=SC2164
cd "$CURDIR"
exit 1
}
echo "Downloading ISPConfig update."
wget -q -O ISPConfig-3.tar.gz "${URL}"
if [ -f ISPConfig-3.tar.gz ]
then
echo "Unpacking ISPConfig update."
tar xzf ISPConfig-3.tar.gz --strip-components=1
cd install/
php -q \
-d disable_classes= \
-d disable_functions= \
-d open_basedir= \
update.php
cd /tmp
rm -rf "${tmpdir}"
save_umask=$(umask)
umask 0077
tmpdir=$(mktemp -dt "ISPConfig-update.XXXXXXXXXX")
test $? -eq 0 || die 'mktemp failed'
cd "$tmpdir" || die 'could not chdir into temporary working directory'
umask "$save_umask"
# shellcheck disable=SC2064
trap "rm -rf \"$tmpdir\"" EXIT
echo "Downloading ISPConfig update."
wget -q -O ISPConfig-3.tar.gz "$URL" || die "Unable to download the update."
if [ -n "$SIG" ] && [ -n "$GPGV" ] && [ -f "$KEYRING" ]; then
wget -q -O ISPConfig-3.tar.gz.sig "$SIG" || die "could not download signature file"
if "$GPGV" --quiet --keyring "$KEYRING" ISPConfig-3.tar.gz.sig ISPConfig-3.tar.gz; then
echo "Verified the integrity of the ISPConfig update file"
else
echo "Unable to download the update."
cd "$CURDIR"
exit 1
die "Could not verify the integrity of the ISPConfig update file."
fi
fi
echo "Unpacking ISPConfig update."
tar xzf ISPConfig-3.tar.gz --strip-components=1
cd install/ || die "could not chdir into install directory"
php -q \
-d disable_classes= \
-d disable_functions= \
-d open_basedir= \
update.php
fi
cd "$CURDIR"
exit 0
# shellcheck disable=SC2164
cd "$CURDIR"
exit 0
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment