Update: check integrity of downloaded tarball before extracting it

server/scripts/update_runner.sh

 #!/bin/bash
 
-_UPD=1
-
 # padding handles script being overwritten during updates
 # see https://git.ispconfig.org/ispconfig/ispconfig3/issues/4227
 
@@ -18,61 +16,66 @@ _UPD=1
 ##################################################
 ##################################################
 
-SOURCE=$1
-URL=""
+{
+
+  SOURCE=$1
+  URL=""
+  SIG=""
 
-if [[ "$SOURCE" == "stable" ]] ; then
-	URL="https://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz"
-elif [[ "$SOURCE" == "nightly" ]] ; then
-	URL="https://www.ispconfig.org/downloads/ISPConfig-3-nightly.tar.gz"
-elif [[ "$SOURCE" == "git-develop" ]] ; then
-	URL="https://git.ispconfig.org/ispconfig/ispconfig3/-/archive/develop/ispconfig3-develop.tar.gz"
-else 
-	echo "Please choose an installation source (stable, nightly, git-develop)"
-	exit 1
-fi
+  if [[ "$SOURCE" == "stable" ]]; then
+    URL="https://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz"
+    SIG="https://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz.sig"
+  elif [[ "$SOURCE" == "nightly" ]]; then
+    URL="https://www.ispconfig.org/downloads/ISPConfig-3-nightly.tar.gz"
+  elif [[ "$SOURCE" == "git-develop" ]]; then
+    URL="https://git.ispconfig.org/ispconfig/ispconfig3/-/archive/develop/ispconfig3-develop.tar.gz"
+  else
+    echo "Please choose an installation source (stable, nightly, git-develop)"
+    exit 1
+  fi
 
-CURDIR=$PWD
+  GPGV=$(command -pv gpgv)
+  KEYRING="/usr/local/ispconfig/security/trustedkeys.gpg"
 
-cd /tmp
+  CURDIR=$PWD
 
-{
-if [ -n "${_UPD}" ]
-then
-    {
-        save_umask=`umask`
-        umask 0077 \
-        && tmpdir=`mktemp -dt "$(basename $0).XXXXXXXXXX"` \
-        && test -d "${tmpdir}" \
-        && cd "${tmpdir}"
-        umask $save_umask
-    } || {
-        echo 'mktemp failed'
-        exit 1
-    }
+  die() {
+    echo "$1"
+    # shellcheck disable=SC2164
+    cd "$CURDIR"
+    exit 1
+  }
 
-    echo "Downloading ISPConfig update."
-    wget -q -O ISPConfig-3.tar.gz "${URL}"
-    if [ -f ISPConfig-3.tar.gz ]
-    then
-        echo "Unpacking ISPConfig update."
-        tar xzf ISPConfig-3.tar.gz --strip-components=1
-        cd install/
-        php -q \
-            -d disable_classes= \
-            -d disable_functions= \
-            -d open_basedir= \
-            update.php
-        cd /tmp
-        rm -rf "${tmpdir}"
+  save_umask=$(umask)
+  umask 0077
+  tmpdir=$(mktemp -dt "ISPConfig-update.XXXXXXXXXX")
+  test $? -eq 0 || die 'mktemp failed'
+  cd "$tmpdir" || die 'could not chdir into temporary working directory'
+  umask "$save_umask"
+
+  # shellcheck disable=SC2064
+  trap "rm -rf \"$tmpdir\"" EXIT
+
+  echo "Downloading ISPConfig update."
+  wget -q -O ISPConfig-3.tar.gz "$URL" || die "Unable to download the update."
+  if [ -n "$SIG" ] && [ -n "$GPGV" ] && [ -f "$KEYRING" ]; then
+    wget -q -O ISPConfig-3.tar.gz.sig "$SIG" || die "could not download signature file"
+    if "$GPGV" --quiet --keyring "$KEYRING" ISPConfig-3.tar.gz.sig ISPConfig-3.tar.gz; then
+      echo "Verified the integrity of the ISPConfig update file"
     else
-        echo "Unable to download the update."
-		cd "$CURDIR"
-        exit 1
+      die "Could not verify the integrity of the ISPConfig update file."
     fi
+  fi
+  echo "Unpacking ISPConfig update."
+  tar xzf ISPConfig-3.tar.gz --strip-components=1
+  cd install/ || die "could not chdir into install directory"
+  php -q \
+    -d disable_classes= \
+    -d disable_functions= \
+    -d open_basedir= \
+    update.php
 
-fi
-
-cd "$CURDIR"
-exit 0
+  # shellcheck disable=SC2164
+  cd "$CURDIR"
+  exit 0
 }