From 0ca8ed94ccc4b9fe4ccac331957f01f852999094 Mon Sep 17 00:00:00 2001 From: "Max P." Date: Thu, 22 May 2025 10:37:15 +0200 Subject: [PATCH] fix(install): enhance checksum validation with detailed comparison - Replaces `sha256sum` with a detailed checksum comparison using OpenSSL - Improves error messaging by displaying both expected and actual hashes --- scripts/install.sh | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/scripts/install.sh b/scripts/install.sh index e0b1130..15f84f6 100644 --- a/scripts/install.sh +++ b/scripts/install.sh @@ -38,9 +38,18 @@ TMP_FILE=$(mktemp) curl -fsSL "${DOWNLOAD_URL}" -o "${TMP_FILE}" chmod +x "${TMP_FILE}" -# === Optional: SHA256-Check === -curl -fsSL "${DOWNLOAD_URL}.sha256" -o "${TMP_FILE}.sha256" -echo "$(cat ${TMP_FILE}.sha256) ${TMP_FILE}" | sha256sum -c - +# === SHA256-Check === +TMP_HASH=$(mktemp) +curl -fsSL "${DOWNLOAD_URL}.sha256" -o "$TMP_HASH" +EXPECTED_HASH=$(cut -d ' ' -f1 "$TMP_HASH") +ACTUAL_HASH=$(openssl dgst -sha256 "$TMP_FILE" | awk '{print $2}') + +if [ "$EXPECTED_HASH" != "$ACTUAL_HASH" ]; then + echo "⚠️ Checksum mismatch!" + echo "Expected: $EXPECTED_HASH" + echo "Actual: $ACTUAL_HASH" + exit 1 +fi # === Installation === echo "🚀 Installing to ${INSTALL_PATH}/${BINARY_NAME}"