SamNet-dev/conduit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: simplify update checker to SHA-only, add hex validation

Browse Source 
Replace 70-line two-method checker (API + 530KB download fallback)
with 20-line SHA-only approach. Self-heals missing baseline on first
menu open. Add hex validation and --connect-timeout to all SHA saves.
This commit is contained in:
SamNet-dev
2026-02-10 23:20:38 -06:00
parent be4aab13bd
commit b06b6b70ac
1 changed files with 34 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

96
conduit.sh
View File

@@ -8790,76 +8790,36 @@ SVCEOF
systemctl restart conduit-telegram.service 2>/dev/null || true systemctl restart conduit-telegram.service 2>/dev/null || true
fi fi
# Background update check (non-blocking) # Background update check (non-blocking) — compare commit SHA only (~40 bytes)
{ {
local _badge="/tmp/.conduit_update_available" local _badge="/tmp/.conduit_update_available"
local _sha_file="$INSTALL_DIR/.update_sha" local _sha_file="$INSTALL_DIR/.update_sha"
local _done=false
# Method 1: Lightweight GitHub API check (~40B vs ~530KB full file) # Fetch latest commit SHA from GitHub API
local _api_resp local _remote_sha
_api_resp=$(curl -fsSL --connect-timeout 5 --max-time 10 \ _remote_sha=$(curl -fsSL --connect-timeout 5 --max-time 10 \
"https://api.github.com/repos/SamNet-dev/conduit-manager/commits/main" \ "https://api.github.com/repos/SamNet-dev/conduit-manager/commits/main" \
-H "Accept: application/vnd.github.sha" 2>/dev/null) || true -H "Accept: application/vnd.github.sha" 2>/dev/null) || true
if [ -n "$_api_resp" ] && [ ${#_api_resp} -ge 40 ]; then
local _remote_sha="${_api_resp:0:40}" # Validate: must be 40+ hex chars (not JSON error or HTML from a proxy)
# Validate response is hex (not a JSON error or HTML from a proxy) if [ -n "$_remote_sha" ] && [ ${#_remote_sha} -ge 40 ]; then
case "$_remote_sha" in *[!a-f0-9]*) _remote_sha="${_remote_sha:0:40}"
# Not a valid SHA, skip to Method 2 case "$_remote_sha" in *[!a-f0-9]*) exit 0 ;; esac
;;
*)
local _stored_sha="" local _stored_sha=""
[ -f "$_sha_file" ] && _stored_sha=$(<"$_sha_file") [ -f "$_sha_file" ] && _stored_sha=$(<"$_sha_file")
if [ -z "$_stored_sha" ]; then if [ -z "$_stored_sha" ]; then
# No SHA baseline (API was down during install/update) — fall through to Method 2 # No baseline yet — save current as baseline (first run after install/update where API was down)
: echo "$_remote_sha" > "$_sha_file" 2>/dev/null || true
rm -f "$_badge" 2>/dev/null
elif [ "$_remote_sha" != "$_stored_sha" ]; then elif [ "$_remote_sha" != "$_stored_sha" ]; then
echo "new" > "$_badge" 2>/dev/null echo "new" > "$_badge" 2>/dev/null
_done=true
else
rm -f "$_badge" 2>/dev/null
_done=true
fi
;;
esac
fi
# Method 2: Full file hash comparison (fallback if API unreachable)
if [ "$_done" != "true" ]; then
local _utmp="/tmp/.conduit_uc_$$"
local _uurl="https://raw.githubusercontent.com/SamNet-dev/conduit-manager/main/conduit.sh"
local _hashcmd="md5sum"
command -v md5sum &>/dev/null || _hashcmd="sha256sum"
command -v $_hashcmd &>/dev/null || { rm -f "$_utmp"; exit 0; }
if curl -fsSL --connect-timeout 5 --max-time 30 -o "$_utmp" "$_uurl" 2>/dev/null && [ -s "$_utmp" ]; then
local _remote_hash=$($_hashcmd "$_utmp" | cut -d' ' -f1)
local _stored_hash=""
[ -f "$INSTALL_DIR/.update_hash" ] && _stored_hash=$(<"$INSTALL_DIR/.update_hash")
if [ -z "$_stored_hash" ]; then
local _rv=$(grep -m1 '^VERSION=' "$_utmp" | cut -d'"' -f2)
if [ -n "$_rv" ] && [ "$_rv" = "$VERSION" ]; then
echo "$_remote_hash" > "$INSTALL_DIR/.update_hash" 2>/dev/null || true
rm -f "$_badge" 2>/dev/null
else
if [ -n "$_rv" ]; then
echo "v${_rv}" > "$_badge" 2>/dev/null
else
echo "new" > "$_badge" 2>/dev/null
fi
fi
elif [ "$_remote_hash" != "$_stored_hash" ]; then
local _rv=$(grep -m1 '^VERSION=' "$_utmp" | cut -d'"' -f2)
if [ -n "$_rv" ] && [ "$_rv" != "$VERSION" ]; then
echo "v${_rv}" > "$_badge" 2>/dev/null
else
echo "new" > "$_badge" 2>/dev/null
fi
else else
rm -f "$_badge" 2>/dev/null rm -f "$_badge" 2>/dev/null
fi fi
fi fi
rm -f "$_utmp" # If API unreachable — do nothing, badge stays as-is
fi
} & } &
local redraw=true local redraw=true
@@ -11155,7 +11115,6 @@ update_conduit() {
# Install latest from GitHub # Install latest from GitHub
bash "$tmp_script" --update-components bash "$tmp_script" --update-components
local update_status=$? local update_status=$?
rm -f "$tmp_script"
if [ $update_status -eq 0 ]; then if [ $update_status -eq 0 ]; then
echo -e " ${GREEN}✓ Script installed (v${new_version:-?})${NC}" echo -e " ${GREEN}✓ Script installed (v${new_version:-?})${NC}"
@@ -11164,6 +11123,7 @@ update_conduit() {
else else
echo -e " ${RED}✗ Installation failed${NC}" echo -e " ${RED}✗ Installation failed${NC}"
fi fi
rm -f "$tmp_script"
else else
echo -e " ${RED}✗ Downloaded file invalid or corrupted${NC}" echo -e " ${RED}✗ Downloaded file invalid or corrupted${NC}"
rm -f "$tmp_script" rm -f "$tmp_script"
@@ -11256,11 +11216,15 @@ update_conduit() {
# Clear update badge and save current commit SHA as baseline # Clear update badge and save current commit SHA as baseline
rm -f /tmp/.conduit_update_available rm -f /tmp/.conduit_update_available
local _cur_sha local _cur_sha
_cur_sha=$(curl -fsSL --max-time 10 \ _cur_sha=$(curl -fsSL --connect-timeout 5 --max-time 10 \
"https://api.github.com/repos/SamNet-dev/conduit-manager/commits/main" \ "https://api.github.com/repos/SamNet-dev/conduit-manager/commits/main" \
-H "Accept: application/vnd.github.sha" 2>/dev/null) || true -H "Accept: application/vnd.github.sha" 2>/dev/null) || true
if [ -n "$_cur_sha" ] && [ ${#_cur_sha} -ge 40 ]; then if [ -n "$_cur_sha" ] && [ ${#_cur_sha} -ge 40 ]; then
echo "${_cur_sha:0:40}" > "$INSTALL_DIR/.update_sha" 2>/dev/null || true _cur_sha="${_cur_sha:0:40}"
case "$_cur_sha" in *[!a-f0-9]*) _cur_sha="" ;; esac
fi
if [ -n "$_cur_sha" ]; then
echo "$_cur_sha" > "$INSTALL_DIR/.update_sha" 2>/dev/null || true
else else
rm -f "$INSTALL_DIR/.update_sha" 2>/dev/null || true rm -f "$INSTALL_DIR/.update_sha" 2>/dev/null || true
fi fi
@@ -11377,21 +11341,17 @@ MANAGEMENT
rm -f /usr/local/bin/conduit 2>/dev/null || true rm -f /usr/local/bin/conduit 2>/dev/null || true
ln -s "$INSTALL_DIR/conduit" /usr/local/bin/conduit ln -s "$INSTALL_DIR/conduit" /usr/local/bin/conduit
# Save script fingerprint for update checking
if [ -n "$0" ] && [ -f "$0" ]; then
local _hcmd="md5sum"
command -v md5sum &>/dev/null || _hcmd="sha256sum"
if command -v $_hcmd &>/dev/null; then
$_hcmd "$0" 2>/dev/null | cut -d' ' -f1 > "$INSTALL_DIR/.update_hash" 2>/dev/null || true
fi
fi
# Save current commit SHA as update baseline # Save current commit SHA as update baseline
local _cur_sha local _cur_sha
_cur_sha=$(curl -fsSL --max-time 10 \ _cur_sha=$(curl -fsSL --connect-timeout 5 --max-time 10 \
"https://api.github.com/repos/SamNet-dev/conduit-manager/commits/main" \ "https://api.github.com/repos/SamNet-dev/conduit-manager/commits/main" \
-H "Accept: application/vnd.github.sha" 2>/dev/null) || true -H "Accept: application/vnd.github.sha" 2>/dev/null) || true
if [ -n "$_cur_sha" ] && [ ${#_cur_sha} -ge 40 ]; then if [ -n "$_cur_sha" ] && [ ${#_cur_sha} -ge 40 ]; then
echo "${_cur_sha:0:40}" > "$INSTALL_DIR/.update_sha" 2>/dev/null || true _cur_sha="${_cur_sha:0:40}"
case "$_cur_sha" in *[!a-f0-9]*) _cur_sha="" ;; esac
fi
if [ -n "$_cur_sha" ]; then
echo "$_cur_sha" > "$INSTALL_DIR/.update_sha" 2>/dev/null || true
else else
rm -f "$INSTALL_DIR/.update_sha" 2>/dev/null || true rm -f "$INSTALL_DIR/.update_sha" 2>/dev/null || true
fi fi