filebot/installer/portable/update-filebot.sh

#!/bin/sh
PRG="$0"

# resolve relative symlinks
while [ -h "$PRG" ]; do
	ls=`ls -ld "$PRG"`
	link=`expr "$ls" : '.*-> \(.*\)$'`
	if expr "$link" : '/.*' > /dev/null; then
		PRG="$link"
	else
		PRG="`dirname "$PRG"`/$link"
	fi
done

# make it fully qualified
WORKING_DIR=`pwd`
PRG_DIR=`dirname "$PRG"`
APP_ROOT=`cd "$PRG_DIR" && pwd`

# restore original working dir
cd "$WORKING_DIR"


# update core application files
PACKAGE_NAME="FileBot.jar.xz.gpg"
PACKAGE_FILE="$APP_ROOT/$PACKAGE_NAME"
PACKAGE_URL="https://sourceforge.net/projects/filebot/files/filebot/HEAD/$PACKAGE_NAME"

# check if file has changed
PACKAGE_HASH_EXPECTED=`curl --silent --retry 5 "$PACKAGE_URL/list" | egrep -o "\b[a-z0-9]{32}\b"`
PACKAGE_HASH=`openssl dgst -md5 "$PACKAGE_FILE" | egrep -o "\b[a-z0-9]{32}\b"`

if [ -z "$PACKAGE_HASH_EXPECTED" ]; then
	echo "hash unknown"
	exit 1
fi

if [ "$PACKAGE_HASH" == "$PACKAGE_HASH_EXPECTED" ]; then
	echo "$PACKAGE_FILE [$PACKAGE_HASH]"
	exit 0
fi

echo "Update $PACKAGE_FILE"
curl -L -o "$PACKAGE_FILE" -z "$PACKAGE_FILE" --retry 5 "$PACKAGE_URL"	# FRS will redirect to (unsecure) HTTP download link

# check if file has been corrupted (or modified) in transit
PACKAGE_HASH=`openssl dgst -md5 "$PACKAGE_FILE" | egrep -o "\b[a-z0-9]{32}\b"`
echo "$PACKAGE_FILE [$PACKAGE_HASH]"

if [ "$PACKAGE_HASH" != "$PACKAGE_HASH_EXPECTED" ]; then
	echo "HASH hash mismatch [$PACKAGE_HASH_EXPECTED]"
	rm -vf "$PACKAGE_FILE"
	exit 1
fi


# initialize gpg
GPG_HOME="$APP_ROOT/data/.gpg"
JAR_XZ_FILE="$APP_ROOT/FileBot.jar.xz"

if [ ! -d "$GPG_HOME" ]; then
	mkdir -p "$GPG_HOME" && chmod 700 "$GPG_HOME" && gpg --homedir "$GPG_HOME" --import "$APP_ROOT/maintainer.pub"
fi

# verify signature and extract jar
gpg --batch --yes --homedir "$GPG_HOME" --trusted-key "4E402EBF7C3C6A71" --output "$JAR_XZ_FILE" --decrypt "$PACKAGE_FILE" && xz --decompress --force "$JAR_XZ_FILE"
* fix nested relative symlink issues in the portable scripts as well * portable startup scripts now are /bin/sh compatible 2014-06-20 14:41:18 -04:00			`#!/bin/sh`
			`PRG="$0"`
* added FileBot.jar auto-update script for Linux to portable package 2014-03-26 03:06:39 -04:00
* fix nested relative symlink issues in the portable scripts as well * portable startup scripts now are /bin/sh compatible 2014-06-20 14:41:18 -04:00			`# resolve relative symlinks`
Verify SHA1 hash when updating to the latest FileBot.jar revision 2016-06-08 08:31:16 -04:00			`while [ -h "$PRG" ]; do`
* update filebot.sh as well 2015-06-29 08:04:34 -04:00			ls=`ls -ld "$PRG"`
			link=`expr "$ls" : '.-> \(.\)$'`
			`if expr "$link" : '/.*' > /dev/null; then`
			`PRG="$link"`
			`else`
			PRG="`dirname "$PRG"`/$link"
			`fi`
* fix nested relative symlink issues in the portable scripts as well * portable startup scripts now are /bin/sh compatible 2014-06-20 14:41:18 -04:00			`done`

			`# make it fully qualified`
			WORKING_DIR=`pwd`
			PRG_DIR=`dirname "$PRG"`
			APP_ROOT=`cd "$PRG_DIR" && pwd`

			`# restore original working dir`
			`cd "$WORKING_DIR"`


* update filebot.sh as well 2015-06-29 08:04:34 -04:00			`# update core application files`
Support gpg signatures for release artifacts in ant build 2017-04-16 08:11:48 -04:00			`PACKAGE_NAME="FileBot.jar.xz.gpg"`
Sign and verify new release jars with GnuPG 2017-04-13 05:54:09 -04:00			`PACKAGE_FILE="$APP_ROOT/$PACKAGE_NAME"`
			`PACKAGE_URL="https://sourceforge.net/projects/filebot/files/filebot/HEAD/$PACKAGE_NAME"`
Verify SHA1 hash when updating to the latest FileBot.jar revision 2016-06-08 08:31:16 -04:00
			`# check if file has changed`
Sign and verify new release jars with GnuPG 2017-04-13 07:15:37 -04:00			PACKAGE_HASH_EXPECTED=`curl --silent --retry 5 "$PACKAGE_URL/list" \| egrep -o "\b[a-z0-9]{32}\b"`
			PACKAGE_HASH=`openssl dgst -md5 "$PACKAGE_FILE" \| egrep -o "\b[a-z0-9]{32}\b"`
Verify SHA1 hash when updating to the latest FileBot.jar revision 2016-06-08 08:31:16 -04:00
Sign and verify new release jars with GnuPG 2017-04-13 07:15:37 -04:00			`if [ -z "$PACKAGE_HASH_EXPECTED" ]; then`
			`echo "hash unknown"`
Abort if expected SHA1 hash is unkown 2016-07-08 05:39:05 -04:00			`exit 1`
			`fi`

Sign and verify new release jars with GnuPG 2017-04-13 07:15:37 -04:00			`if [ "$PACKAGE_HASH" == "$PACKAGE_HASH_EXPECTED" ]; then`
Sign and verify new release jars with GnuPG 2017-04-13 07:18:26 -04:00			`echo "$PACKAGE_FILE [$PACKAGE_HASH]"`
Verify SHA1 hash when updating to the latest FileBot.jar revision 2016-06-08 08:31:16 -04:00			`exit 0`
			`fi`
* update filebot.sh as well 2015-06-29 08:04:34 -04:00
Sign and verify new release jars with GnuPG 2017-04-13 05:54:09 -04:00			`echo "Update $PACKAGE_FILE"`
			`curl -L -o "$PACKAGE_FILE" -z "$PACKAGE_FILE" --retry 5 "$PACKAGE_URL" # FRS will redirect to (unsecure) HTTP download link`
Verify SHA1 hash when updating to the latest FileBot.jar revision 2016-06-08 08:31:16 -04:00
compress="no" seems to allow for much better zip/xz compression rates (~30% better) 2016-10-24 16:17:47 -04:00			`# check if file has been corrupted (or modified) in transit`
Sign and verify new release jars with GnuPG 2017-04-13 07:15:37 -04:00			PACKAGE_HASH=`openssl dgst -md5 "$PACKAGE_FILE" \| egrep -o "\b[a-z0-9]{32}\b"`
Sign and verify new release jars with GnuPG 2017-04-13 07:18:26 -04:00			`echo "$PACKAGE_FILE [$PACKAGE_HASH]"`
* update filebot.sh as well 2015-06-29 08:04:34 -04:00
Sign and verify new release jars with GnuPG 2017-04-13 07:15:37 -04:00			`if [ "$PACKAGE_HASH" != "$PACKAGE_HASH_EXPECTED" ]; then`
Sign and verify new release jars with GnuPG 2017-04-13 07:18:26 -04:00			`echo "HASH hash mismatch [$PACKAGE_HASH_EXPECTED]"`
Sign and verify new release jars with GnuPG 2017-04-13 05:54:09 -04:00			`rm -vf "$PACKAGE_FILE"`
Verify SHA1 hash when updating to the latest FileBot.jar revision 2016-06-08 08:31:16 -04:00			`exit 1`
			`fi`
compress="no" seems to allow for much better zip/xz compression rates (~30% better) 2016-10-24 16:17:47 -04:00
Sign and verify new release jars with GnuPG 2017-04-13 05:54:09 -04:00
			`# initialize gpg`
Sign and verify new release jars with GnuPG 2017-04-13 07:29:12 -04:00			`GPG_HOME="$APP_ROOT/data/.gpg"`
Sign and verify new release jars with GnuPG 2017-04-13 05:54:09 -04:00			`JAR_XZ_FILE="$APP_ROOT/FileBot.jar.xz"`

Sign and verify new release jars with GnuPG 2017-04-13 06:10:53 -04:00			`if [ ! -d "$GPG_HOME" ]; then`
Support gpg signatures for release artifacts in ant build 2017-04-16 08:11:48 -04:00			`mkdir -p "$GPG_HOME" && chmod 700 "$GPG_HOME" && gpg --homedir "$GPG_HOME" --import "$APP_ROOT/maintainer.pub"`
Sign and verify new release jars with GnuPG 2017-04-13 05:54:09 -04:00			`fi`

			`# verify signature and extract jar`
			`gpg --batch --yes --homedir "$GPG_HOME" --trusted-key "4E402EBF7C3C6A71" --output "$JAR_XZ_FILE" --decrypt "$PACKAGE_FILE" && xz --decompress --force "$JAR_XZ_FILE"`