Skip to content

Instantly share code, notes, and snippets.

@wentuq
Last active August 8, 2021 19:59
Show Gist options
  • Save wentuq/e19611f7ac3114c89ab4cdf88e69f314 to your computer and use it in GitHub Desktop.
Save wentuq/e19611f7ac3114c89ab4cdf88e69f314 to your computer and use it in GitHub Desktop.
/usr/local/dnscrypt-proxy/dnscrypt-proxy-update.sh
#! /bin/sh
CONFIG_DIR="/etc/dnscrypt-proxy"
INSTALL_DIR="/usr/local/dnscrypt-proxy"
LATEST_URL="https://api.github.com/repos/DNSCrypt/dnscrypt-proxy/releases/latest"
DNSCRYPT_PUBLIC_KEY="RWTk1xXqcTODeYttYMCMLo0YJHaFEHn7a3akqHlb/7QvIQXHVPxKbjB5"
PLATFORM="linux"
CPU_ARCH="x86_64"
Update() {
workdir="$(mktemp -d)"
download_url="$(curl -sL "$LATEST_URL" | grep dnscrypt-proxy-${PLATFORM}_${CPU_ARCH}- | grep browser_download_url | head -1 | cut -d \" -f 4)"
echo "[INFO] Downloading update from '$download_url'..."
download_file="dnscrypt-proxy-update.tar.gz"
curl --request GET -sL --url "$download_url" --output "$workdir/$download_file"
response=$?
if [ $response -ne 0 ]; then
echo "[ERROR] Could not download file from '$download_url'" >&2
rm -Rf "$workdir"
return 1
fi
if [ -x "$(command -v minisign)" ]; then
curl --request GET -sL --url "${download_url}.minisig" --output "$workdir/${download_file}.minisig"
minisign -Vm "$workdir/$download_file" -P "$DNSCRYPT_PUBLIC_KEY"
valid_file=$?
if [ $valid_file -ne 0 ]; then
echo "[ERROR] Downloaded file has failed signature verification. Update aborted." >&2
rm -Rf "$workdir"
return 1
fi
else
echo '[WARN] minisign is not installed, downloaded file signature could not be verified.'
fi
echo '[INFO] Initiating update of DNSCrypt-proxy'
tar xz -C "$workdir" -f "$workdir/$download_file" ${PLATFORM}-${CPU_ARCH}/dnscrypt-proxy &&
mv -f "${INSTALL_DIR}/dnscrypt-proxy" "${INSTALL_DIR}/dnscrypt-proxy.old" &&
mv -f "${workdir}/${PLATFORM}-${CPU_ARCH}/dnscrypt-proxy" "${INSTALL_DIR}/" &&
chmod u+x "${INSTALL_DIR}/dnscrypt-proxy" &&
cd "$CONFIG_DIR" &&
dnscrypt-proxy -check && dnscrypt-proxy -service install 2>/dev/null || : &&
dnscrypt-proxy -service restart || dnscrypt-proxy -service start
updated_successfully=$?
rm -Rf "$workdir"
if [ $updated_successfully -eq 0 ]; then
echo '[INFO] DNSCrypt-proxy has been successfully updated!'
return 0
else
echo '[ERROR] Unable to complete DNSCrypt-proxy update. Update has been aborted.' >&2
return 1
fi
}
if [ ! -f "${INSTALL_DIR}/dnscrypt-proxy" ]; then
echo "[ERROR] DNSCrypt-proxy is not installed in '${INSTALL_DIR}/dnscrypt-proxy'. Update aborted..." >&2
exit 1
fi
local_version=$("${INSTALL_DIR}/dnscrypt-proxy" -version)
remote_version=$(curl -sL "$LATEST_URL" | grep "tag_name" | head -1 | cut -d \" -f 4)
if [ -z "$local_version" ] || [ -z "$remote_version" ]; then
echo "[ERROR] Could not retrieve DNSCrypt-proxy version. Update aborted... " >&2
exit 1
else
echo "[INFO] local_version=$local_version, remote_version=$remote_version"
fi
if [ "$local_version" != "$remote_version" ]; then
echo "[INFO] local_version not synced with remote_version, initiating update..."
Update
exit $?
else
echo "[INFO] No updated needed."
exit 0
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment