HorlogeSkynet · November 14, 2023 20:28
diff --git a/update_gitea.sh b/update_gitea.sh
 #!/usr/bin/env bash

 #
 # @HorlogeSkynet's Gitea automatic updating script for GNU/Linux.
 #
 # Version : v3.0.2
 # URL : <https://gist.github.com/HorlogeSkynet/d676b9204869842933169dbe35ed8650>
 #
 # /!\ A proper Gitea server managed by a systemd service is required /!\
 # --> Maintainer one : <https://gist.github.com/HorlogeSkynet/81a3a4ff2ea342dc3a77dc038cbc0e35>
 #
 # /!\ Expect previous version to be backup-ed as "${INSTALL_TARGET}.~" /!\
 #
 # Required packages :
 #  * wget
 #  * gnupg2
 #  * xz-utils
 #  * jq (only for automatic updates)
 #
 # Installation instructions :
 #  0. Make sure required packages are correctly installed
 #  1. Copy this script somewhere on your system as 'update_gitea.sh'
 #  2. Set it executable with 'chmod +x update_gitea.sh'
 #  3. Set (and verify) below constants to fit your Gitea setup
 #  4. Enjoy !
 #

 set -euo pipefail

 ### BEGIN CONSTANTS ###

 # Leave this field empty to automatically install latest "stable" release.
 VERSION=""
 PLATFORM="linux"
 ARCH="amd64"
 INSTALL_TARGET="/usr/local/bin/gitea"
 SYSTEMD_SERVICE="gitea.service"
 GITHUB_URL="https://api.github.com/repos/go-gitea/gitea/releases/latest"

 # You really should not trust anyone with the next values below.
 # Please verify it on : <https://docs.gitea.io/en-us/install-from-binary/#verify-gpg-signature>
 TRUSTED_GPG_SERVER="keys.openpgp.org"
 TRUSTED_KEY_HASH="0x7C9E68152594688862D62AF62D9AE806EC1592E2"

 ### END CONSTANTS ###

 ### BEGIN MACROS ###

 # Adapted from <https://www.jwdev.com/2020/01/27/native-bash-semver-check/>
 function semver_check {
 	high_version=$(echo -e "$1\\n$2" | LC_ALL=C sort -V | tail -1)
 	[[ "$1" != "$2" && "$1" != "$high_version" ]] && echo -1 && return
 	[[ "$1" == "$2" ]]; echo $?
 }

 function log_success {
 	echo -e "\\033[32mOK\\033[0m."
 }

 function log_error {
 	>&2 echo -e "\\033[31m${1:-Failed}\\033[0m."
 }

 ### END MACROS ###

 trap 'test -z "$TMPDIR" || rm -rf "$TMPDIR"' EXIT
 TMPDIR="$(mktemp -d)"
 pushd "$TMPDIR" > /dev/null || exit 1

 # If `VERSION` has been left empty, fetch latest tag from GitHub.
 if [ -z "$VERSION" ]; then
 	echo -n "Now fetching current Gitea version : "
 	CURRENT_VERSION="$(${INSTALL_TARGET} --version | cut -d ' ' -f 3 || true)"
 	echo "${CURRENT_VERSION:-None}"

 	echo -n "Now fetching latest release from GitHub API : "
 	VERSION="$(wget -qO- --header 'Accept: application/vnd.github.v3+json' "$GITHUB_URL" | jq -r '.tag_name' || true)"
 	if [ -z "$VERSION" ]; then
 		log_error "HTTP request failed"
 		exit 1
 	fi
 	# Strips any leading 'v' character.
 	if [ "${VERSION:0:1}" == 'v' ]; then
 		VERSION="${VERSION:1}"
 	fi
 	echo "$VERSION"

 	# Error is human : check that "latest" published version is really superior.
 	if [ -n "$CURRENT_VERSION" -a "$(semver_check "$VERSION" "$CURRENT_VERSION")" -le 0 ]; then
 		# Stop here if already up to date (or even more recent to prevent database corruption).
 		exit 0
 	fi
 fi

 # DRY.
 binary_name="gitea-${VERSION}-${PLATFORM}-${ARCH}"
 base_name="${binary_name}.xz"

 echo -n "Now retrieving compressed binary, as long as its SHA256 checksum and GPG signature : "
 wget -q "https://dl.gitea.io/gitea/${VERSION}/${base_name}"{,.sha256,.asc} || \
 	wget -q "https://dl.gitea.io/gitea/v${VERSION}/${base_name}"{,.sha256,.asc}
 log_success

 echo -n "Now verifying the program checksum : "
 if ! sha256sum --quiet -c "${base_name}.sha256" 2> /dev/null; then
 	log_error "Invalid checksum"
 	exit 1
 fi
 log_success

 # Ensure that the GPG public key of Teabot is present within the local keyring.
 if ! gpg --list-keys $TRUSTED_KEY_HASH > /dev/null 2>&1; then
 	echo -n "Now retrieving GPG public identities of Teabot : "
 	if ! gpg --keyserver $TRUSTED_GPG_SERVER --recv $TRUSTED_KEY_HASH > /dev/null; then
 		# GPG would throw errors (if any) over here.
 		exit 1
 	fi
 	log_success
 fi

 echo -n "Now verifying the GPG signature of the program : "
 if ! gpg --verify "${base_name}.asc" "$base_name" 2> /dev/null; then
 	log_error "Invalid signature"
 	exit 1
 fi
 log_success

 echo -n "Now decompressing binary : "
 if ! xz --decompress --force "${base_name}"; then
 	# xz would throw errors (if any) over here.
 	exit 1
 fi
 log_success

 echo -n "Now stopping Gitea : "
 if ! systemctl stop "$SYSTEMD_SERVICE"; then
 	log_error
 	exit 1
 fi
 log_success

 echo -n "Now installing and preparing new binary : "
 chmod +x "$binary_name"
 mv --backup --force "$binary_name" "$INSTALL_TARGET"
 log_success

 echo -n "Now starting again Gitea : "
 if ! systemctl start "$SYSTEMD_SERVICE"; then
 	log_error
 	exit 1
 fi
 log_success

 echo -n "Now cleaning up : "
 if ! rm "$base_name"* 2> /dev/null; then
 	log_error
 	exit 1
 fi
 log_success

 popd > /dev/null || exit 1
	#!/usr/bin/env bash

	#
	# @HorlogeSkynet's Gitea automatic updating script for GNU/Linux.
	#
	# Version : v3.0.2
	# URL : <https://gist.github.com/HorlogeSkynet/d676b9204869842933169dbe35ed8650>
	#
	# /!\ A proper Gitea server managed by a systemd service is required /!\
	# --> Maintainer one : <https://gist.github.com/HorlogeSkynet/81a3a4ff2ea342dc3a77dc038cbc0e35>
	#
	# /!\ Expect previous version to be backup-ed as "${INSTALL_TARGET}.~" /!\
	#
	# Required packages :
	# * wget
	# * gnupg2
	# * xz-utils
	# * jq (only for automatic updates)
	#
	# Installation instructions :
	# 0. Make sure required packages are correctly installed
	# 1. Copy this script somewhere on your system as 'update_gitea.sh'
	# 2. Set it executable with 'chmod +x update_gitea.sh'
	# 3. Set (and verify) below constants to fit your Gitea setup
	# 4. Enjoy !
	#

	set -euo pipefail

	### BEGIN CONSTANTS ###

	# Leave this field empty to automatically install latest "stable" release.
	VERSION=""
	PLATFORM="linux"
	ARCH="amd64"
	INSTALL_TARGET="/usr/local/bin/gitea"
	SYSTEMD_SERVICE="gitea.service"
	GITHUB_URL="https://api.github.com/repos/go-gitea/gitea/releases/latest"

	# You really should not trust anyone with the next values below.
	# Please verify it on : <https://docs.gitea.io/en-us/install-from-binary/#verify-gpg-signature>
	TRUSTED_GPG_SERVER="keys.openpgp.org"
	TRUSTED_KEY_HASH="0x7C9E68152594688862D62AF62D9AE806EC1592E2"

	### END CONSTANTS ###

	### BEGIN MACROS ###

	# Adapted from <https://www.jwdev.com/2020/01/27/native-bash-semver-check/>
	function semver_check {
	high_version=$(echo -e "$1\\n$2" \| LC_ALL=C sort -V \| tail -1)
	[[ "$1" != "$2" && "$1" != "$high_version" ]] && echo -1 && return
	[[ "$1" == "$2" ]]; echo $?
	}

	function log_success {
	echo -e "\\033[32mOK\\033[0m."
	}

	function log_error {
	>&2 echo -e "\\033[31m${1:-Failed}\\033[0m."
	}

	### END MACROS ###

	trap 'test -z "$TMPDIR" \|\| rm -rf "$TMPDIR"' EXIT
	TMPDIR="$(mktemp -d)"
	pushd "$TMPDIR" > /dev/null \|\| exit 1

	# If `VERSION` has been left empty, fetch latest tag from GitHub.
	if [ -z "$VERSION" ]; then
	echo -n "Now fetching current Gitea version : "
	CURRENT_VERSION="$(${INSTALL_TARGET} --version \| cut -d ' ' -f 3 \|\| true)"
	echo "${CURRENT_VERSION:-None}"

	echo -n "Now fetching latest release from GitHub API : "
	VERSION="$(wget -qO- --header 'Accept: application/vnd.github.v3+json' "$GITHUB_URL" \| jq -r '.tag_name' \|\| true)"
	if [ -z "$VERSION" ]; then
	log_error "HTTP request failed"
	exit 1
	fi
	# Strips any leading 'v' character.
	if [ "${VERSION:0:1}" == 'v' ]; then
	VERSION="${VERSION:1}"
	fi
	echo "$VERSION"

	# Error is human : check that "latest" published version is really superior.
	if [ -n "$CURRENT_VERSION" -a "$(semver_check "$VERSION" "$CURRENT_VERSION")" -le 0 ]; then
	# Stop here if already up to date (or even more recent to prevent database corruption).
	exit 0
	fi
	fi

	# DRY.
	binary_name="gitea-${VERSION}-${PLATFORM}-${ARCH}"
	base_name="${binary_name}.xz"

	echo -n "Now retrieving compressed binary, as long as its SHA256 checksum and GPG signature : "
	wget -q "https://dl.gitea.io/gitea/${VERSION}/${base_name}"{,.sha256,.asc} \|\| \
	wget -q "https://dl.gitea.io/gitea/v${VERSION}/${base_name}"{,.sha256,.asc}
	log_success

	echo -n "Now verifying the program checksum : "
	if ! sha256sum --quiet -c "${base_name}.sha256" 2> /dev/null; then
	log_error "Invalid checksum"
	exit 1
	fi
	log_success

	# Ensure that the GPG public key of Teabot is present within the local keyring.
	if ! gpg --list-keys $TRUSTED_KEY_HASH > /dev/null 2>&1; then
	echo -n "Now retrieving GPG public identities of Teabot : "
	if ! gpg --keyserver $TRUSTED_GPG_SERVER --recv $TRUSTED_KEY_HASH > /dev/null; then
	# GPG would throw errors (if any) over here.
	exit 1
	fi
	log_success
	fi

	echo -n "Now verifying the GPG signature of the program : "
	if ! gpg --verify "${base_name}.asc" "$base_name" 2> /dev/null; then
	log_error "Invalid signature"
	exit 1
	fi
	log_success

	echo -n "Now decompressing binary : "
	if ! xz --decompress --force "${base_name}"; then
	# xz would throw errors (if any) over here.
	exit 1
	fi
	log_success

	echo -n "Now stopping Gitea : "
	if ! systemctl stop "$SYSTEMD_SERVICE"; then
	log_error
	exit 1
	fi
	log_success

	echo -n "Now installing and preparing new binary : "
	chmod +x "$binary_name"
	mv --backup --force "$binary_name" "$INSTALL_TARGET"
	log_success

	echo -n "Now starting again Gitea : "
	if ! systemctl start "$SYSTEMD_SERVICE"; then
	log_error
	exit 1
	fi
	log_success

	echo -n "Now cleaning up : "
	if ! rm "$base_name"* 2> /dev/null; then
	log_error
	exit 1
	fi
	log_success

	popd > /dev/null \|\| exit 1