Skip to content

Commit e4a5a8e

Browse files
susnuxsusnux
authored
Merge pull request #725 from nextcloud/backport/723/stable32
[stable32] fix: verify integrity with URL override but allow to disable if needed
2 parents 7a99997 + df5cfb3 commit e4a5a8e

File tree

4 files changed

+17
-14
lines changed

4 files changed

+17
-14
lines changed

index.php

Lines changed: 1 addition & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -766,19 +766,14 @@ private function getDownloadedFilePath(): string {
766766
*
767767
* @throws \Exception
768768
*/
769-
public function verifyIntegrity(?string $urlOverride = null): void {
769+
public function verifyIntegrity(): void {
770770
$this->silentLog('[info] verifyIntegrity()');
771771

772772
if ($this->getCurrentReleaseChannel() === 'daily') {
773773
$this->silentLog('[info] current channel is "daily" which is not signed. Skipping verification.');
774774
return;
775775
}
776776

777-
if ($urlOverride) {
778-
$this->silentLog('[info] custom download url provided, cannot verify signature');
779-
return;
780-
}
781-
782777
$response = $this->getUpdateServerResponse();
783778
if (empty($response['signature'])) {
784779
throw new \Exception('No signature specified for defined update');

lib/UpdateCommand.php

Lines changed: 15 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,8 @@ class UpdateCommand extends Command {
2121
protected bool $shouldStop = false;
2222
protected bool $skipBackup = false;
2323
protected bool $skipUpgrade = false;
24+
protected bool $skipIntegrityCheck = false;
25+
2426
protected string $urlOverride = '';
2527

2628
/** @var list<string> strings of text for stages of updater */
@@ -47,7 +49,8 @@ protected function configure(): void {
4749
->setHelp('This command fetches the latest code that is announced via the updater server and safely replaces the existing code with the new one.')
4850
->addOption('no-backup', null, InputOption::VALUE_NONE, 'Skip backup of current Nextcloud version')
4951
->addOption('no-upgrade', null, InputOption::VALUE_NONE, "Don't automatically run occ upgrade")
50-
->addOption('url', null, InputOption::VALUE_OPTIONAL, 'The URL of the Nextcloud release to download');
52+
->addOption('url', null, InputOption::VALUE_OPTIONAL, 'The URL of the Nextcloud release to download')
53+
->addOption('no-verify', null, InputOption::VALUE_OPTIONAL, 'Skip integrity verification of the downloaded file');
5154
}
5255

5356
public static function getUpdaterVersion(): string {
@@ -62,6 +65,7 @@ public static function getUpdaterVersion(): string {
6265
protected function execute(InputInterface $input, OutputInterface $output) {
6366
$this->skipBackup = (bool)$input->getOption('no-backup');
6467
$this->skipUpgrade = (bool)$input->getOption('no-upgrade');
68+
$this->skipIntegrityCheck = (bool)$input->getOption('no-verify');
6569
$this->urlOverride = (string)$input->getOption('url');
6670

6771
$version = static::getUpdaterVersion();
@@ -143,6 +147,11 @@ protected function execute(InputInterface $input, OutputInterface $output) {
143147
$updateString = $this->updater->checkForUpdate();
144148
}
145149

150+
if ($this->skipIntegrityCheck) {
151+
$this->updater->log('[warn] Integrity check of the downloaded file will be skipped');
152+
$output->writeln('Integrity check of the downloaded file will be skipped.');
153+
}
154+
146155
$output->writeln('');
147156

148157
$lines = explode('<br />', $updateString);
@@ -407,7 +416,11 @@ protected function executeStep(int $step): array {
407416
$this->updater->downloadUpdate($this->urlOverride);
408417
break;
409418
case 5:
410-
$this->updater->verifyIntegrity($this->urlOverride);
419+
if ($this->skipIntegrityCheck) {
420+
$this->updater->silentLog('[info] Skipping integrity check as requested');
421+
break;
422+
}
423+
$this->updater->verifyIntegrity();
411424
break;
412425
case 6:
413426
$this->updater->extractDownload();

lib/Updater.php

Lines changed: 1 addition & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -749,19 +749,14 @@ private function getDownloadedFilePath(): string {
749749
*
750750
* @throws \Exception
751751
*/
752-
public function verifyIntegrity(?string $urlOverride = null): void {
752+
public function verifyIntegrity(): void {
753753
$this->silentLog('[info] verifyIntegrity()');
754754

755755
if ($this->getCurrentReleaseChannel() === 'daily') {
756756
$this->silentLog('[info] current channel is "daily" which is not signed. Skipping verification.');
757757
return;
758758
}
759759

760-
if ($urlOverride) {
761-
$this->silentLog('[info] custom download url provided, cannot verify signature');
762-
return;
763-
}
764-
765760
$response = $this->getUpdateServerResponse();
766761
if (empty($response['signature'])) {
767762
throw new \Exception('No signature specified for defined update');

updater.phar

414 Bytes
Binary file not shown.

0 commit comments

Comments
 (0)