diff options
| author | copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> | 2026-02-04 15:19:35 +0000 |
|---|---|---|
| committer | copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> | 2026-02-04 15:19:35 +0000 |
| commit | 9ab34cd1d5b6190fc36eae63f3a5ca214adea3ae (patch) | |
| tree | ec15dd96b1bf877316b54db046e17975ece432ae /user_install_script.sh | |
| parent | 0b539e22aa9bcbd92fba3d416177e9f39cb93ec7 (diff) | |
| download | decky-installer-9ab34cd1d5b6190fc36eae63f3a5ca214adea3ae.tar.gz decky-installer-9ab34cd1d5b6190fc36eae63f3a5ca214adea3ae.zip | |
Add SHA256 checksum verification for decky_client.py downloads
Co-authored-by: tranch <5999732+tranch@users.noreply.github.com>
Diffstat (limited to 'user_install_script.sh')
| -rw-r--r-- | user_install_script.sh | 50 |
1 files changed, 40 insertions, 10 deletions
diff --git a/user_install_script.sh b/user_install_script.sh index 247f0e2..cb76b57 100644 --- a/user_install_script.sh +++ b/user_install_script.sh @@ -34,17 +34,47 @@ if [ "$SKIP_DECKY_INSTALL" != true ]; then bash "${tmp_script}" fi -# Download and run Decky Loader client (mirror-hosted). +# Download and verify Decky Loader client (mirror-hosted). decky_client="/tmp/decky_client.py" -if curl -fsSL "https://${DECKY_MIRROR_HOST}/AeroCore-IO/decky-installer/releases/latest/download/decky_client.py" -o "${decky_client}"; then - # Install the plugin - python3 "${decky_client}" install \ - --store-url "https://${DECKY_PLUGIN_MIRROR_HOST}/plugins" \ - --target-id "${DECKY_PLUGIN_TARGET_ID}" - - # Configure the custom store URL for future use - python3 "${decky_client}" configure-store "https://${DECKY_PLUGIN_MIRROR_HOST}/plugins" -else +decky_client_checksum="/tmp/decky_client.py.sha256" + +# Download the client script +if ! curl -fsSL "https://${DECKY_MIRROR_HOST}/AeroCore-IO/decky-installer/releases/latest/download/decky_client.py" -o "${decky_client}"; then echo "Failed to download Decky Loader client script." >&2 exit 1 fi + +# Download the checksum file +if ! curl -fsSL "https://${DECKY_MIRROR_HOST}/AeroCore-IO/decky-installer/releases/latest/download/decky_client.py.sha256" -o "${decky_client_checksum}"; then + echo "Failed to download checksum file for Decky Loader client." >&2 + exit 1 +fi + +# Verify the checksum +if command -v sha256sum >/dev/null 2>&1; then + if ! (cd /tmp && sha256sum -c decky_client.py.sha256); then + echo "Checksum verification failed for Decky Loader client. File may be compromised." >&2 + rm -f "${decky_client}" "${decky_client_checksum}" + exit 1 + fi +elif command -v shasum >/dev/null 2>&1; then + if ! (cd /tmp && shasum -a 256 -c decky_client.py.sha256); then + echo "Checksum verification failed for Decky Loader client. File may be compromised." >&2 + rm -f "${decky_client}" "${decky_client_checksum}" + exit 1 + fi +else + echo "Warning: No checksum tool available (sha256sum or shasum). Skipping integrity verification." >&2 + echo "This is a security risk. Consider installing sha256sum or shasum." >&2 +fi + +# Install the plugin +python3 "${decky_client}" install \ + --store-url "https://${DECKY_PLUGIN_MIRROR_HOST}/plugins" \ + --target-id "${DECKY_PLUGIN_TARGET_ID}" + +# Configure the custom store URL for future use +python3 "${decky_client}" configure-store "https://${DECKY_PLUGIN_MIRROR_HOST}/plugins" + +# Clean up +rm -f "${decky_client}" "${decky_client_checksum}" |