feat: 添加 checksums 校验

README.md

@@ -52,7 +52,7 @@ CentOS Stream 可使用迁移脚本迁移至支持的系统: [CentOS 8/9 迁移
 如果你决定继续，请以`root`用户登录服务器，执行以下命令安装面板：
 
 ```shell
-HAOZI_DL_URL="https://jihulab.com/haozi-team/download/-/raw/main/panel"; curl -sSL -O ${HAOZI_DL_URL}/install_panel.sh && curl -sSL -O ${HAOZI_DL_URL}/install_panel.sh_checksums.txt && sha256sum -c install_panel.sh_checksums.txt && bash install_panel.sh || echo "Checksum 验证失败，文件可能被篡改，已终止操作"
+HAOZI_DL_URL="https://jihulab.com/haozi-team/download/-/raw/main/panel"; curl -sSL -O ${HAOZI_DL_URL}/install_panel.sh && curl -sSL -O ${HAOZI_DL_URL}/install_panel.sh.checksum.txt && sha256sum -c install_panel.sh.checksum.txt && bash install_panel.sh || echo "Checksum 验证失败，文件可能被篡改，已终止操作"
 ```
 
 ## 卸载面板
@@ -62,7 +62,7 @@ HAOZI_DL_URL="https://jihulab.com/haozi-team/download/-/raw/main/panel"; curl -s
 如果你无法重装系统，请以`root`用户登录服务器，执行以下命令卸载面板：
 
 ```shell
-HAOZI_DL_URL="https://jihulab.com/haozi-team/download/-/raw/main/panel"; curl -sSL -O ${HAOZI_DL_URL}/uninstall_panel.sh && curl -sSL -O ${HAOZI_DL_URL}/uninstall_panel.sh_checksums.txt && sha256sum -c uninstall_panel.sh_checksums.txt && bash uninstall_panel.sh || echo "Checksum 验证失败，文件可能被篡改，已终止操作"
+HAOZI_DL_URL="https://jihulab.com/haozi-team/download/-/raw/main/panel"; curl -sSL -O ${HAOZI_DL_URL}/uninstall_panel.sh && curl -sSL -O ${HAOZI_DL_URL}/uninstall_panel.sh.checksum.txt && sha256sum -c uninstall_panel.sh.checksum.txt && bash uninstall_panel.sh || echo "Checksum 验证失败，文件可能被篡改，已终止操作"
 ```
 
 卸载面板前请务必备份好所有数据，提前卸载面板全部插件。卸载后数据将**无法恢复**！

README_EN.md

@@ -48,7 +48,7 @@ Before installing the panel, you need to understand the basic knowledge of the L
 If you decide to continue, please log in to the server as `root` user and execute the following command to install the panel:
 
 ```shell
-HAOZI_DL_URL="https://jihulab.com/haozi-team/download/-/raw/main/panel"; curl -sSL -O ${HAOZI_DL_URL}/install_panel.sh && curl -sSL -O ${HAOZI_DL_URL}/install_panel.sh_checksums.txt && sha256sum -c install_panel.sh_checksums.txt && bash install_panel.sh || echo "Checksum Verification Failed, File May Have Been Tampered With, Operation Terminated"
+HAOZI_DL_URL="https://jihulab.com/haozi-team/download/-/raw/main/panel"; curl -sSL -O ${HAOZI_DL_URL}/install_panel.sh && curl -sSL -O ${HAOZI_DL_URL}/install_panel.sh.checksum.txt && sha256sum -c install_panel.sh.checksum.txt && bash install_panel.sh || echo "Checksum Verification Failed, File May Have Been Tampered With, Operation Terminated"
 ```
 
 ## Uninstall Panel
@@ -58,7 +58,7 @@ Recommended to back up data and reinstall the system first, so that the system c
 If you are unable to reinstall the system, log in to the server as the `root` user and execute the following command to uninstall the panel:
 
 ```shell
-HAOZI_DL_URL="https://jihulab.com/haozi-team/download/-/raw/main/panel"; curl -sSL -O ${HAOZI_DL_URL}/uninstall_panel.sh && curl -sSL -O ${HAOZI_DL_URL}/uninstall_panel.sh_checksums.txt && sha256sum -c uninstall_panel.sh_checksums.txt && bash uninstall_panel.sh || echo "Checksum Verification Failed, File May Have Been Tampered With, Operation Terminated"
+HAOZI_DL_URL="https://jihulab.com/haozi-team/download/-/raw/main/panel"; curl -sSL -O ${HAOZI_DL_URL}/uninstall_panel.sh && curl -sSL -O ${HAOZI_DL_URL}/uninstall_panel.sh.checksum.txt && sha256sum -c uninstall_panel.sh.checksum.txt && bash uninstall_panel.sh || echo "Checksum Verification Failed, File May Have Been Tampered With, Operation Terminated"
 ```
 
 Before uninstalling the panel, please be sure to back up all data and uninstall all panel plugins in advance. The data will **not be recoverable** after uninstallation!

scripts/install_panel.sh

@@ -182,39 +182,54 @@ Init_Panel() {
     if [ "${ARCH}" == "x86_64" ]; then
         if ${inChina}; then
             panelZip=$(curl -sSL "https://jihulab.com/api/v4/projects/haozi-team%2Fpanel/releases/permalink/latest" | jq -r '.assets.links[] | select(.name | contains("amd64v2")) | .direct_asset_url')
+            panelZipName=$(curl -sSL "https://jihulab.com/api/v4/projects/haozi-team%2Fpanel/releases/permalink/latest" | jq -r '.assets.links[] | select(.name | contains("amd64v2")) | .name')
         else
             panelZip=$(curl -sSL "https://api.github.com/repos/haozi-team/panel/releases/latest" | jq -r '.assets[] | select(.name | contains("amd64v2")) | .browser_download_url')
+            panelZipName=$(curl -sSL "https://api.github.com/repos/haozi-team/panel/releases/latest" | jq -r '.assets[] | select(.name | contains("amd64v2")) | .name')
         fi
     elif [ "${ARCH}" == "aarch64" ]; then
         if ${inChina}; then
             panelZip=$(curl -sSL "https://jihulab.com/api/v4/projects/haozi-team%2Fpanel/releases/permalink/latest" | jq -r '.assets.links[] | select(.name | contains("arm64")) | .direct_asset_url')
+            panelZipName=$(curl -sSL "https://jihulab.com/api/v4/projects/haozi-team%2Fpanel/releases/permalink/latest" | jq -r '.assets.links[] | select(.name | contains("arm64")) | .name')
         else
             panelZip=$(curl -sSL "https://api.github.com/repos/haozi-team/panel/releases/latest" | jq -r '.assets[] | select(.name | contains("arm64")) | .browser_download_url')
+            panelZipName=$(curl -sSL "https://api.github.com/repos/haozi-team/panel/releases/latest" | jq -r '.assets[] | select(.name | contains("arm64")) | .name')
         fi
     else
         echo -e $HR
         echo "错误：该系统架构不支持安装耗子Linux面板，请更换x86_64/aarch64架构安装。"
         exit 1
     fi
-    if [ "$?" != "0" ] || [ "${panelZip}" == "" ]; then
+    if [ "$?" != "0" ] || [ "${panelZip}" == "" ] || [ "${panelZipName}" == "" ]; then
         echo -e $HR
         echo "错误：获取面板下载链接失败，请截图错误信息寻求帮助。"
         exit 1
     fi
-    wget -T 120 -t 3 -O ${setup_Path}/panel/panel.zip "${panelZip}"
-    if [ "$?" != "0" ]; then
+    wget -T 120 -t 3 -O ${setup_Path}/panel/${panelZipName} "${panelZip}"
+
+    # 下载 checksums 文件
+    if ${inChina}; then
+        checksumsFile=$(curl -sSL "https://jihulab.com/api/v4/projects/haozi-team%2Fpanel/releases/permalink/latest" | jq -r '.assets.links[] | select(.name | contains("checksums")) | .direct_asset_url')
+        checksumsFileName=$(curl -sSL "https://jihulab.com/api/v4/projects/haozi-team%2Fpanel/releases/permalink/latest" | jq -r '.assets.links[] | select(.name | contains("checksums")) | .name')
+    else
+        checksumsFile=$(curl -sSL "https://api.github.com/repos/haozi-team/panel/releases/latest" | jq -r '.assets[] | select(.name | contains("checksums")) | .browser_download_url')
+        checksumsFileName=$(curl -sSL "https://api.github.com/repos/haozi-team/panel/releases/latest" | jq -r '.assets[] | select(.name | contains("checksums")) | .name')
+    fi
+    wget -T 20 -t 3 -O ${setup_Path}/panel/${checksumsFileName} "${checksumsFile}"
+    cd ${setup_Path}/panel
+    if ! sha256sum --status -c ${checksumsFileName}; then
         echo -e $HR
-        echo "错误：下载面板失败，请截图错误信息寻求帮助。"
+        echo "错误：面板压缩包 checksum 校验失败，文件可能被篡改或不完整，已终止操作"
         exit 1
     fi
-    cd ${setup_Path}/panel
-    unzip -o panel.zip
+    unzip -o ${panelZipName}
     if [ "$?" != "0" ]; then
         echo -e $HR
         echo "错误：解压面板失败，请截图错误信息寻求帮助。"
         exit 1
     fi
-    rm -rf panel.zip
+    rm -rf ${panelZipName}
+    rm -rf ${checksumsFileName}
     cp panel-example.conf panel.conf
     ${setup_Path}/panel/panel --env="panel.conf" artisan key:generate
     ${setup_Path}/panel/panel --env="panel.conf" artisan jwt:secret
@@ -284,7 +299,7 @@ EOF
     panel init
     panel getInfo
     rm -f install_panel.sh
-    rm -f install_panel.sh_checksums.txt
+    rm -f install_panel.sh.checksum.txt
 }
 
 clear

scripts/mysql/install.sh

@@ -72,14 +72,36 @@ cd ${mysqlPath}
 
 # 下载源码
 wget -T 120 -t 3 -O ${mysqlPath}/mysql-${mysqlVersion}.tar.gz ${downloadUrl}/mysql-boost-${mysqlVersion}.tar.gz
+wget -T 20 -t 3 -O ${mysqlPath}/mysql-${mysqlVersion}.tar.gz.checksum.txt ${downloadUrl}/mysql-boost-${mysqlVersion}.tar.gz.checksum.txt
+
+# 校验
+if ! sha256sum --status -c mysql-${mysqlVersion}.tar.gz.checksum.txt; then
+    echo -e $HR
+    echo "错误：MySQL 源码 checksum 校验失败，文件可能被篡改或不完整，已终止操作"
+    rm -rf ${mysqlPath}
+    exit 1
+fi
+
 tar -zxvf mysql-${mysqlVersion}.tar.gz
 rm -f mysql-${mysqlVersion}.tar.gz
+rm -f mysql-${mysqlVersion}.tar.gz.checksum.txt
 mv mysql-${mysqlVersion} src
 
 # openssl
 wget -T 120 -t 3 -O ${mysqlPath}/openssl-1.1.1u.tar.gz ${downloadUrl}/openssl/openssl-1.1.1u.tar.gz
+wget -T 20 -t 3 -O ${mysqlPath}/openssl-1.1.1u.tar.gz..checksum.txt ${downloadUrl}/openssl/openssl-1.1.1u.tar.gz..checksum.txt
+
+# 校验
+if ! sha256sum --status -c openssl-1.1.1u.tar.gz..checksum.txt; then
+    echo -e $HR
+    echo "错误：OpenSSL 源码 checksum 校验失败，文件可能被篡改或不完整，已终止操作"
+    rm -rf ${mysqlPath}
+    exit 1
+fi
+
 tar -zxvf openssl-1.1.1u.tar.gz
 rm -f openssl-1.1.1u.tar.gz
+rm -f openssl-1.1.1u.tar.gz..checksum.txt
 mv openssl-1.1.1u openssl
 cd openssl
 ./config --prefix=/usr/local/openssl-1.1 --openssldir=/usr/local/openssl-1.1

scripts/mysql/update.sh

@@ -70,14 +70,32 @@ cd ${mysqlPath}
 
 # 下载源码
 wget -T 120 -t 3 -O ${mysqlPath}/mysql-${mysqlVersion}.tar.gz ${downloadUrl}/mysql-boost-${mysqlVersion}.tar.gz
+wget -T 20 -t 3 -O ${mysqlPath}/mysql-${mysqlVersion}.tar.gz.checksum.txt ${downloadUrl}/mysql-boost-${mysqlVersion}.tar.gz.checksum.txt
+
+if ! sha256sum --status -c mysql-${mysqlVersion}.tar.gz.checksum.txt; then
+    echo -e $HR
+    echo "错误：MySQL 源码 checksum 校验失败，文件可能被篡改或不完整，已终止操作"
+    exit 1
+fi
+
 tar -zxvf mysql-${mysqlVersion}.tar.gz
 rm -f mysql-${mysqlVersion}.tar.gz
+rm -f mysql-${mysqlVersion}.tar.gz.checksum.txt
 mv mysql-${mysqlVersion} src
 
 # openssl
 wget -T 120 -t 3 -O ${mysqlPath}/openssl-1.1.1u.tar.gz ${downloadUrl}/openssl/openssl-1.1.1u.tar.gz
+wget -T 20 -t 3 -O ${mysqlPath}/openssl-1.1.1u.tar.gz..checksum.txt ${downloadUrl}/openssl/openssl-1.1.1u.tar.gz..checksum.txt
+
+if ! sha256sum --status -c openssl-1.1.1u.tar.gz..checksum.txt; then
+    echo -e $HR
+    echo "错误：OpenSSL 源码 checksum 校验失败，文件可能被篡改或不完整，已终止操作"
+    exit 1
+fi
+
 tar -zxvf openssl-1.1.1u.tar.gz
 rm -f openssl-1.1.1u.tar.gz
+rm -f openssl-1.1.1u.tar.gz..checksum.txt
 mv openssl-1.1.1u openssl
 cd openssl
 ./config --prefix=/usr/local/openssl-1.1 --openssldir=/usr/local/openssl-1.1

scripts/openresty/install.sh

@@ -47,58 +47,148 @@ cd ${openrestyPath}
 
 # 下载源码
 wget -T 120 -t 3 -O ${openrestyPath}/openresty-${openrestyVersion}.tar.gz ${downloadUrl}/openresty-${openrestyVersion}.tar.gz
+wget -T 20 -t 3 -O ${openrestyPath}/openresty-${openrestyVersion}.tar.gz.checksum.txt ${downloadUrl}/openresty-${openrestyVersion}.tar.gz.checksum.txt
+
+if ! sha256sum --status -c openresty-${openrestyVersion}.tar.gz.checksum.txt; then
+    echo -e $HR
+    echo "错误：OpenResty 源码 checksum 校验失败，文件可能被篡改或不完整，已终止操作"
+    rm -rf ${openrestyPath}
+    exit 1
+fi
+
 tar -zxvf openresty-${openrestyVersion}.tar.gz
 rm -f openresty-${openrestyVersion}.tar.gz
+rm -f openresty-${openrestyVersion}.tar.gz.checksum.txt
 mv openresty-${openrestyVersion} src
 cd src
 
 # openssl
-wget -T 120 -t 3 -O openssl.tar.gz ${downloadUrl}/openssl/openssl-1.1.1u.tar.gz
-tar -zxvf openssl.tar.gz
-rm -f openssl.tar.gz
+wget -T 120 -t 3 -O openssl-1.1.1u.tar.gz ${downloadUrl}/openssl/openssl-1.1.1u.tar.gz
+wget -T 20 -t 3 -O openssl-1.1.1u.tar.gz.checksum.txt ${downloadUrl}/openssl/openssl-1.1.1u.tar.gz.checksum.txt
+
+if ! sha256sum --status -c openssl-1.1.1u.tar.gz.checksum.txt; then
+    echo -e $HR
+    echo "错误：OpenSSL 源码 checksum 校验失败，文件可能被篡改或不完整，已终止操作"
+    rm -rf ${openrestyPath}
+    exit 1
+fi
+
+tar -zxvf openssl-1.1.1u.tar.gz
+rm -f openssl-1.1.1u.tar.gz
+rm -f openssl-1.1.1u.tar.gz.checksum.txt
 mv openssl-1.1.1u openssl
-rm -f openssl.tar.gz
 
 # pcre
 wget -T 60 -t 3 -O pcre-8.45.tar.gz ${downloadUrl}/pcre/pcre-8.45.tar.gz
+wget -T 20 -t 3 -O pcre-8.45.tar.gz.checksum.txt ${downloadUrl}/pcre/pcre-8.45.tar.gz.checksum.txt
+
+if ! sha256sum --status -c pcre-8.45.tar.gz.checksum.txt; then
+    echo -e $HR
+    echo "错误：pcre 源码 checksum 校验失败，文件可能被篡改或不完整，已终止操作"
+    rm -rf ${openrestyPath}
+    exit 1
+fi
+
 tar -zxvf pcre-8.45.tar.gz
 rm -f pcre-8.45.tar.gz
+rm -f pcre-8.45.tar.gz.checksum.txt
 mv pcre-8.45 pcre
-rm -f pcre-8.45.tar.gz
 
 # ngx_cache_purge
-wget -T 20 -t 3 -O ngx_cache_purge.tar.gz ${downloadUrl}/modules/ngx_cache_purge-2.3.tar.gz
-tar -zxvf ngx_cache_purge.tar.gz
-rm -f ngx_cache_purge.tar.gz
+wget -T 20 -t 3 -O ngx_cache_purge-2.3.tar.gz ${downloadUrl}/modules/ngx_cache_purge-2.3.tar.gz
+wget -T 20 -t 3 -O ngx_cache_purge-2.3.tar.gz.checksum.txt ${downloadUrl}/modules/ngx_cache_purge-2.3.tar.gz.checksum.txt
+
+if ! sha256sum --status -c ngx_cache_purge-2.3.tar.gz.checksum.txt; then
+    echo -e $HR
+    echo "错误：ngx_cache_purge 源码 checksum 校验失败，文件可能被篡改或不完整，已终止操作"
+    rm -rf ${openrestyPath}
+    exit 1
+fi
+
+tar -zxvf ngx_cache_purge-2.3.tar.gz
+rm -f ngx_cache_purge-2.3.tar.gz
+rm -f ngx_cache_purge-2.3.tar.gz.checksum.txt
 mv ngx_cache_purge-2.3 ngx_cache_purge
-rm -f ngx_cache_purge.tar.gz
 
 # nginx-sticky-module
 wget -T 20 -t 3 -O nginx-sticky-module.zip ${downloadUrl}/modules/nginx-sticky-module.zip
+wget -T 20 -t 3 -O nginx-sticky-module.zip.checksum.txt ${downloadUrl}/modules/nginx-sticky-module.zip.checksum.txt
+
+if ! sha256sum --status -c nginx-sticky-module.zip.checksum.txt; then
+    echo -e $HR
+    echo "错误：nginx-sticky-module 源码 checksum 校验失败，文件可能被篡改或不完整，已终止操作"
+    rm -rf ${openrestyPath}
+    exit 1
+fi
+
 unzip -o nginx-sticky-module.zip
 rm -f nginx-sticky-module.zip
+rm -f nginx-sticky-module.zip.checksum.txt
 
 # nginx-dav-ext-module
 wget -T 20 -t 3 -O nginx-dav-ext-module-3.0.0.tar.gz ${downloadUrl}/modules/nginx-dav-ext-module-3.0.0.tar.gz
+wget -T 20 -t 3 -O nginx-dav-ext-module-3.0.0.tar.gz.checksum.txt ${downloadUrl}/modules/nginx-dav-ext-module-3.0.0.tar.gz.checksum.txt
+
+if ! sha256sum --status -c nginx-dav-ext-module-3.0.0.tar.gz.checksum.txt; then
+    echo -e $HR
+    echo "错误：nginx-dav-ext-module 源码 checksum 校验失败，文件可能被篡改或不完整，已终止操作"
+    rm -rf ${openrestyPath}
+    exit 1
+fi
+
 tar -xvf nginx-dav-ext-module-3.0.0.tar.gz
 rm -f nginx-dav-ext-module-3.0.0.tar.gz
+rm -f nginx-dav-ext-module-3.0.0.tar.gz.checksum.txt
 mv nginx-dav-ext-module-3.0.0 nginx-dav-ext-module
 
 # waf
-wget -T 60 -t 3 -O uthash.zip ${downloadUrl}/modules/uthash-2.3.0.zip
-unzip -o uthash.zip
+wget -T 60 -t 3 -O uthash-2.3.0.zip ${downloadUrl}/modules/uthash-2.3.0.zip
+wget -T 20 -t 3 -O uthash-2.3.0.zip.checksum.txt ${downloadUrl}/modules/uthash-2.3.0.zip.checksum.txt
+
+if ! sha256sum --status -c uthash-2.3.0.zip.checksum.txt; then
+    echo -e $HR
+    echo "错误：uthash 源码 checksum 校验失败，文件可能被篡改或不完整，已终止操作"
+    rm -rf ${openrestyPath}
+    exit 1
+fi
+
+unzip -o uthash-2.3.0.zip
 mv uthash-2.3.0 uthash
-rm -f uthash.zip
+rm -f uthash-2.3.0.zip
+rm -f uthash-2.3.0.zip.checksum.txt
 cd ../
-wget -T 20 -t 3 -O ngx_waf.zip ${downloadUrl}/modules/ngx_waf-6.1.9.zip
-unzip -o ngx_waf.zip
+
+wget -T 20 -t 3 -O ngx_waf-6.1.9.zip ${downloadUrl}/modules/ngx_waf-6.1.9.zip
+wget -T 20 -t 3 -O ngx_waf-6.1.9.zip.checksum.txt ${downloadUrl}/modules/ngx_waf-6.1.9.zip.checksum.txt
+
+if ! sha256sum --status -c ngx_waf-6.1.9.zip.checksum.txt; then
+    echo -e $HR
+    echo "错误：ngx_waf 源码 checksum 校验失败，文件可能被篡改或不完整，已终止操作"
+    rm -rf ${openrestyPath}
+    exit 1
+fi
+
+unzip -o ngx_waf-6.1.9.zip
 mv ngx_waf-6.1.9 ngx_waf
-rm -f ngx_waf.zip
+rm -f ngx_waf-6.1.9.zip
+rm -f ngx_waf-6.1.9.zip.checksum.txt
+
 cd ngx_waf/inc
-wget -T 60 -t 3 -O libinjection.zip ${downloadUrl}/modules/libinjection-3.10.0.zip
-unzip -o libinjection.zip
+wget -T 60 -t 3 -O libinjection-3.10.0.zip ${downloadUrl}/modules/libinjection-3.10.0.zip
+wget -T 20 -t 3 -O libinjection-3.10.0.zip.checksum.txt ${downloadUrl}/modules/libinjection-3.10.0.zip.checksum.txt
+
+if ! sha256sum --status -c libinjection-3.10.0.zip.checksum.txt; then
+    echo -e $HR
+    echo "错误：libinjection 源码 checksum 校验失败，文件可能被篡改或不完整，已终止操作"
+    rm -rf ${openrestyPath}
+    exit 1
+fi
+
+unzip -o libinjection-3.10.0.zip
 mv libinjection-3.10.0 libinjection
-rm -f libinjection.zip
+rm -f libinjection-3.10.0.zip
+rm -f libinjection-3.10.0.zip.checksum.txt
+
 cd ../
 make -j$(nproc)
 if [ "$?" != "0" ]; then
@@ -110,17 +200,37 @@ fi
 cd ${openrestyPath}/src
 
 # brotli
-wget -T 20 -t 3 -O ngx_brotli.zip ${downloadUrl}/modules/ngx_brotli-1.0.0rc.zip
-unzip -o ngx_brotli.zip
+wget -T 20 -t 3 -O ngx_brotli-1.0.0rc.zip ${downloadUrl}/modules/ngx_brotli-1.0.0rc.zip
+wget -T 20 -t 3 -O ngx_brotli-1.0.0rc.zip.checksum.txt ${downloadUrl}/modules/ngx_brotli-1.0.0rc.zip.checksum.txt
+
+if ! sha256sum --status -c ngx_brotli-1.0.0rc.zip.checksum.txt; then
+    echo -e $HR
+    echo "错误：ngx_brotli 源码 checksum 校验失败，文件可能被篡改或不完整，已终止操作"
+    rm -rf ${openrestyPath}
+    exit 1
+fi
+
+unzip -o ngx_brotli-1.0.0rc.zip
 mv ngx_brotli-1.0.0rc ngx_brotli
-rm -f ngx_brotli.zip
+rm -f ngx_brotli-1.0.0rc.zip
+rm -f ngx_brotli-1.0.0rc.zip.checksum.txt
 cd ngx_brotli/deps
 rm -rf brotli
-wget -T 20 -t 3 -O brotli.zip ${downloadUrl}/modules/brotli-1.0.9.zip
-unzip -o brotli.zip
+
+wget -T 20 -t 3 -O brotli-1.0.9.zip ${downloadUrl}/modules/brotli-1.0.9.zip
+wget -T 20 -t 3 -O brotli-1.0.9.zip.checksum.txt ${downloadUrl}/modules/brotli-1.0.9.zip.checksum.txt
+
+if ! sha256sum --status -c brotli-1.0.9.zip.checksum.txt; then
+    echo -e $HR
+    echo "错误：brotli 源码 checksum 校验失败，文件可能被篡改或不完整，已终止操作"
+    rm -rf ${openrestyPath}
+    exit 1
+fi
+
+unzip -o brotli-1.0.9.zip
 mv brotli-1.0.9 brotli
-rm -f brotli.zip
-cd ${openrestyPath}/src
+rm -f brotli-1.0.9.zip
+rm -f brotli-1.0.9.zip.checksum.txt
 
 cd ${openrestyPath}/src
 export LD_LIBRARY_PATH=/usr/local/lib/:$LD_LIBRARY_PATH

scripts/php/install.sh

@@ -70,21 +70,35 @@ else
     exit 1
 fi
 
-wget -T 120 -t 3 -O ${phpPath}/php-${phpVersion}.tar.gz ${downloadUrl}/php-${phpVersionCode}.tar.gz
-if [ "$?" != "0" ]; then
+wget -T 120 -t 3 -O ${phpPath}/php-${phpVersionCode}.tar.gz ${downloadUrl}/php-${phpVersionCode}.tar.gz
+wget -T 20 -t 3 -O ${phpPath}/php-${phpVersionCode}.tar.gz.checksum.txt ${downloadUrl}/php-${phpVersionCode}.tar.gz.checksum.txt
+
+if ! sha256sum --status -c php-${phpVersionCode}.tar.gz.checksum.txt; then
     echo -e $HR
-    echo "错误：PHP-${phpVersion}下载失败，请检查网络是否正常。"
+    echo "错误：PHP-${phpVersion}源码 checksum 校验失败，文件可能被篡改或不完整，已终止操作"
+    rm -rf ${phpPath}
     exit 1
 fi
 
-tar -xvf php-${phpVersion}.tar.gz
-rm -f php-${phpVersion}.tar.gz
+tar -xvf php-${phpVersionCode}.tar.gz
+rm -f php-${phpVersionCode}.tar.gz
+rm -f php-${phpVersionCode}.tar.gz.checksum.txt
 mv php-* src
 
 if [ "${phpVersion}" -le "80" ]; then
     wget -T 120 -t 3 -O ${phpPath}/openssl-1.1.1u.tar.gz ${downloadUrl}/openssl/openssl-1.1.1u.tar.gz
+    wget -T 20 -t 3 -O ${phpPath}/openssl-1.1.1u.tar.gz.checksum.txt ${downloadUrl}/openssl/openssl-1.1.1u.tar.gz.checksum.txt
+
+    if ! sha256sum --status -c openssl-1.1.1u.tar.gz.checksum.txt; then
+        echo -e $HR
+        echo "错误：PHP-${phpVersion} OpenSSL 源码 checksum 校验失败，文件可能被篡改或不完整，已终止操作"
+        rm -rf ${phpPath}
+        exit 1
+    fi
+
     tar -zxvf openssl-1.1.1u.tar.gz
     rm -f openssl-1.1.1u.tar.gz
+    rm -f openssl-1.1.1u.tar.gz.checksum.txt
     mv openssl-1.1.1u openssl
     cd openssl
     ./config --prefix=/usr/local/openssl-1.1 --openssldir=/usr/local/openssl-1.1

scripts/php_extensions/imagick.sh

@@ -47,9 +47,19 @@ Install() {
 
     cd /www/server/php/${phpVersion}/src/ext
     rm -rf imagick
-    rm -rf imagick.tar.gz
-    wget -T 60 -t 3 -O imagick.tar.gz ${downloadUrl}/imagick-${imagickVersion}.tar.gz
-    tar -zxvf imagick.tar.gz
+    rm -rf imagick-${imagickVersion}.tar.gz
+    wget -T 60 -t 3 -O imagick-${imagickVersion}.tar.gz ${downloadUrl}/imagick-${imagickVersion}.tar.gz
+    wget -T 20 -t 3 -O imagick-${imagickVersion}.tar.gz.checksum.txt ${downloadUrl}/imagick-${imagickVersion}.tar.gz.checksum.txt
+
+    if ! sha256sum --status -c imagick-${imagickVersion}.tar.gz.checksum.txt; then
+        echo -e $HR
+        echo "错误：PHP-${phpVersion} imagick 源码 checksum 校验失败，文件可能被篡改或不完整，已终止操作"
+        exit 1
+    fi
+
+    tar -zxvf imagick-${imagickVersion}.tar.gz
+    rm -f imagick-${imagickVersion}.tar.gz
+    rm -f imagick-${imagickVersion}.tar.gz.checksum.txt
     mv imagick-${imagickVersion} imagick
     cd imagick
     /www/server/php/${phpVersion}/bin/phpize

scripts/php_extensions/ionCube Loader.sh

@@ -34,11 +34,16 @@ Install() {
 
     mkdir /usr/local/ioncube
     wget -T 60 -t 3 -O /usr/local/ioncube/ioncube_loader_lin_${phpVersion}.so ${downloadUrl}/ioncube_loader_lin_${phpVersion}.so
-    if [ "$?" != "0" ]; then
+    wget -T 20 -t 3 -O /usr/local/ioncube/ioncube_loader_lin_${phpVersion}.so.checksum.txt ${downloadUrl}/ioncube_loader_lin_${phpVersion}.so.checksum.txt
+
+    if ! sha256sum --status -c /usr/local/ioncube/ioncube_loader_lin_${phpVersion}.so.checksum.txt; then
         echo -e $HR
-        echo "错误：ionCube 下载失败，请检查网络是否正常。"
+        echo "错误：PHP-${phpVersion} ionCube 源码 checksum 校验失败，文件可能被篡改或不完整，已终止操作"
         exit 1
     fi
+
+    rm -f /usr/local/ioncube/ioncube_loader_lin_${phpVersion}.so.checksum.txt
+
     sed -i -e "/;haozi/a\zend_extension=/usr/local/ioncube/ioncube_loader_lin_${phpVersion}.so" /www/server/php/${phpVersion}/etc/php.ini
 
     # 重载PHP

scripts/php_extensions/redis.sh

@@ -35,10 +35,20 @@ Install() {
 
     cd /www/server/php/${phpVersion}/src/ext
     rm -rf phpredis
-    rm -rf phpredis.tar.gz
-    wget -T 60 -t 3 -O phpredis.tar.gz ${downloadUrl}/phpredis-${phpredisVersion}.tar.gz
-    tar -zxvf phpredis.tar.gz
+    rm -rf phpredis-${phpredisVersion}.tar.gz
+    wget -T 60 -t 3 -O phpredis-${phpredisVersion}.tar.gz ${downloadUrl}/phpredis-${phpredisVersion}.tar.gz
+    wget -T 20 -t 3 -O phpredis-${phpredisVersion}.tar.gz.checksum.txt ${downloadUrl}/phpredis-${phpredisVersion}.tar.gz.checksum.txt
+
+    if ! sha256sum --status -c phpredis-${phpredisVersion}.tar.gz.checksum.txt; then
+        echo -e $HR
+        echo "错误：PHP-${phpVersion} redis 源码 checksum 校验失败，文件可能被篡改或不完整，已终止操作"
+        exit 1
+    fi
+
+    tar -zxvf phpredis-${phpredisVersion}.tar.gz
     mv phpredis-${phpredisVersion} phpredis
+    rm -f phpredis-${phpredisVersion}.tar.gz
+    rm -f phpredis-${phpredisVersion}.tar.gz.checksum.txt
     cd phpredis
     /www/server/php/${phpVersion}/bin/phpize
     ./configure --with-php-config=/www/server/php/${phpVersion}/bin/php-config

scripts/phpmyadmin/install.sh

@@ -31,18 +31,22 @@ rm -rf ${phpmyadminPath}
 mkdir -p ${phpmyadminPath}
 cd ${phpmyadminPath}
 
-wget -T 60 -t 3 -O phpmyadmin.zip ${downloadUrl}/phpMyAdmin-${phpmyadminVersion}-all-languages.zip
-if [ "$?" != "0" ]; then
+wget -T 60 -t 3 -O phpMyAdmin-${phpmyadminVersion}-all-languages.zip ${downloadUrl}/phpMyAdmin-${phpmyadminVersion}-all-languages.zip
+wget -T 20 -t 3 -O phpMyAdmin-${phpmyadminVersion}-all-languages.zip.checksum.txt ${downloadUrl}/phpMyAdmin-${phpmyadminVersion}-all-languages.zip.checksum.txt
+
+if ! sha256sum --status -c phpMyAdmin-${phpmyadminVersion}-all-languages.zip.checksum.txt; then
     echo -e $HR
-    echo "错误：phpMyAdmin 下载失败"
+    echo "错误：phpMyAdmin 源码 checksum 校验失败，文件可能被篡改或不完整，已终止操作"
     rm -rf ${phpmyadminPath}
     exit 1
 fi
-unzip -o phpmyadmin.zip
+
+unzip -o phpMyAdmin-${phpmyadminVersion}-all-languages.zip
 mv phpMyAdmin-${phpmyadminVersion}-all-languages phpmyadmin_${randomDir}
 chown -R www:www ${phpmyadminPath}
 chmod -R 755 ${phpmyadminPath}
-rm -rf phpmyadmin.zip
+rm -rf phpMyAdmin-${phpmyadminVersion}-all-languages.zip
+rm -rf phpMyAdmin-${phpmyadminVersion}-all-languages.zip.checksum.txt
 
 # 判断PHP版本
 phpVersion=""
@@ -67,7 +71,7 @@ if [ "${phpVersion}" == "" ]; then
 fi
 
 # 写入 phpMyAdmin 配置文件
-cat >/www/server/vhost/phpmyadmin.conf <<EOF
+cat > /www/server/vhost/phpmyadmin.conf << EOF
 # 配置文件中的标记位请勿随意修改，改错将导致面板无法识别！
 # 有自定义配置需求的，请将自定义的配置写在各标记位下方。
 server
@@ -117,10 +121,10 @@ chown -R www:www ${phpmyadminPath}
 
 # 放行端口
 if [ "${OS}" == "centos" ]; then
-    firewall-cmd --permanent --zone=public --add-port=888/tcp >/dev/null 2>&1
+    firewall-cmd --permanent --zone=public --add-port=888/tcp > /dev/null 2>&1
     firewall-cmd --reload
 elif [ "${OS}" == "debian" ]; then
-    ufw allow 888/tcp >/dev/null 2>&1
+    ufw allow 888/tcp > /dev/null 2>&1
     ufw reload
 fi
 

scripts/postgresql/install.sh

@@ -64,8 +64,18 @@ cd ${postgresqlPath}
 
 # 下载源码
 wget -T 120 -t 3 -O ${postgresqlPath}/postgresql-${postgresqlVersion}.tar.gz ${downloadUrl}/postgresql-${postgresqlVersion}.tar.gz
+wget -T 20 -t 3 -O ${postgresqlPath}/postgresql-${postgresqlVersion}.tar.gz.checksum.txt ${downloadUrl}/postgresql-${postgresqlVersion}.tar.gz.checksum.txt
+
+if ! sha256sum --status -c postgresql-${postgresqlVersion}.tar.gz.checksum.txt; then
+    echo -e $HR
+    echo "错误：PostgreSQL 源码 checksum 校验失败，文件可能被篡改或不完整，已终止操作"
+    rm -rf ${postgresqlPath}
+    exit 1
+fi
+
 tar -zxvf postgresql-${postgresqlVersion}.tar.gz
 rm -f postgresql-${postgresqlVersion}.tar.gz
+rm -f postgresql-${postgresqlVersion}.tar.gz.checksum.txt
 mv postgresql-${postgresqlVersion} src
 
 # 编译

scripts/postgresql/update.sh

@@ -60,8 +60,17 @@ cd ${postgresqlPath}
 
 # 下载源码
 wget -T 120 -t 3 -O ${postgresqlPath}/postgresql-${postgresqlVersion}.tar.gz ${downloadUrl}/postgresql-${postgresqlVersion}.tar.gz
+wget -T 20 -t 3 -O ${postgresqlPath}/postgresql-${postgresqlVersion}.tar.gz.checksum.txt ${downloadUrl}/postgresql-${postgresqlVersion}.tar.gz.checksum.txt
+
+if ! sha256sum --status -c postgresql-${postgresqlVersion}.tar.gz.checksum.txt; then
+    echo -e $HR
+    echo "错误：PostgreSQL 源码 checksum 校验失败，文件可能被篡改或不完整，已终止操作"
+    exit 1
+fi
+
 tar -zxvf postgresql-${postgresqlVersion}.tar.gz
 rm -f postgresql-${postgresqlVersion}.tar.gz
+rm -f postgresql-${postgresqlVersion}.tar.gz.checksum.txt
 mv postgresql-${postgresqlVersion} src
 
 # 编译

scripts/pureftpd/install.sh

@@ -30,14 +30,18 @@ mkdir -p ${pureftpdPath}
 cd ${pureftpdPath}
 
 wget -T 120 -t 3 -O ${pureftpdPath}/pure-ftpd-${pureftpdVersion}.tar.gz ${downloadUrl}/pure-ftpd-${pureftpdVersion}.tar.gz
-if [ "$?" != "0" ]; then
+wget -T 20 -t 3 -O ${pureftpdPath}/pure-ftpd-${pureftpdVersion}.tar.gz.checksum.txt ${downloadUrl}/pure-ftpd-${pureftpdVersion}.tar.gz.checksum.txt
+
+if ! sha256sum --status -c pure-ftpd-${pureftpdVersion}.tar.gz.checksum.txt; then
     echo -e $HR
-    echo "错误：Pure-Ftpd-${pureftpdVersion}下载失败，请检查网络是否正常。"
+    echo "错误：Pure-Ftpd-${pureftpdVersion}源码 checksum 校验失败，文件可能被篡改或不完整，已终止操作"
+    rm -rf ${pureftpdPath}
     exit 1
 fi
 
 tar -xvf pure-ftpd-${pureftpdVersion}.tar.gz
 rm -f pure-ftpd-${pureftpdVersion}.tar.gz
+rm -f pure-ftpd-${pureftpdVersion}.tar.gz.checksum.txt
 mv pure-ftpd-${pureftpdVersion} src
 cd src
 

scripts/pureftpd/update.sh

@@ -34,14 +34,18 @@ mkdir -p ${pureftpdPath}
 cd ${pureftpdPath}
 
 wget -T 60 -t 3 -O ${pureftpdPath}/pure-ftpd-${pureftpdVersion}.tar.gz ${downloadUrl}/pure-ftpd-${pureftpdVersion}.tar.gz
-if [ "$?" != "0" ]; then
+wget -T 20 -t 3 -O ${pureftpdPath}/pure-ftpd-${pureftpdVersion}.tar.gz.checksum.txt ${downloadUrl}/pure-ftpd-${pureftpdVersion}.tar.gz.checksum.txt
+
+if ! sha256sum --status -c pure-ftpd-${pureftpdVersion}.tar.gz.checksum.txt; then
     echo -e $HR
-    echo "错误：Pure-Ftpd-${pureftpdVersion}下载失败，请检查网络是否正常。"
+    echo "错误：Pure-Ftpd-${pureftpdVersion}源码 checksum 校验失败，文件可能被篡改或不完整，已终止操作"
+    rm -rf ${pureftpdPath}
     exit 1
 fi
 
 tar -xvf pure-ftpd-${pureftpdVersion}.tar.gz
 rm -f pure-ftpd-${pureftpdVersion}.tar.gz
+rm -f pure-ftpd-${pureftpdVersion}.tar.gz.checksum.txt
 mv pure-ftpd-${pureftpdVersion} src
 cd src
 

scripts/redis/install.sh

@@ -52,8 +52,18 @@ cd ${redisPath}
 
 # 下载源码
 wget -T 120 -t 3 -O ${redisPath}/redis-${redisVersion}.tar.gz ${downloadUrl}/redis-${redisVersion}.tar.gz
+wget -T 20 -t 3 -O ${redisPath}/redis-${redisVersion}.tar.gz.checksum.txt ${downloadUrl}/redis-${redisVersion}.tar.gz.checksum.txt
+
+if ! sha256sum --status -c redis-${redisVersion}.tar.gz.checksum.txt; then
+    echo -e $HR
+    echo "错误：Redis源码 checksum 校验失败，文件可能被篡改或不完整，已终止操作"
+    rm -rf ${redisPath}
+    exit 1
+fi
+
 tar -zxvf redis-${redisVersion}.tar.gz
 rm -f redis-${redisVersion}.tar.gz
+rm -f redis-${redisVersion}.tar.gz.checksum.txt
 mv redis-${redisVersion}/* ./ && rm -rf redis-${redisVersion}
 mkdir -p ${redisPath}/bin
 

scripts/redis/update.sh

@@ -31,8 +31,18 @@ cd ${redisPath}
 
 # 下载源码
 wget -T 120 -t 3 -O ${redisPath}/redis-${redisVersion}.tar.gz ${downloadUrl}/redis-${redisVersion}.tar.gz
+wget -T 20 -t 3 -O ${redisPath}/redis-${redisVersion}.tar.gz.checksum.txt ${downloadUrl}/redis-${redisVersion}.tar.gz.checksum.txt
+
+if ! sha256sum --status -c redis-${redisVersion}.tar.gz.checksum.txt; then
+    echo -e $HR
+    echo "错误：Redis源码 checksum 校验失败，文件可能被篡改或不完整，已终止操作"
+    rm -rf ${redisPath}
+    exit 1
+fi
+
 tar -zxvf redis-${redisVersion}.tar.gz
 rm -f redis-${redisVersion}.tar.gz
+rm -f redis-${redisVersion}.tar.gz.checksum.txt
 mv redis-${redisVersion}/* ./ && rm -rf redis-${redisVersion}
 mkdir -p ${redisPath}/bin
 
@@ -40,14 +50,12 @@ make BUILD_TLS=yes USE_SYSTEMD=yes -j${cpuCore}
 if [ "$?" != "0" ]; then
     echo -e $HR
     echo "错误：Redis编译失败，请截图错误信息寻求帮助。"
-    rm -rf ${redisPath}
     exit 1
 fi
 make PREFIX=${redisPath} install
 if [ ! -f "${redisPath}/bin/redis-server" ]; then
     echo -e $HR
     echo "错误：Redis安装失败，请截图错误信息寻求帮助。"
-    rm -rf ${redisPath}
     exit 1
 fi
 

scripts/uninstall_panel.sh

@@ -94,4 +94,4 @@ echo '感谢您的使用，欢迎您再次使用耗子Linux面板。'
 echo -e $HR
 
 rm -f uninstall_panel.sh
-rm -f uninstall_panel.sh_checksums.txt
+rm -f uninstall_panel.sh.checksum.txt