diff --git a/README.md b/README.md index cb623e63..776ee1f8 100644 --- a/README.md +++ b/README.md @@ -52,7 +52,7 @@ CentOS Stream 可使用迁移脚本迁移至支持的系统: [CentOS 8/9 迁移 如果你决定继续,请以`root`用户登录服务器,执行以下命令安装面板: ```shell -HAOZI_DL_URL="https://jihulab.com/haozi-team/download/-/raw/main/panel"; curl -sSL -O ${HAOZI_DL_URL}/install_panel.sh && curl -sSL -O ${HAOZI_DL_URL}/install_panel.sh_checksums.txt && sha256sum -c install_panel.sh_checksums.txt && bash install_panel.sh || echo "Checksum 验证失败,文件可能被篡改,已终止操作" +HAOZI_DL_URL="https://jihulab.com/haozi-team/download/-/raw/main/panel"; curl -sSL -O ${HAOZI_DL_URL}/install_panel.sh && curl -sSL -O ${HAOZI_DL_URL}/install_panel.sh.checksum.txt && sha256sum -c install_panel.sh.checksum.txt && bash install_panel.sh || echo "Checksum 验证失败,文件可能被篡改,已终止操作" ``` ## 卸载面板 @@ -62,7 +62,7 @@ HAOZI_DL_URL="https://jihulab.com/haozi-team/download/-/raw/main/panel"; curl -s 如果你无法重装系统,请以`root`用户登录服务器,执行以下命令卸载面板: ```shell -HAOZI_DL_URL="https://jihulab.com/haozi-team/download/-/raw/main/panel"; curl -sSL -O ${HAOZI_DL_URL}/uninstall_panel.sh && curl -sSL -O ${HAOZI_DL_URL}/uninstall_panel.sh_checksums.txt && sha256sum -c uninstall_panel.sh_checksums.txt && bash uninstall_panel.sh || echo "Checksum 验证失败,文件可能被篡改,已终止操作" +HAOZI_DL_URL="https://jihulab.com/haozi-team/download/-/raw/main/panel"; curl -sSL -O ${HAOZI_DL_URL}/uninstall_panel.sh && curl -sSL -O ${HAOZI_DL_URL}/uninstall_panel.sh.checksum.txt && sha256sum -c uninstall_panel.sh.checksum.txt && bash uninstall_panel.sh || echo "Checksum 验证失败,文件可能被篡改,已终止操作" ``` 卸载面板前请务必备份好所有数据,提前卸载面板全部插件。卸载后数据将**无法恢复**! diff --git a/README_EN.md b/README_EN.md index 247e0876..d30b3385 100644 --- a/README_EN.md +++ b/README_EN.md @@ -48,7 +48,7 @@ Before installing the panel, you need to understand the basic knowledge of the L If you decide to continue, please log in to the server as `root` user and execute the following command to install the panel: ```shell -HAOZI_DL_URL="https://jihulab.com/haozi-team/download/-/raw/main/panel"; curl -sSL -O ${HAOZI_DL_URL}/install_panel.sh && curl -sSL -O ${HAOZI_DL_URL}/install_panel.sh_checksums.txt && sha256sum -c install_panel.sh_checksums.txt && bash install_panel.sh || echo "Checksum Verification Failed, File May Have Been Tampered With, Operation Terminated" +HAOZI_DL_URL="https://jihulab.com/haozi-team/download/-/raw/main/panel"; curl -sSL -O ${HAOZI_DL_URL}/install_panel.sh && curl -sSL -O ${HAOZI_DL_URL}/install_panel.sh.checksum.txt && sha256sum -c install_panel.sh.checksum.txt && bash install_panel.sh || echo "Checksum Verification Failed, File May Have Been Tampered With, Operation Terminated" ``` ## Uninstall Panel @@ -58,7 +58,7 @@ Recommended to back up data and reinstall the system first, so that the system c If you are unable to reinstall the system, log in to the server as the `root` user and execute the following command to uninstall the panel: ```shell -HAOZI_DL_URL="https://jihulab.com/haozi-team/download/-/raw/main/panel"; curl -sSL -O ${HAOZI_DL_URL}/uninstall_panel.sh && curl -sSL -O ${HAOZI_DL_URL}/uninstall_panel.sh_checksums.txt && sha256sum -c uninstall_panel.sh_checksums.txt && bash uninstall_panel.sh || echo "Checksum Verification Failed, File May Have Been Tampered With, Operation Terminated" +HAOZI_DL_URL="https://jihulab.com/haozi-team/download/-/raw/main/panel"; curl -sSL -O ${HAOZI_DL_URL}/uninstall_panel.sh && curl -sSL -O ${HAOZI_DL_URL}/uninstall_panel.sh.checksum.txt && sha256sum -c uninstall_panel.sh.checksum.txt && bash uninstall_panel.sh || echo "Checksum Verification Failed, File May Have Been Tampered With, Operation Terminated" ``` Before uninstalling the panel, please be sure to back up all data and uninstall all panel plugins in advance. The data will **not be recoverable** after uninstallation! diff --git a/scripts/install_panel.sh b/scripts/install_panel.sh index 18fd2eb1..eefa559b 100644 --- a/scripts/install_panel.sh +++ b/scripts/install_panel.sh @@ -182,39 +182,54 @@ Init_Panel() { if [ "${ARCH}" == "x86_64" ]; then if ${inChina}; then panelZip=$(curl -sSL "https://jihulab.com/api/v4/projects/haozi-team%2Fpanel/releases/permalink/latest" | jq -r '.assets.links[] | select(.name | contains("amd64v2")) | .direct_asset_url') + panelZipName=$(curl -sSL "https://jihulab.com/api/v4/projects/haozi-team%2Fpanel/releases/permalink/latest" | jq -r '.assets.links[] | select(.name | contains("amd64v2")) | .name') else panelZip=$(curl -sSL "https://api.github.com/repos/haozi-team/panel/releases/latest" | jq -r '.assets[] | select(.name | contains("amd64v2")) | .browser_download_url') + panelZipName=$(curl -sSL "https://api.github.com/repos/haozi-team/panel/releases/latest" | jq -r '.assets[] | select(.name | contains("amd64v2")) | .name') fi elif [ "${ARCH}" == "aarch64" ]; then if ${inChina}; then panelZip=$(curl -sSL "https://jihulab.com/api/v4/projects/haozi-team%2Fpanel/releases/permalink/latest" | jq -r '.assets.links[] | select(.name | contains("arm64")) | .direct_asset_url') + panelZipName=$(curl -sSL "https://jihulab.com/api/v4/projects/haozi-team%2Fpanel/releases/permalink/latest" | jq -r '.assets.links[] | select(.name | contains("arm64")) | .name') else panelZip=$(curl -sSL "https://api.github.com/repos/haozi-team/panel/releases/latest" | jq -r '.assets[] | select(.name | contains("arm64")) | .browser_download_url') + panelZipName=$(curl -sSL "https://api.github.com/repos/haozi-team/panel/releases/latest" | jq -r '.assets[] | select(.name | contains("arm64")) | .name') fi else echo -e $HR echo "错误:该系统架构不支持安装耗子Linux面板,请更换x86_64/aarch64架构安装。" exit 1 fi - if [ "$?" != "0" ] || [ "${panelZip}" == "" ]; then + if [ "$?" != "0" ] || [ "${panelZip}" == "" ] || [ "${panelZipName}" == "" ]; then echo -e $HR echo "错误:获取面板下载链接失败,请截图错误信息寻求帮助。" exit 1 fi - wget -T 120 -t 3 -O ${setup_Path}/panel/panel.zip "${panelZip}" - if [ "$?" != "0" ]; then + wget -T 120 -t 3 -O ${setup_Path}/panel/${panelZipName} "${panelZip}" + + # 下载 checksums 文件 + if ${inChina}; then + checksumsFile=$(curl -sSL "https://jihulab.com/api/v4/projects/haozi-team%2Fpanel/releases/permalink/latest" | jq -r '.assets.links[] | select(.name | contains("checksums")) | .direct_asset_url') + checksumsFileName=$(curl -sSL "https://jihulab.com/api/v4/projects/haozi-team%2Fpanel/releases/permalink/latest" | jq -r '.assets.links[] | select(.name | contains("checksums")) | .name') + else + checksumsFile=$(curl -sSL "https://api.github.com/repos/haozi-team/panel/releases/latest" | jq -r '.assets[] | select(.name | contains("checksums")) | .browser_download_url') + checksumsFileName=$(curl -sSL "https://api.github.com/repos/haozi-team/panel/releases/latest" | jq -r '.assets[] | select(.name | contains("checksums")) | .name') + fi + wget -T 20 -t 3 -O ${setup_Path}/panel/${checksumsFileName} "${checksumsFile}" + cd ${setup_Path}/panel + if ! sha256sum --status -c ${checksumsFileName}; then echo -e $HR - echo "错误:下载面板失败,请截图错误信息寻求帮助。" + echo "错误:面板压缩包 checksum 校验失败,文件可能被篡改或不完整,已终止操作" exit 1 fi - cd ${setup_Path}/panel - unzip -o panel.zip + unzip -o ${panelZipName} if [ "$?" != "0" ]; then echo -e $HR echo "错误:解压面板失败,请截图错误信息寻求帮助。" exit 1 fi - rm -rf panel.zip + rm -rf ${panelZipName} + rm -rf ${checksumsFileName} cp panel-example.conf panel.conf ${setup_Path}/panel/panel --env="panel.conf" artisan key:generate ${setup_Path}/panel/panel --env="panel.conf" artisan jwt:secret @@ -284,7 +299,7 @@ EOF panel init panel getInfo rm -f install_panel.sh - rm -f install_panel.sh_checksums.txt + rm -f install_panel.sh.checksum.txt } clear diff --git a/scripts/mysql/install.sh b/scripts/mysql/install.sh index 0db766b4..1535134c 100644 --- a/scripts/mysql/install.sh +++ b/scripts/mysql/install.sh @@ -72,14 +72,36 @@ cd ${mysqlPath} # 下载源码 wget -T 120 -t 3 -O ${mysqlPath}/mysql-${mysqlVersion}.tar.gz ${downloadUrl}/mysql-boost-${mysqlVersion}.tar.gz +wget -T 20 -t 3 -O ${mysqlPath}/mysql-${mysqlVersion}.tar.gz.checksum.txt ${downloadUrl}/mysql-boost-${mysqlVersion}.tar.gz.checksum.txt + +# 校验 +if ! sha256sum --status -c mysql-${mysqlVersion}.tar.gz.checksum.txt; then + echo -e $HR + echo "错误:MySQL 源码 checksum 校验失败,文件可能被篡改或不完整,已终止操作" + rm -rf ${mysqlPath} + exit 1 +fi + tar -zxvf mysql-${mysqlVersion}.tar.gz rm -f mysql-${mysqlVersion}.tar.gz +rm -f mysql-${mysqlVersion}.tar.gz.checksum.txt mv mysql-${mysqlVersion} src # openssl wget -T 120 -t 3 -O ${mysqlPath}/openssl-1.1.1u.tar.gz ${downloadUrl}/openssl/openssl-1.1.1u.tar.gz +wget -T 20 -t 3 -O ${mysqlPath}/openssl-1.1.1u.tar.gz..checksum.txt ${downloadUrl}/openssl/openssl-1.1.1u.tar.gz..checksum.txt + +# 校验 +if ! sha256sum --status -c openssl-1.1.1u.tar.gz..checksum.txt; then + echo -e $HR + echo "错误:OpenSSL 源码 checksum 校验失败,文件可能被篡改或不完整,已终止操作" + rm -rf ${mysqlPath} + exit 1 +fi + tar -zxvf openssl-1.1.1u.tar.gz rm -f openssl-1.1.1u.tar.gz +rm -f openssl-1.1.1u.tar.gz..checksum.txt mv openssl-1.1.1u openssl cd openssl ./config --prefix=/usr/local/openssl-1.1 --openssldir=/usr/local/openssl-1.1 diff --git a/scripts/mysql/update.sh b/scripts/mysql/update.sh index 62973a3a..11a95cd8 100644 --- a/scripts/mysql/update.sh +++ b/scripts/mysql/update.sh @@ -70,14 +70,32 @@ cd ${mysqlPath} # 下载源码 wget -T 120 -t 3 -O ${mysqlPath}/mysql-${mysqlVersion}.tar.gz ${downloadUrl}/mysql-boost-${mysqlVersion}.tar.gz +wget -T 20 -t 3 -O ${mysqlPath}/mysql-${mysqlVersion}.tar.gz.checksum.txt ${downloadUrl}/mysql-boost-${mysqlVersion}.tar.gz.checksum.txt + +if ! sha256sum --status -c mysql-${mysqlVersion}.tar.gz.checksum.txt; then + echo -e $HR + echo "错误:MySQL 源码 checksum 校验失败,文件可能被篡改或不完整,已终止操作" + exit 1 +fi + tar -zxvf mysql-${mysqlVersion}.tar.gz rm -f mysql-${mysqlVersion}.tar.gz +rm -f mysql-${mysqlVersion}.tar.gz.checksum.txt mv mysql-${mysqlVersion} src # openssl wget -T 120 -t 3 -O ${mysqlPath}/openssl-1.1.1u.tar.gz ${downloadUrl}/openssl/openssl-1.1.1u.tar.gz +wget -T 20 -t 3 -O ${mysqlPath}/openssl-1.1.1u.tar.gz..checksum.txt ${downloadUrl}/openssl/openssl-1.1.1u.tar.gz..checksum.txt + +if ! sha256sum --status -c openssl-1.1.1u.tar.gz..checksum.txt; then + echo -e $HR + echo "错误:OpenSSL 源码 checksum 校验失败,文件可能被篡改或不完整,已终止操作" + exit 1 +fi + tar -zxvf openssl-1.1.1u.tar.gz rm -f openssl-1.1.1u.tar.gz +rm -f openssl-1.1.1u.tar.gz..checksum.txt mv openssl-1.1.1u openssl cd openssl ./config --prefix=/usr/local/openssl-1.1 --openssldir=/usr/local/openssl-1.1 diff --git a/scripts/openresty/install.sh b/scripts/openresty/install.sh index bd56b366..f770beeb 100644 --- a/scripts/openresty/install.sh +++ b/scripts/openresty/install.sh @@ -47,58 +47,148 @@ cd ${openrestyPath} # 下载源码 wget -T 120 -t 3 -O ${openrestyPath}/openresty-${openrestyVersion}.tar.gz ${downloadUrl}/openresty-${openrestyVersion}.tar.gz +wget -T 20 -t 3 -O ${openrestyPath}/openresty-${openrestyVersion}.tar.gz.checksum.txt ${downloadUrl}/openresty-${openrestyVersion}.tar.gz.checksum.txt + +if ! sha256sum --status -c openresty-${openrestyVersion}.tar.gz.checksum.txt; then + echo -e $HR + echo "错误:OpenResty 源码 checksum 校验失败,文件可能被篡改或不完整,已终止操作" + rm -rf ${openrestyPath} + exit 1 +fi + tar -zxvf openresty-${openrestyVersion}.tar.gz rm -f openresty-${openrestyVersion}.tar.gz +rm -f openresty-${openrestyVersion}.tar.gz.checksum.txt mv openresty-${openrestyVersion} src cd src # openssl -wget -T 120 -t 3 -O openssl.tar.gz ${downloadUrl}/openssl/openssl-1.1.1u.tar.gz -tar -zxvf openssl.tar.gz -rm -f openssl.tar.gz +wget -T 120 -t 3 -O openssl-1.1.1u.tar.gz ${downloadUrl}/openssl/openssl-1.1.1u.tar.gz +wget -T 20 -t 3 -O openssl-1.1.1u.tar.gz.checksum.txt ${downloadUrl}/openssl/openssl-1.1.1u.tar.gz.checksum.txt + +if ! sha256sum --status -c openssl-1.1.1u.tar.gz.checksum.txt; then + echo -e $HR + echo "错误:OpenSSL 源码 checksum 校验失败,文件可能被篡改或不完整,已终止操作" + rm -rf ${openrestyPath} + exit 1 +fi + +tar -zxvf openssl-1.1.1u.tar.gz +rm -f openssl-1.1.1u.tar.gz +rm -f openssl-1.1.1u.tar.gz.checksum.txt mv openssl-1.1.1u openssl -rm -f openssl.tar.gz # pcre wget -T 60 -t 3 -O pcre-8.45.tar.gz ${downloadUrl}/pcre/pcre-8.45.tar.gz +wget -T 20 -t 3 -O pcre-8.45.tar.gz.checksum.txt ${downloadUrl}/pcre/pcre-8.45.tar.gz.checksum.txt + +if ! sha256sum --status -c pcre-8.45.tar.gz.checksum.txt; then + echo -e $HR + echo "错误:pcre 源码 checksum 校验失败,文件可能被篡改或不完整,已终止操作" + rm -rf ${openrestyPath} + exit 1 +fi + tar -zxvf pcre-8.45.tar.gz rm -f pcre-8.45.tar.gz +rm -f pcre-8.45.tar.gz.checksum.txt mv pcre-8.45 pcre -rm -f pcre-8.45.tar.gz # ngx_cache_purge -wget -T 20 -t 3 -O ngx_cache_purge.tar.gz ${downloadUrl}/modules/ngx_cache_purge-2.3.tar.gz -tar -zxvf ngx_cache_purge.tar.gz -rm -f ngx_cache_purge.tar.gz +wget -T 20 -t 3 -O ngx_cache_purge-2.3.tar.gz ${downloadUrl}/modules/ngx_cache_purge-2.3.tar.gz +wget -T 20 -t 3 -O ngx_cache_purge-2.3.tar.gz.checksum.txt ${downloadUrl}/modules/ngx_cache_purge-2.3.tar.gz.checksum.txt + +if ! sha256sum --status -c ngx_cache_purge-2.3.tar.gz.checksum.txt; then + echo -e $HR + echo "错误:ngx_cache_purge 源码 checksum 校验失败,文件可能被篡改或不完整,已终止操作" + rm -rf ${openrestyPath} + exit 1 +fi + +tar -zxvf ngx_cache_purge-2.3.tar.gz +rm -f ngx_cache_purge-2.3.tar.gz +rm -f ngx_cache_purge-2.3.tar.gz.checksum.txt mv ngx_cache_purge-2.3 ngx_cache_purge -rm -f ngx_cache_purge.tar.gz # nginx-sticky-module wget -T 20 -t 3 -O nginx-sticky-module.zip ${downloadUrl}/modules/nginx-sticky-module.zip +wget -T 20 -t 3 -O nginx-sticky-module.zip.checksum.txt ${downloadUrl}/modules/nginx-sticky-module.zip.checksum.txt + +if ! sha256sum --status -c nginx-sticky-module.zip.checksum.txt; then + echo -e $HR + echo "错误:nginx-sticky-module 源码 checksum 校验失败,文件可能被篡改或不完整,已终止操作" + rm -rf ${openrestyPath} + exit 1 +fi + unzip -o nginx-sticky-module.zip rm -f nginx-sticky-module.zip +rm -f nginx-sticky-module.zip.checksum.txt # nginx-dav-ext-module wget -T 20 -t 3 -O nginx-dav-ext-module-3.0.0.tar.gz ${downloadUrl}/modules/nginx-dav-ext-module-3.0.0.tar.gz +wget -T 20 -t 3 -O nginx-dav-ext-module-3.0.0.tar.gz.checksum.txt ${downloadUrl}/modules/nginx-dav-ext-module-3.0.0.tar.gz.checksum.txt + +if ! sha256sum --status -c nginx-dav-ext-module-3.0.0.tar.gz.checksum.txt; then + echo -e $HR + echo "错误:nginx-dav-ext-module 源码 checksum 校验失败,文件可能被篡改或不完整,已终止操作" + rm -rf ${openrestyPath} + exit 1 +fi + tar -xvf nginx-dav-ext-module-3.0.0.tar.gz rm -f nginx-dav-ext-module-3.0.0.tar.gz +rm -f nginx-dav-ext-module-3.0.0.tar.gz.checksum.txt mv nginx-dav-ext-module-3.0.0 nginx-dav-ext-module # waf -wget -T 60 -t 3 -O uthash.zip ${downloadUrl}/modules/uthash-2.3.0.zip -unzip -o uthash.zip +wget -T 60 -t 3 -O uthash-2.3.0.zip ${downloadUrl}/modules/uthash-2.3.0.zip +wget -T 20 -t 3 -O uthash-2.3.0.zip.checksum.txt ${downloadUrl}/modules/uthash-2.3.0.zip.checksum.txt + +if ! sha256sum --status -c uthash-2.3.0.zip.checksum.txt; then + echo -e $HR + echo "错误:uthash 源码 checksum 校验失败,文件可能被篡改或不完整,已终止操作" + rm -rf ${openrestyPath} + exit 1 +fi + +unzip -o uthash-2.3.0.zip mv uthash-2.3.0 uthash -rm -f uthash.zip +rm -f uthash-2.3.0.zip +rm -f uthash-2.3.0.zip.checksum.txt cd ../ -wget -T 20 -t 3 -O ngx_waf.zip ${downloadUrl}/modules/ngx_waf-6.1.9.zip -unzip -o ngx_waf.zip + +wget -T 20 -t 3 -O ngx_waf-6.1.9.zip ${downloadUrl}/modules/ngx_waf-6.1.9.zip +wget -T 20 -t 3 -O ngx_waf-6.1.9.zip.checksum.txt ${downloadUrl}/modules/ngx_waf-6.1.9.zip.checksum.txt + +if ! sha256sum --status -c ngx_waf-6.1.9.zip.checksum.txt; then + echo -e $HR + echo "错误:ngx_waf 源码 checksum 校验失败,文件可能被篡改或不完整,已终止操作" + rm -rf ${openrestyPath} + exit 1 +fi + +unzip -o ngx_waf-6.1.9.zip mv ngx_waf-6.1.9 ngx_waf -rm -f ngx_waf.zip +rm -f ngx_waf-6.1.9.zip +rm -f ngx_waf-6.1.9.zip.checksum.txt + cd ngx_waf/inc -wget -T 60 -t 3 -O libinjection.zip ${downloadUrl}/modules/libinjection-3.10.0.zip -unzip -o libinjection.zip +wget -T 60 -t 3 -O libinjection-3.10.0.zip ${downloadUrl}/modules/libinjection-3.10.0.zip +wget -T 20 -t 3 -O libinjection-3.10.0.zip.checksum.txt ${downloadUrl}/modules/libinjection-3.10.0.zip.checksum.txt + +if ! sha256sum --status -c libinjection-3.10.0.zip.checksum.txt; then + echo -e $HR + echo "错误:libinjection 源码 checksum 校验失败,文件可能被篡改或不完整,已终止操作" + rm -rf ${openrestyPath} + exit 1 +fi + +unzip -o libinjection-3.10.0.zip mv libinjection-3.10.0 libinjection -rm -f libinjection.zip +rm -f libinjection-3.10.0.zip +rm -f libinjection-3.10.0.zip.checksum.txt + cd ../ make -j$(nproc) if [ "$?" != "0" ]; then @@ -110,17 +200,37 @@ fi cd ${openrestyPath}/src # brotli -wget -T 20 -t 3 -O ngx_brotli.zip ${downloadUrl}/modules/ngx_brotli-1.0.0rc.zip -unzip -o ngx_brotli.zip +wget -T 20 -t 3 -O ngx_brotli-1.0.0rc.zip ${downloadUrl}/modules/ngx_brotli-1.0.0rc.zip +wget -T 20 -t 3 -O ngx_brotli-1.0.0rc.zip.checksum.txt ${downloadUrl}/modules/ngx_brotli-1.0.0rc.zip.checksum.txt + +if ! sha256sum --status -c ngx_brotli-1.0.0rc.zip.checksum.txt; then + echo -e $HR + echo "错误:ngx_brotli 源码 checksum 校验失败,文件可能被篡改或不完整,已终止操作" + rm -rf ${openrestyPath} + exit 1 +fi + +unzip -o ngx_brotli-1.0.0rc.zip mv ngx_brotli-1.0.0rc ngx_brotli -rm -f ngx_brotli.zip +rm -f ngx_brotli-1.0.0rc.zip +rm -f ngx_brotli-1.0.0rc.zip.checksum.txt cd ngx_brotli/deps rm -rf brotli -wget -T 20 -t 3 -O brotli.zip ${downloadUrl}/modules/brotli-1.0.9.zip -unzip -o brotli.zip + +wget -T 20 -t 3 -O brotli-1.0.9.zip ${downloadUrl}/modules/brotli-1.0.9.zip +wget -T 20 -t 3 -O brotli-1.0.9.zip.checksum.txt ${downloadUrl}/modules/brotli-1.0.9.zip.checksum.txt + +if ! sha256sum --status -c brotli-1.0.9.zip.checksum.txt; then + echo -e $HR + echo "错误:brotli 源码 checksum 校验失败,文件可能被篡改或不完整,已终止操作" + rm -rf ${openrestyPath} + exit 1 +fi + +unzip -o brotli-1.0.9.zip mv brotli-1.0.9 brotli -rm -f brotli.zip -cd ${openrestyPath}/src +rm -f brotli-1.0.9.zip +rm -f brotli-1.0.9.zip.checksum.txt cd ${openrestyPath}/src export LD_LIBRARY_PATH=/usr/local/lib/:$LD_LIBRARY_PATH diff --git a/scripts/php/install.sh b/scripts/php/install.sh index e4871768..566be5ad 100644 --- a/scripts/php/install.sh +++ b/scripts/php/install.sh @@ -70,21 +70,35 @@ else exit 1 fi -wget -T 120 -t 3 -O ${phpPath}/php-${phpVersion}.tar.gz ${downloadUrl}/php-${phpVersionCode}.tar.gz -if [ "$?" != "0" ]; then +wget -T 120 -t 3 -O ${phpPath}/php-${phpVersionCode}.tar.gz ${downloadUrl}/php-${phpVersionCode}.tar.gz +wget -T 20 -t 3 -O ${phpPath}/php-${phpVersionCode}.tar.gz.checksum.txt ${downloadUrl}/php-${phpVersionCode}.tar.gz.checksum.txt + +if ! sha256sum --status -c php-${phpVersionCode}.tar.gz.checksum.txt; then echo -e $HR - echo "错误:PHP-${phpVersion}下载失败,请检查网络是否正常。" + echo "错误:PHP-${phpVersion}源码 checksum 校验失败,文件可能被篡改或不完整,已终止操作" + rm -rf ${phpPath} exit 1 fi -tar -xvf php-${phpVersion}.tar.gz -rm -f php-${phpVersion}.tar.gz +tar -xvf php-${phpVersionCode}.tar.gz +rm -f php-${phpVersionCode}.tar.gz +rm -f php-${phpVersionCode}.tar.gz.checksum.txt mv php-* src if [ "${phpVersion}" -le "80" ]; then wget -T 120 -t 3 -O ${phpPath}/openssl-1.1.1u.tar.gz ${downloadUrl}/openssl/openssl-1.1.1u.tar.gz + wget -T 20 -t 3 -O ${phpPath}/openssl-1.1.1u.tar.gz.checksum.txt ${downloadUrl}/openssl/openssl-1.1.1u.tar.gz.checksum.txt + + if ! sha256sum --status -c openssl-1.1.1u.tar.gz.checksum.txt; then + echo -e $HR + echo "错误:PHP-${phpVersion} OpenSSL 源码 checksum 校验失败,文件可能被篡改或不完整,已终止操作" + rm -rf ${phpPath} + exit 1 + fi + tar -zxvf openssl-1.1.1u.tar.gz rm -f openssl-1.1.1u.tar.gz + rm -f openssl-1.1.1u.tar.gz.checksum.txt mv openssl-1.1.1u openssl cd openssl ./config --prefix=/usr/local/openssl-1.1 --openssldir=/usr/local/openssl-1.1 diff --git a/scripts/php_extensions/imagick.sh b/scripts/php_extensions/imagick.sh index b8116d02..f74ebf9e 100644 --- a/scripts/php_extensions/imagick.sh +++ b/scripts/php_extensions/imagick.sh @@ -47,9 +47,19 @@ Install() { cd /www/server/php/${phpVersion}/src/ext rm -rf imagick - rm -rf imagick.tar.gz - wget -T 60 -t 3 -O imagick.tar.gz ${downloadUrl}/imagick-${imagickVersion}.tar.gz - tar -zxvf imagick.tar.gz + rm -rf imagick-${imagickVersion}.tar.gz + wget -T 60 -t 3 -O imagick-${imagickVersion}.tar.gz ${downloadUrl}/imagick-${imagickVersion}.tar.gz + wget -T 20 -t 3 -O imagick-${imagickVersion}.tar.gz.checksum.txt ${downloadUrl}/imagick-${imagickVersion}.tar.gz.checksum.txt + + if ! sha256sum --status -c imagick-${imagickVersion}.tar.gz.checksum.txt; then + echo -e $HR + echo "错误:PHP-${phpVersion} imagick 源码 checksum 校验失败,文件可能被篡改或不完整,已终止操作" + exit 1 + fi + + tar -zxvf imagick-${imagickVersion}.tar.gz + rm -f imagick-${imagickVersion}.tar.gz + rm -f imagick-${imagickVersion}.tar.gz.checksum.txt mv imagick-${imagickVersion} imagick cd imagick /www/server/php/${phpVersion}/bin/phpize diff --git a/scripts/php_extensions/ionCube Loader.sh b/scripts/php_extensions/ionCube Loader.sh index b0d2075b..1bb890a3 100644 --- a/scripts/php_extensions/ionCube Loader.sh +++ b/scripts/php_extensions/ionCube Loader.sh @@ -34,11 +34,16 @@ Install() { mkdir /usr/local/ioncube wget -T 60 -t 3 -O /usr/local/ioncube/ioncube_loader_lin_${phpVersion}.so ${downloadUrl}/ioncube_loader_lin_${phpVersion}.so - if [ "$?" != "0" ]; then + wget -T 20 -t 3 -O /usr/local/ioncube/ioncube_loader_lin_${phpVersion}.so.checksum.txt ${downloadUrl}/ioncube_loader_lin_${phpVersion}.so.checksum.txt + + if ! sha256sum --status -c /usr/local/ioncube/ioncube_loader_lin_${phpVersion}.so.checksum.txt; then echo -e $HR - echo "错误:ionCube 下载失败,请检查网络是否正常。" + echo "错误:PHP-${phpVersion} ionCube 源码 checksum 校验失败,文件可能被篡改或不完整,已终止操作" exit 1 fi + + rm -f /usr/local/ioncube/ioncube_loader_lin_${phpVersion}.so.checksum.txt + sed -i -e "/;haozi/a\zend_extension=/usr/local/ioncube/ioncube_loader_lin_${phpVersion}.so" /www/server/php/${phpVersion}/etc/php.ini # 重载PHP diff --git a/scripts/php_extensions/redis.sh b/scripts/php_extensions/redis.sh index 62521e60..4cb42d0c 100644 --- a/scripts/php_extensions/redis.sh +++ b/scripts/php_extensions/redis.sh @@ -35,10 +35,20 @@ Install() { cd /www/server/php/${phpVersion}/src/ext rm -rf phpredis - rm -rf phpredis.tar.gz - wget -T 60 -t 3 -O phpredis.tar.gz ${downloadUrl}/phpredis-${phpredisVersion}.tar.gz - tar -zxvf phpredis.tar.gz + rm -rf phpredis-${phpredisVersion}.tar.gz + wget -T 60 -t 3 -O phpredis-${phpredisVersion}.tar.gz ${downloadUrl}/phpredis-${phpredisVersion}.tar.gz + wget -T 20 -t 3 -O phpredis-${phpredisVersion}.tar.gz.checksum.txt ${downloadUrl}/phpredis-${phpredisVersion}.tar.gz.checksum.txt + + if ! sha256sum --status -c phpredis-${phpredisVersion}.tar.gz.checksum.txt; then + echo -e $HR + echo "错误:PHP-${phpVersion} redis 源码 checksum 校验失败,文件可能被篡改或不完整,已终止操作" + exit 1 + fi + + tar -zxvf phpredis-${phpredisVersion}.tar.gz mv phpredis-${phpredisVersion} phpredis + rm -f phpredis-${phpredisVersion}.tar.gz + rm -f phpredis-${phpredisVersion}.tar.gz.checksum.txt cd phpredis /www/server/php/${phpVersion}/bin/phpize ./configure --with-php-config=/www/server/php/${phpVersion}/bin/php-config diff --git a/scripts/phpmyadmin/install.sh b/scripts/phpmyadmin/install.sh index 0a080e9d..38fea50b 100644 --- a/scripts/phpmyadmin/install.sh +++ b/scripts/phpmyadmin/install.sh @@ -31,18 +31,22 @@ rm -rf ${phpmyadminPath} mkdir -p ${phpmyadminPath} cd ${phpmyadminPath} -wget -T 60 -t 3 -O phpmyadmin.zip ${downloadUrl}/phpMyAdmin-${phpmyadminVersion}-all-languages.zip -if [ "$?" != "0" ]; then +wget -T 60 -t 3 -O phpMyAdmin-${phpmyadminVersion}-all-languages.zip ${downloadUrl}/phpMyAdmin-${phpmyadminVersion}-all-languages.zip +wget -T 20 -t 3 -O phpMyAdmin-${phpmyadminVersion}-all-languages.zip.checksum.txt ${downloadUrl}/phpMyAdmin-${phpmyadminVersion}-all-languages.zip.checksum.txt + +if ! sha256sum --status -c phpMyAdmin-${phpmyadminVersion}-all-languages.zip.checksum.txt; then echo -e $HR - echo "错误:phpMyAdmin 下载失败" + echo "错误:phpMyAdmin 源码 checksum 校验失败,文件可能被篡改或不完整,已终止操作" rm -rf ${phpmyadminPath} exit 1 fi -unzip -o phpmyadmin.zip + +unzip -o phpMyAdmin-${phpmyadminVersion}-all-languages.zip mv phpMyAdmin-${phpmyadminVersion}-all-languages phpmyadmin_${randomDir} chown -R www:www ${phpmyadminPath} chmod -R 755 ${phpmyadminPath} -rm -rf phpmyadmin.zip +rm -rf phpMyAdmin-${phpmyadminVersion}-all-languages.zip +rm -rf phpMyAdmin-${phpmyadminVersion}-all-languages.zip.checksum.txt # 判断PHP版本 phpVersion="" @@ -67,7 +71,7 @@ if [ "${phpVersion}" == "" ]; then fi # 写入 phpMyAdmin 配置文件 -cat >/www/server/vhost/phpmyadmin.conf < /www/server/vhost/phpmyadmin.conf << EOF # 配置文件中的标记位请勿随意修改,改错将导致面板无法识别! # 有自定义配置需求的,请将自定义的配置写在各标记位下方。 server @@ -117,10 +121,10 @@ chown -R www:www ${phpmyadminPath} # 放行端口 if [ "${OS}" == "centos" ]; then - firewall-cmd --permanent --zone=public --add-port=888/tcp >/dev/null 2>&1 + firewall-cmd --permanent --zone=public --add-port=888/tcp > /dev/null 2>&1 firewall-cmd --reload elif [ "${OS}" == "debian" ]; then - ufw allow 888/tcp >/dev/null 2>&1 + ufw allow 888/tcp > /dev/null 2>&1 ufw reload fi diff --git a/scripts/postgresql/install.sh b/scripts/postgresql/install.sh index 59037e84..f2a35fa9 100644 --- a/scripts/postgresql/install.sh +++ b/scripts/postgresql/install.sh @@ -64,8 +64,18 @@ cd ${postgresqlPath} # 下载源码 wget -T 120 -t 3 -O ${postgresqlPath}/postgresql-${postgresqlVersion}.tar.gz ${downloadUrl}/postgresql-${postgresqlVersion}.tar.gz +wget -T 20 -t 3 -O ${postgresqlPath}/postgresql-${postgresqlVersion}.tar.gz.checksum.txt ${downloadUrl}/postgresql-${postgresqlVersion}.tar.gz.checksum.txt + +if ! sha256sum --status -c postgresql-${postgresqlVersion}.tar.gz.checksum.txt; then + echo -e $HR + echo "错误:PostgreSQL 源码 checksum 校验失败,文件可能被篡改或不完整,已终止操作" + rm -rf ${postgresqlPath} + exit 1 +fi + tar -zxvf postgresql-${postgresqlVersion}.tar.gz rm -f postgresql-${postgresqlVersion}.tar.gz +rm -f postgresql-${postgresqlVersion}.tar.gz.checksum.txt mv postgresql-${postgresqlVersion} src # 编译 diff --git a/scripts/postgresql/update.sh b/scripts/postgresql/update.sh index 40877d83..8b07f279 100644 --- a/scripts/postgresql/update.sh +++ b/scripts/postgresql/update.sh @@ -60,8 +60,17 @@ cd ${postgresqlPath} # 下载源码 wget -T 120 -t 3 -O ${postgresqlPath}/postgresql-${postgresqlVersion}.tar.gz ${downloadUrl}/postgresql-${postgresqlVersion}.tar.gz +wget -T 20 -t 3 -O ${postgresqlPath}/postgresql-${postgresqlVersion}.tar.gz.checksum.txt ${downloadUrl}/postgresql-${postgresqlVersion}.tar.gz.checksum.txt + +if ! sha256sum --status -c postgresql-${postgresqlVersion}.tar.gz.checksum.txt; then + echo -e $HR + echo "错误:PostgreSQL 源码 checksum 校验失败,文件可能被篡改或不完整,已终止操作" + exit 1 +fi + tar -zxvf postgresql-${postgresqlVersion}.tar.gz rm -f postgresql-${postgresqlVersion}.tar.gz +rm -f postgresql-${postgresqlVersion}.tar.gz.checksum.txt mv postgresql-${postgresqlVersion} src # 编译 diff --git a/scripts/pureftpd/install.sh b/scripts/pureftpd/install.sh index 1265e3e3..f7be0aea 100644 --- a/scripts/pureftpd/install.sh +++ b/scripts/pureftpd/install.sh @@ -30,14 +30,18 @@ mkdir -p ${pureftpdPath} cd ${pureftpdPath} wget -T 120 -t 3 -O ${pureftpdPath}/pure-ftpd-${pureftpdVersion}.tar.gz ${downloadUrl}/pure-ftpd-${pureftpdVersion}.tar.gz -if [ "$?" != "0" ]; then +wget -T 20 -t 3 -O ${pureftpdPath}/pure-ftpd-${pureftpdVersion}.tar.gz.checksum.txt ${downloadUrl}/pure-ftpd-${pureftpdVersion}.tar.gz.checksum.txt + +if ! sha256sum --status -c pure-ftpd-${pureftpdVersion}.tar.gz.checksum.txt; then echo -e $HR - echo "错误:Pure-Ftpd-${pureftpdVersion}下载失败,请检查网络是否正常。" + echo "错误:Pure-Ftpd-${pureftpdVersion}源码 checksum 校验失败,文件可能被篡改或不完整,已终止操作" + rm -rf ${pureftpdPath} exit 1 fi tar -xvf pure-ftpd-${pureftpdVersion}.tar.gz rm -f pure-ftpd-${pureftpdVersion}.tar.gz +rm -f pure-ftpd-${pureftpdVersion}.tar.gz.checksum.txt mv pure-ftpd-${pureftpdVersion} src cd src diff --git a/scripts/pureftpd/update.sh b/scripts/pureftpd/update.sh index 2eb55f44..3a855dae 100644 --- a/scripts/pureftpd/update.sh +++ b/scripts/pureftpd/update.sh @@ -34,14 +34,18 @@ mkdir -p ${pureftpdPath} cd ${pureftpdPath} wget -T 60 -t 3 -O ${pureftpdPath}/pure-ftpd-${pureftpdVersion}.tar.gz ${downloadUrl}/pure-ftpd-${pureftpdVersion}.tar.gz -if [ "$?" != "0" ]; then +wget -T 20 -t 3 -O ${pureftpdPath}/pure-ftpd-${pureftpdVersion}.tar.gz.checksum.txt ${downloadUrl}/pure-ftpd-${pureftpdVersion}.tar.gz.checksum.txt + +if ! sha256sum --status -c pure-ftpd-${pureftpdVersion}.tar.gz.checksum.txt; then echo -e $HR - echo "错误:Pure-Ftpd-${pureftpdVersion}下载失败,请检查网络是否正常。" + echo "错误:Pure-Ftpd-${pureftpdVersion}源码 checksum 校验失败,文件可能被篡改或不完整,已终止操作" + rm -rf ${pureftpdPath} exit 1 fi tar -xvf pure-ftpd-${pureftpdVersion}.tar.gz rm -f pure-ftpd-${pureftpdVersion}.tar.gz +rm -f pure-ftpd-${pureftpdVersion}.tar.gz.checksum.txt mv pure-ftpd-${pureftpdVersion} src cd src diff --git a/scripts/redis/install.sh b/scripts/redis/install.sh index a42bd297..fa0d4896 100644 --- a/scripts/redis/install.sh +++ b/scripts/redis/install.sh @@ -52,8 +52,18 @@ cd ${redisPath} # 下载源码 wget -T 120 -t 3 -O ${redisPath}/redis-${redisVersion}.tar.gz ${downloadUrl}/redis-${redisVersion}.tar.gz +wget -T 20 -t 3 -O ${redisPath}/redis-${redisVersion}.tar.gz.checksum.txt ${downloadUrl}/redis-${redisVersion}.tar.gz.checksum.txt + +if ! sha256sum --status -c redis-${redisVersion}.tar.gz.checksum.txt; then + echo -e $HR + echo "错误:Redis源码 checksum 校验失败,文件可能被篡改或不完整,已终止操作" + rm -rf ${redisPath} + exit 1 +fi + tar -zxvf redis-${redisVersion}.tar.gz rm -f redis-${redisVersion}.tar.gz +rm -f redis-${redisVersion}.tar.gz.checksum.txt mv redis-${redisVersion}/* ./ && rm -rf redis-${redisVersion} mkdir -p ${redisPath}/bin diff --git a/scripts/redis/update.sh b/scripts/redis/update.sh index 24e88713..80a9740c 100644 --- a/scripts/redis/update.sh +++ b/scripts/redis/update.sh @@ -31,8 +31,18 @@ cd ${redisPath} # 下载源码 wget -T 120 -t 3 -O ${redisPath}/redis-${redisVersion}.tar.gz ${downloadUrl}/redis-${redisVersion}.tar.gz +wget -T 20 -t 3 -O ${redisPath}/redis-${redisVersion}.tar.gz.checksum.txt ${downloadUrl}/redis-${redisVersion}.tar.gz.checksum.txt + +if ! sha256sum --status -c redis-${redisVersion}.tar.gz.checksum.txt; then + echo -e $HR + echo "错误:Redis源码 checksum 校验失败,文件可能被篡改或不完整,已终止操作" + rm -rf ${redisPath} + exit 1 +fi + tar -zxvf redis-${redisVersion}.tar.gz rm -f redis-${redisVersion}.tar.gz +rm -f redis-${redisVersion}.tar.gz.checksum.txt mv redis-${redisVersion}/* ./ && rm -rf redis-${redisVersion} mkdir -p ${redisPath}/bin @@ -40,14 +50,12 @@ make BUILD_TLS=yes USE_SYSTEMD=yes -j${cpuCore} if [ "$?" != "0" ]; then echo -e $HR echo "错误:Redis编译失败,请截图错误信息寻求帮助。" - rm -rf ${redisPath} exit 1 fi make PREFIX=${redisPath} install if [ ! -f "${redisPath}/bin/redis-server" ]; then echo -e $HR echo "错误:Redis安装失败,请截图错误信息寻求帮助。" - rm -rf ${redisPath} exit 1 fi diff --git a/scripts/uninstall_panel.sh b/scripts/uninstall_panel.sh index bb244596..9a5de700 100644 --- a/scripts/uninstall_panel.sh +++ b/scripts/uninstall_panel.sh @@ -94,4 +94,4 @@ echo '感谢您的使用,欢迎您再次使用耗子Linux面板。' echo -e $HR rm -f uninstall_panel.sh -rm -f uninstall_panel.sh_checksums.txt +rm -f uninstall_panel.sh.checksum.txt