#!/usr/bin/env bash
readonly CHECKSUM_TYPE="sha256";
readonly CHECKSUM_APP="${CHECKSUM_TYPE}sum";
readonly GPG_FINGERPRINT="7C9E68152594688862D62AF62D9AE806EC1592E2";
readonly GITEA_USER={{ gitea_system_user | quote }};
readonly GITEA_DIR={{ gitea_installation_directory | quote }};
readonly GITEA_BIN={{ gitea_binary_path | quote }};
readonly SERVICE_NAME={{ gitea_service_name | quote }};
set -euxo pipefail;
gpg --quiet --keyserver eu.pool.sks-keyservers.net --recv "$GPG_FINGERPRINT";
function error() {
echo "$@" >&2;
}
function as() {
sudo -u "$GITEA_USER" "$@";
}
if [ -f "$GITEA_BIN" ]; then
installed=$(cd "$GITEA_DIR" && as "$GITEA_BIN" --version | grep --only-matching --perl-regexp '(?<=version )\d+(\.\d+)*(?= )');
else
installed=0;
fi
version=$(curl --silent https://blog.gitea.io/index.xml | grep --only-matching --perl-regexp '
.*' | grep --only-matching --perl-regexp '\d+(\.\d+)+' | sort --version-sort --reverse | head --lines=1);
address="https://dl.gitea.io/gitea/$version";
binary="gitea-$version-linux-amd64";
signature="$binary.asc";
checksum="$binary.$CHECKSUM_TYPE";
if [[ -z "$installed" ]]; then
error "Missing version installed";
exit 2;
fi
if [[ -z "$version" ]]; then
error "Missing version available";
exit 2;
fi
if [[ "$installed" = "$version" ]]; then
exit 0;
fi
cd "$GITEA_DIR";
for a in "$binary" "$signature" "$checksum"; do
if ! wget --quiet --output-document="$a" "$address/$a"; then
error "Failed to download $a";
exit 1;
fi
done
if ! "$CHECKSUM_APP" --quiet --check "$checksum"; then
error "Checksum not correct!";
exit 1;
fi
if ! (gpg --status-fd 1 --verify "$signature" "$binary" 2>/dev/null | grep --perl-regexp 'VALIDSIG .* '"$GPG_FINGERPRINT" > /dev/null); then
error "Signature not valid!";
exit 1;
fi
rm "$checksum";
rm "$signature";
mv "$binary" "$GITEA_BIN";
chmod u=rwx,g=rx,o=r "$GITEA_BIN";
chown root:"$GITEA_USER" "$GITEA_BIN"
if [[ ! "$installed" = "0" ]]; then
systemctl restart "$SERVICE_NAME";
fi