Merge pull request #719 from srvrco/timkimber/issue717

timkimber · web-flow · commit f27862964449 · 2021-10-11T14:31:25.000+01:00
Fix upgrade url issue
diff --git a/.github/workflows/run-tests-staging-duckdns.yml b/.github/workflows/run-tests-staging-duckdns.yml
@@ -24,6 +24,8 @@ jobs:
         run: test/run-test.sh centos7-duckdns
   test-ubuntu-duckdns:
     runs-on: ubuntu-latest
+    if: always()
+    needs: test-centos7-duckdns
     steps:
       - uses: actions/checkout@v2
       - name: Build the docker-compose stack
diff --git a/.github/workflows/run-tests-staging-dynu.yml b/.github/workflows/run-tests-staging-dynu.yml
@@ -24,6 +24,8 @@ jobs:
         run: test/run-test.sh centos7-dynu
   test-ubuntu-dynu:
     runs-on: ubuntu-latest
+    if: always()
+    needs: test-centos7-dynu
     steps:
       - uses: actions/checkout@v2
       - name: Build the docker-compose stack
diff --git a/getssl b/getssl
@@ -274,6 +274,8 @@
 # 2021-09-30 better error if curl returns 60 (#709)
 # 2021-10-01 Fix -preferred-chain argument (#712)
 # 2021-10-01 Show help if no domain specified (#705)(2.44)
+# 2021-10-08 Extract release tag from release api using awk (fix BSD issues)
+# 2021-10-11 Fix broken upgrade url (#718)(2.45)
 # ----------------------------------------------------------------------------------------
 
 case :$SHELLOPTS: in
@@ -282,7 +284,7 @@ esac
 
 PROGNAME=${0##*/}
 PROGDIR="$(cd "$(dirname "$0")" || exit; pwd -P;)"
-VERSION="2.44"
+VERSION="2.45"
 
 # defaults
 ACCOUNT_KEY_LENGTH=4096
@@ -774,10 +776,8 @@ check_getssl_upgrade() { # check if a more recent release is available
   fi
   local release_data release_tag release_ver local_ver release_desc NEWCMD
   debug "Checking for releases at $RELEASE_API"
-  # Sometimes the json is pretty-printed, sometimes not.  Loosely tied to --user-agent, but not
-  # always.  Normalize it enough to get the 3 elements necessary. Oh, for jq...
   # shellcheck disable=SC2086
-  release_data="$(curl ${_NOMETER:---silent} --user-agent "$CURL_USERAGENT" -H 'Accept: application/vnd.github.v3+json' "$RELEASE_API" | sed -e's/\("[^:]*": *\("[^""]*",\|[^,]*[,}]\)\)/\r\n\1/g')"
+  release_data="$(curl ${_NOMETER:---silent} --user-agent "$CURL_USERAGENT" -H 'Accept: application/vnd.github.v3+json' "$RELEASE_API")"
   errcode=$?
   if [[ $errcode -eq 60 ]]; then
     error_exit "curl needs updating, your version does not support SNI (multiple SSL domains on a single IP)"
@@ -786,8 +786,8 @@ check_getssl_upgrade() { # check if a more recent release is available
   fi
   # Replace error in release description with _error (which is ignored by check_output_for_errors() in the tests)
   debug "${release_data//error/_error}"
-  release_data="$(sed -e's/^ *//g' <<<"${release_data}")"
-  release_tag="$(sed -e'/"tag_name": *"/!d;s/"tag_name": *"\([^""]*\).*$/\1/' <<<"${release_data}")"
+  # awk from https://stackoverflow.com/questions/1761341/awk-print-next-record-following-matched-record
+  release_tag=$(awk -F'"' '/tag_name/ {f=NR} f&&NR-1==f' RS=":|," <<<"${release_data}" | sed -e's/"//g')
   if [[ "${release_tag:0:1}" != 'v' ]] ; then
     if [[ ${_MUTE} -eq 0 ]]; then
       info "The current repository has no releases or is improperly tagged; can't check for upgrades: '$release_tag'"
@@ -827,22 +827,38 @@ check_getssl_upgrade() { # check if a more recent release is available
   # shellcheck disable=SC2086
   debug curl ${_NOMETER:---silent} --user-agent "$CURL_USERAGENT" "$CODE_LOCATION" --output "$TEMP_UPGRADE_FILE"
   # shellcheck disable=SC2086
-  curl ${_NOMETER:---silent} --user-agent "$CURL_USERAGENT" "$CODE_LOCATION" --output "$TEMP_UPGRADE_FILE"
+  status=$(curl ${_NOMETER:---silent} -w "%{http_code}" --user-agent "$CURL_USERAGENT" "$CODE_LOCATION" --output "$TEMP_UPGRADE_FILE")
   errcode=$?
+debug errcode=$errcode
 
   if [[ $errcode -eq 60 ]]; then
     error_exit "curl needs updating, your version does not support SNI (multiple SSL domains on a single IP)"
   elif [[ $errcode -gt 0 ]]; then
     error_exit "curl error downloading release: $errcode"
   fi
 
+  if [[ $status -ne 200 ]]; then
+    error_exit "curl didn't find the updated version of getssl at $CODE_LOCATION"
+  fi
+
   if ! install "$0" "${0}.v${VERSION}"; then
     error_exit "problem renaming old version while updating, check permissions"
   fi
   if ! install -m 700 "$TEMP_UPGRADE_FILE" "$0"; then
     error_exit "problem installing new version while updating, check permissions"
   fi
 
+  check=$(bash "$0" -U -v)
+  release_tag_upper=$(echo "$release_tag" | tr "[:lower:]" "[:upper:]")
+  if [[ "$check" != "getssl ${release_tag_upper}" ]]; then
+    info "problem running new version, rolling back to old version"
+    if ! install "${0}.v${VERSION}" "$0"; then
+      error_exit "problem rolling back, you'll need to manually check $0 and $0.${VERSION}"
+    fi
+    error_exit "problem calling new version; output of $TEMP_UPGRADE_FILE -v was \"$check\", expected \"getssl ${release_tag_upper}\""
+  fi
+
+
   if [[ ${_MUTE} -eq 0 ]]; then
     echo "Updated getssl from v${VERSION} to ${release_tag}"
     echo "The old version remains as ${0}.v${VERSION} and should be removed"
