From a6886262fa29bf2cb0400df3b32c3fb3ee2ce6f1 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Thu, 11 May 2017 21:58:11 +0100
Subject: [PATCH] Check hash on ghost download

---
 src/freedombone-app-ghost | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/src/freedombone-app-ghost b/src/freedombone-app-ghost
index 9c8d7210..5f682caa 100755
--- a/src/freedombone-app-ghost
+++ b/src/freedombone-app-ghost
@@ -38,6 +38,7 @@ GHOST_CODE=
 GHOST_ONION_PORT=8104
 GHOST_PORT=2368
 GHOST_VERSION='0.11.8'
+GHOST_HASH='244faad0b16eb1b90c8095f1e536db65299a3a2d85a20af76342be3707522b38'
 GHOST_DOWNLOAD_URL="https://github.com/TryGhost/Ghost/releases/download/${GHOST_VERSION}/Ghost-${GHOST_VERSION}.zip"
 
 ghost_variables=(GHOST_VERSION
@@ -172,6 +173,14 @@ function upgrade_ghost {
         rm -rf /var/www/$GHOST_DOMAIN_NAME
         exit 367245
     fi
+
+    # check the hash
+    hash=$(sha256sum Ghost-${GHOST_VERSION}.zip | awk -F ' ' '{print $1}')
+    if [[ "$hash" != "$GHOST_HASH" ]]; then
+        echo $'ghost hash does not match'
+        exit 729856
+    fi
+
     unzip ghost-${GHOST_VERSION}.zip
     if [ ! -f $GHOST_PATH/index.js ]; then
         echo $'ghost failed to unzip'
@@ -373,6 +382,14 @@ function install_ghost {
         rm -rf /var/www/$GHOST_DOMAIN_NAME
         exit 63892
     fi
+
+    # check the hash
+    hash=$(sha256sum Ghost-${GHOST_VERSION}.zip | awk -F ' ' '{print $1}')
+    if [[ "$hash" != "$GHOST_HASH" ]]; then
+        echo $'ghost hash does not match'
+        exit 729856
+    fi
+
     unzip ghost-${GHOST_VERSION}.zip
     if [ ! -f /var/www/${GHOST_DOMAIN_NAME}/htdocs/index.js ]; then
         echo $'ghost failed to unzip'