Do not use dynamic checksum retrieval

That's a security risk, if the source repo is maliciously altered. Let's
add a dedicated script to automatically generate the source files
instead.

README_fr.md

@@ -3,13 +3,13 @@
 [![Niveau d'intégration](https://dash.yunohost.org/integration/jellyfin.svg)](https://dash.yunohost.org/appci/app/jellyfin) ![](https://ci-apps.yunohost.org/ci/badges/jellyfin.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/jellyfin.maintain.svg)  
 [![Installer Jellyfin avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=jellyfin)
 
-*[Read this readme in english.](./README.md)* 
+*[Read this readme in english.](./README.md)*
 
 > *Ce package vous permet d'installer Jellyfin rapidement et simplement sur un serveur YunoHost.  
 Si vous n'avez pas YunoHost, consultez [le guide](https://yunohost.org/#/install) pour apprendre comment l'installer.*
 
 ## Vue d'ensemble
-Jellyfin vous permet de collecter, gérer et diffuser vos médias. Exécutez le serveur Jellyfin sur votre système et accédez au principal système de divertissement à logiciel libre. 
+Jellyfin vous permet de collecter, gérer et diffuser vos médias. Exécutez le serveur Jellyfin sur votre système et accédez au principal système de divertissement à logiciel libre.
 
 **Version incluse :** 10.7.0
 

conf/ffmpeg.src

@@ -0,0 +1,7 @@
+SOURCE_URL=https://repo.jellyfin.org/releases/server/debian/versions/jellyfin-ffmpeg/4.3.1-4/jellyfin-ffmpeg_4.3.1-4-buster_amd64.deb
+SOURCE_SUM=edf655807c120bc53ab1be3c0c2dfa9d2ba9e110419d79b0c6b1c1a5896db854
+SOURCE_SUM_PRG=sha256sum
+SOURCE_FORMAT=deb
+SOURCE_IN_SUBDIR=false
+SOURCE_EXTRACT=false
+SOURCE_FILENAME=jellyfin-ffmpeg.deb

conf/server.src

@@ -0,0 +1,7 @@
+SOURCE_URL=https://repo.jellyfin.org/releases/server/debian/versions/stable/server/10.7.0/jellyfin-server_10.7.0-1_amd64.deb
+SOURCE_SUM=3e2ced1f99167961e341dae674a94d8fd892a857bcc3bba026654ce9284062de
+SOURCE_SUM_PRG=sha256sum
+SOURCE_FORMAT=deb
+SOURCE_IN_SUBDIR=false
+SOURCE_EXTRACT=false
+SOURCE_FILENAME=jellyfin-server.deb

conf/web.src

@@ -0,0 +1,7 @@
+SOURCE_URL=https://repo.jellyfin.org/releases/server/debian/versions/stable/web/10.7.0/jellyfin-web_10.7.0-1_all.deb
+SOURCE_SUM=19cf6bad41176c46950bf5ebb5cfd94efda4582cb898524e0a1ea7576e523af1
+SOURCE_SUM_PRG=sha256sum
+SOURCE_FORMAT=deb
+SOURCE_IN_SUBDIR=false
+SOURCE_EXTRACT=false
+SOURCE_FILENAME=jellyfin-web.deb

manifest.json

@@ -6,7 +6,7 @@
         "en": "Media System that manage and stream your media.",
         "fr": "Système multimédia qui gère et diffuse vos médias."
     },
-    "version": "10.7.0~ynh2",
+    "version": "10.7.0~ynh3",
     "url": "https://github.com/jellyfin/jellyfin",
     "license": "GPL-2.0-only",
     "maintainer": {

scripts/_common.sh

@@ -10,6 +10,8 @@ version=$(echo "$pkg_version" | cut -d '-' -f 1)
 
 ffmpeg_pkg_version="4.3.1-4"
 
+architecture=$(dpkg --print-architecture)
+
 #=================================================
 # PERSONAL HELPERS
 #=================================================

scripts/update_version.sh

@@ -0,0 +1,77 @@
+#!/bin/bash
+
+source _common.sh
+source /usr/share/yunohost/helpers
+
+#=================================================
+# META HELPER FOR PACKAGE RELEASES
+#=================================================
+
+# This script is meant to be manually run by the app packagers
+# to automatically update the source files.
+# Edit version numbers in _common.sh before running the script.
+
+prepare_source () {
+    # Declare an array to define the options of this helper.
+    local legacy_args=tdv
+    local -A args_array=( [t]=template= [d]=destination= )
+    local template
+    local destination
+    # Manage arguments with getopts
+    ynh_handle_getopts_args "$@"
+    local template_path
+
+    if [ -f "../conf/$template" ]; then
+        template_path="../conf/$template"
+    elif [ -f "../settings/conf/$template" ]; then
+        template_path="../settings/conf/$template"
+    elif [ -f "$template" ]; then
+        template_path=$template
+    else
+        ynh_die --message="The provided template $template doesn't exist"
+    fi
+
+    cp "$template_path" "$destination"
+
+    ynh_replace_vars --file="$destination"
+
+    local official_checksum
+    local official_checksum_url
+    local filename
+    local checksum
+    local url
+
+    # Create the temporary directory
+    tempdir="$(mktemp -d)"
+
+    official_checksum_url=$(grep "SOURCE_SUM=" "$destination" | cut -d "=" -f 2)
+    official_checksum=$(curl -L -s "${official_checksum_url}" | cut -d ' ' -f 1)
+    echo $official_checksum
+
+    url=$(grep "SOURCE_URL=" "$destination" | cut -d "=" -f 2)
+    echo $url
+    filename=${url##*/}
+    echo $filename
+    curl -s -4 -L $url -o "$tempdir/$filename"
+    checksum=$(sha256sum "$tempdir/$filename" | head -c 64)
+
+    ynh_secure_remove $tempdir
+
+    if [[ "$official_checksum" != "$checksum" ]]; then
+      echo "Downloaded file checksum ($checksum) does not match official checksum ($official_checksum)"
+      exit 1
+    else
+      sed -i "s/SOURCE_SUM=.*/SOURCE_SUM=${checksum}/" "$destination"
+      echo "$destination updated"
+    fi
+}
+
+prepare_source --template="../conf/ffmpeg.src.default" --destination="../conf/ffmpeg.src"
+prepare_source --template="../conf/web.src.default" --destination="../conf/web.src"
+prepare_source --template="../conf/server.src.default" --destination="../conf/server.src"
+
+sed -i "s#\*\*Shipped version:\*\*.*#\*\*Shipped version:\*\* ${version}#" ../README.md
+sed -i "s#\*\*Version incluse :\*\*.*#\*\*Version incluse :\*\* ${version}#" ../README_fr.md
+sed -i "s#    \"version\": \".*#    \"version\": \"${version}\~ynh1\",#" ../manifest.json
+
+git commit ../README.md ../README_fr.md ../manifest.json ../conf/ffmpeg.src ../conf/web.src ../conf/server.src -m "Upgrade to v$version"