From 0928becaf56eca4c8c6db3b08c79b8bc03b301c4 Mon Sep 17 00:00:00 2001
From: Reinhard Pointner <reinhard.pointner@gmail.com>
Date: Thu, 13 Apr 2017 19:15:37 +0800
Subject: [PATCH] Sign and verify new release jars with GnuPG

---
 installer/portable/update-filebot.sh | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/installer/portable/update-filebot.sh b/installer/portable/update-filebot.sh
index 542b594e..18b276ba 100755
--- a/installer/portable/update-filebot.sh
+++ b/installer/portable/update-filebot.sh
@@ -27,16 +27,16 @@ PACKAGE_FILE="$APP_ROOT/$PACKAGE_NAME"
 PACKAGE_URL="https://sourceforge.net/projects/filebot/files/filebot/HEAD/$PACKAGE_NAME"
 
 # check if file has changed
-PACKAGE_SHA1_EXPECTED=`curl --retry 5 "$PACKAGE_URL/list" | egrep -o "[a-z0-9]{40}"`
-PACKAGE_SHA1=`sha1sum $PACKAGE_FILE | cut -d' ' -f1`
+PACKAGE_HASH_EXPECTED=`curl --silent --retry 5 "$PACKAGE_URL/list" | egrep -o "\b[a-z0-9]{32}\b"`
+PACKAGE_HASH=`openssl dgst -md5 "$PACKAGE_FILE" | egrep -o "\b[a-z0-9]{32}\b"`
 
-if [ -z "$PACKAGE_SHA1_EXPECTED" ]; then
-	echo "SHA1 hash unknown"
+if [ -z "$PACKAGE_HASH_EXPECTED" ]; then
+	echo "hash unknown"
 	exit 1
 fi
 
-if [ "$PACKAGE_SHA1" == "$PACKAGE_SHA1_EXPECTED" ]; then
-	echo "$PACKAGE_FILE [SHA1: $PACKAGE_SHA1]"
+if [ "$PACKAGE_HASH" == "$PACKAGE_HASH_EXPECTED" ]; then
+	echo "$PACKAGE_FILE [HASH: $PACKAGE_HASH]"
 	exit 0
 fi
 
@@ -44,11 +44,11 @@ echo "Update $PACKAGE_FILE"
 curl -L -o "$PACKAGE_FILE" -z "$PACKAGE_FILE" --retry 5 "$PACKAGE_URL"	# FRS will redirect to (unsecure) HTTP download link
 
 # check if file has been corrupted (or modified) in transit
-PACKAGE_SHA1=`sha1sum $PACKAGE_FILE | cut -d' ' -f1`
-echo "$PACKAGE_FILE [SHA1: $PACKAGE_SHA1]"
+PACKAGE_HASH=`openssl dgst -md5 "$PACKAGE_FILE" | egrep -o "\b[a-z0-9]{32}\b"`
+echo "$PACKAGE_FILE [HASH: $PACKAGE_HASH]"
 
-if [ "$PACKAGE_SHA1" != "$PACKAGE_SHA1_EXPECTED" ]; then
-	echo "SHA1 hash mismatch [SHA1: $PACKAGE_SHA1_EXPECTED]"
+if [ "$PACKAGE_HASH" != "$PACKAGE_HASH_EXPECTED" ]; then
+	echo "HASH hash mismatch [HASH: $PACKAGE_HASH_EXPECTED]"
 	rm -vf "$PACKAGE_FILE"
 	exit 1
 fi