#!/bin/bash # Verify Commands Handler # Re-checks the installed code against the signed release manifest and refreshes # the integrity status the WebUI "Updates" card reads (verify_status.json). cliHandleVerifyCommands() { local verify_type="$initial_command2" case "$verify_type" in ""|"now"|"check") # Run the integrity check, print a human summary, and (re)write # verify_status.json so the WebUI badge reflects the result. cliRunVerify ;; "json"|"status") # Non-interactive: just (re)write verify_status.json. This is what # the WebUI "Verify now" button runs through the task pipeline. webuiSystemVerify "force" ;; *) isNotice "Invalid verify command: ${RED}$verify_type${NC}" cliShowVerifyHelp ;; esac } # Run the check (via webuiSystemVerify, which also rewrites verify_status.json # and leaves the LP_VERIFY_* globals set) and print a readable summary. cliRunVerify() { isHeader "LibrePortal Integrity Check" if ! declare -f webuiSystemVerify >/dev/null 2>&1; then isError "Verification is unavailable on this install." return 1 fi webuiSystemVerify "force" case "$LP_VERIFY_STATE" in verified) isSuccessful "Verified — all ${LP_VERIFY_TOTAL} files match the signed release." ;; modified) isError "Modified — ${LP_VERIFY_MODIFIED} changed, ${LP_VERIFY_MISSING} missing of ${LP_VERIFY_TOTAL} files." if [[ -n "$LP_VERIFY_SAMPLE" ]]; then isNotice "Affected files (sample):" while IFS= read -r _p; do [[ -n "$_p" ]] && echo " - $_p"; done <<< "$LP_VERIFY_SAMPLE" fi ;; tampered) isError "Manifest signature invalid — ${LP_VERIFY_ERROR:-the release manifest cannot be trusted}." ;; unsigned) isNotice "Files match the manifest, but it isn't signed yet (no production key) — can't fully vouch for it." ;; unverifiable) isNotice "${LP_VERIFY_ERROR:-The signed manifest could not be checked.}" ;; *) isNotice "Development build (${CFG_INSTALL_MODE:-git} install) — no signed manifest to verify against." ;; esac }