Automate SHA Checksum Checks For Asuswrt-Merlin Firmware With Hazel
When a new firmware is released by Asuswrt-Merlin, the download comes with a checksum file (sha256sum.sha256
) enabling you to check the validity of the firmware you downloaded.
You could do this manually:
james@Jamess-iMac: ~/Downloads/RT-AC66U_380.70_beta1-gc8353dc
$ shasum -a 256 -c sha256sum.sha256
RT-AC66U_380.70_beta1-gc8353dc.trx: OK
However, I automated the check with Hazel and a shell script.
Setup Hazel rules per the image below for your Downloads folder:
Then create each rule shown in the images below:
Old Files
SHASUM Router Firmware
NOTE: change the “name starts with” rule to match the name of your router
Newly Added Files
No longer new Files
The shell script used in the SHASUM Router Firmware rule is shown below and linked here.
#!/usr/bin/env bash
# shellcheck shell=bash
label(){
if [ $# -lt 2 ]; then
echo "USAGE: label [0-7] file1 [file2] ..."
echo "Sets the Finder label (color) for files"
echo "Default colors:"
echo " 0 No color"
echo " 1 Orange"
echo " 2 Red"
echo " 3 Yellow"
echo " 4 Blue"
echo " 5 Purple"
echo " 6 Green"
echo " 7 Gray"
else
/usr/bin/osascript - "$@" << EOF
on run argv
set labelIndex to (item 1 of argv as number)
repeat with i from 2 to (count of argv)
tell application "Finder"
set theFile to POSIX file (item i of argv) as alias
set label index of theFile to labelIndex
end tell
end repeat
end run
EOF
fi
}
file_exists() {
if [ -e "$1" ]; then
return 0
fi
return 1
}
#logger "path is is $PATH"
export PATH="/usr/local/bin:$PATH"
#logger "path is is $PATH"
if ! file_exists "$1"; then
# must exit with zero so Hazel does't retry it
exit 0;
fi
#say "The file $1 matches this rule’s conditions."
logger "Directory is $1"
logger "Checking for shasum binaries"
if hash sha256deep 2> /dev/null; then
logger "found sha256deep"
cmd="sha256deep"
elif shasum -a 256 < /dev/null > /dev/null 2>&1 ; then
logger "found shasum"
cmd="shasum -a 256"
else
logger "No binary found to compute and compare SHA-256 message digests"
osascript -e 'display notification "No binary found to compute and compare SHA-256 message digests" with title "ERROR"'
exit 0;
fi
cd "$1" || exit 0;
firmwareFile=$(ls -- *.trx)
sha256sumFile=$(ls -- *.sha256)
if ! file_exists "$firmwareFile"; then
# must exit with zero so Hazel does't retry it
exit 0;
fi
logger "firmwareFile is $firmwareFile"
if ! file_exists "$sha256sumFile"; then
# must exit with zero so Hazel does't retry it
exit 0;
fi
logger "sha256sumFile is $sha256sumFile"
# yes we could use shasum -a 256 -c sha256sum.sha256, but I don't think sha256deep has
# the same option, so we parse the file
sha256sum=$(awk '{print $1}' "$sha256sumFile")
firmwareFileFromSha256sumFile=$(awk '{print $2}' "$sha256sumFile")
if [ "$firmwareFileFromSha256sumFile" != "$firmwareFile" ]; then
logger "Filename mismatch: $firmwareFileFromSha256sumFile != $firmwareFile"
exit 0;
fi
sha256deepFromFirmware=$($cmd "$firmwareFile" | awk '{print $1}')
if [ "$sha256deepFromFirmware" != "$sha256sum" ]; then
logger "sha256deep mismatch: $sha256deepFromFirmware != $sha256sum set label to red"
label 2 "$1/$firmwareFile" >> /dev/null
#also set folder to green so we don't process it again
label 2 "$1" >> /dev/null
osascript -e 'display notification "shasums mismatch for firmware" with title "INVALID ASUS Firmware"'
exit 0;
else
logger "sha256deep match: $sha256deepFromFirmware == $sha256sum, set label to green"
label 6 "$1/$firmwareFile" >> /dev/null
#also set folder to green so we don't process it again
label 6 "$1" >> /dev/null
osascript -e 'display notification "shasums match for firmware" with title "Valid ASUS Firmware"'
fi
exit 0;