From 99e999b9e020499d39874c0fc287e12c385fb74e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Peter=20Babi=C4=8D?= <peter@peterbabic.dev>
Date: Tue, 6 Apr 2021 15:21:34 +0200
Subject: [PATCH] fix sha256sum recheck

---
 README.md |  4 ++--
 make.sh   | 31 ++++++++++++++++++++++++-------
 2 files changed, 26 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index 1dd55ba..f0df8aa 100644
--- a/README.md
+++ b/README.md
@@ -45,8 +45,8 @@ sudo systemctl start atftpd.service
 
 ## Revert to TP-Link stock firmware
 
-**Important:** Always revert back to the same version in which you switched
-from.
+**Important:** Always revert back to the same stock firmware version which
+was used to prepare the recovery image.
 
 ```bash
 cd firmware
diff --git a/make.sh b/make.sh
index eab5003..5abb843 100755
--- a/make.sh
+++ b/make.sh
@@ -4,24 +4,26 @@ version="19.07.7"
 fprintUrl="https://openwrt.org/docs/guide-user/security/signatures"
 dlUrl="https://downloads.openwrt.org/releases/$version/targets/ramips/mt7620/"
 folderName="openwrt-imagebuilder-$version-ramips-mt7620.Linux-x86_64"
+archive="$folderName.tar.xz"
 
 mkdir -p tmp/ build/
 cd tmp/
 
 sudo pacman -q -S --needed base-devel ncurses zlib gawk git gettext openssl libxslt wget unzip python gnupg
 
+sysupgradeFile="openwrt-$version-ramips-mt7620-ArcherMR200-squashfs-sysupgrade.bin"
 sumsFile="sha256sums"
 ascFile="$sumsFile.asc"
 
-rm $sumsFile*
-wget -q "$dlUrl/$sumsFile"
-wget -q "$dlUrl/$ascFile"
+wget -q "$dlUrl/$ascFile" -O "$ascFile"
+wget -q "$dlUrl/$sumsFile" -O "$sumsFile"
 
 gpgOutput=$(gpg --status-fd 1 --auto-key-retrieve --with-fingerprint --verify "$ascFile") 
 
 if [ $? -eq 0 ]; then
 	echo "SIGNATURE VERIFIED"
 else
+	echo "SIGNATURE INVALID. Exitting."
 	exit 1
 fi
 
@@ -33,18 +35,33 @@ curl -s "$fprintUrl" | grep -o "$fprintFmt"
 if [ $? -eq 0 ]; then
 	echo "FINGERPRINT VERIFIED"
 else
+	echo "FINGERPRINT INVALID. Exiting."
 	exit 1
 fi
 
+touch -a "$sysupgradeFile"
+touch -a "$archive"
 sha256sum --ignore-missing -c "$sumsFile" 
 
 if [ $? -eq 0 ]; then
-	echo "SHA256SUM VERIFIED, no need to redownload"
+	echo "SHA256SUM VERIFIED"
 else
-	rm -rf $folderName*
-	archive="$folderName.tar.xz"
-	wget "$dlUrl/$archive"
+	echo "SHA256SUM INVALID. Attempting new download."
+
+	wget "$dlUrl/$archive" -O "$archive"
+	wget "$dlUrl/$sysupgradeFile" -O "$sysupgradeFile"
+
+	rm -rf "$folderName"
 	tar xJf "$archive"
+
+	sha256sum --ignore-missing -c "$sumsFile" 
+
+	if [ $? -eq 0 ]; then
+		echo "SHA256SUM VERIFIED."
+	else
+		echo "SHA256SUM INVALID. Exiting."
+		exit 1
+	fi
 fi
 
 cd "$folderName"