mirror of
https://codeberg.org/nobody/LocalCDN.git
synced 2024-12-19 14:42:56 +01:00
1.7 KiB
1.7 KiB
Introduction
This script makes it possible for any user and extension reviewer to verify the integrity of the resources bundled. It compares all libraries with their original sources. Optionally, a local Tor proxy can be used. In total, there are over 1000 files in LocalCDN. This process can take between 5 and 15 minutes.
Prerequisites
- GNU/Linux (Debian, Ubuntu,...)
- Bash >= 4.4
- LocalCDN >= v2.6.3
- Local Tor SOCKS5 Proxy (optional, but recommended)
Settings
- Use local Tor Proxy
USE_TOR=true
slow (~ 15 minutes)USE_TOR=false
fast (~ 4 minutes)
- Generate the THIRD_PARTY.txt file. This file contains all source URLs that were used for the check.
CREATE_THIRD_PARTY_FILE=true
CREATE_THIRD_PARTY_FILE=false
Tor Proxy
- Install Tor Proxy
sudo apt install tor
- e.g. https://linuxconfig.org/install-tor-proxy-on-ubuntu-20-04-linux
- Check Tor
systemctl status tor@default.service
systemctl status tor.service
How to start
Open up a terminal and cd
into this directory. However you run the script, the output can be redirected to a file with > output.txt
- Check all files:
bash audit.sh
bash audit.sh > output.txt
- Check only one library. Choose the folder name from
/resources/
, e.g.jquery
:bash audit.sh jquery
bash audit.sh jquery > output.txt
- Check all files and replace in case of hash mismatch:
bash audit.sh replace
bash audit.sh replace > output.txt
- Check only one library files and replace in case of hash mismatch. Choose the folder name from
/resources/
, e.g.jquery
:bash audit.sh replace jquery
bash audit.sh replace jquery > output.txt