From 09cafc2285dd171cb2213ece9549993a3321527c Mon Sep 17 00:00:00 2001
From: Roman Kelesidis <roman25052006.kelesh@gmail.com>
Date: Thu, 6 Feb 2025 15:18:18 +0300
Subject: [PATCH] misc(integrity checker): Some enhancements (#1797)

* misc(integrity checker): Some enhancements

* Update build_files_integrity.php

* Create checksum.yml

* Update checksum.yml
---
 .github/workflows/checksum.yml                | 31 +++++++++++++
 .../datastore/build_files_integrity.php       | 43 +++++++++++++------
 2 files changed, 61 insertions(+), 13 deletions(-)
 create mode 100644 .github/workflows/checksum.yml

diff --git a/.github/workflows/checksum.yml b/.github/workflows/checksum.yml
new file mode 100644
index 000000000..fab9ae762
--- /dev/null
+++ b/.github/workflows/checksum.yml
@@ -0,0 +1,31 @@
+name: Generate Checksums
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  generate-checksums:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Generate MD5 checksums
+        run: |
+          find . -type f -not -path "./.git/*" -exec md5sum {} \; > internal_data/checksums.md5
+
+      - name: Commit and push checksums.md5 if changed
+        run: |
+          git config --local user.email "action@github.com"
+          git config --local user.name "GitHub Action"
+
+          if git diff --quiet internal_data/checksums.md5; then
+            echo "No changes in checksums.md5"
+          else
+            git add checksums.md5
+            git commit -m "Update checksums.md5 📄"
+            git push
+          fi
diff --git a/library/includes/datastore/build_files_integrity.php b/library/includes/datastore/build_files_integrity.php
index ce9701672..4825c5bad 100644
--- a/library/includes/datastore/build_files_integrity.php
+++ b/library/includes/datastore/build_files_integrity.php
@@ -20,18 +20,27 @@ if (!$bb_cfg['integrity_check']) {
 $filesList = [];
 $wrongFilesList = [];
 
-$checksumFile = new SplFileObject(CHECKSUMS_FILE, 'r');
+$checksumFile = new SplFileObject(CHECKSUMS_FILE, 'r+');
 $checksumFile->setFlags(SplFileObject::SKIP_EMPTY | SplFileObject::DROP_NEW_LINE);
 
 $ignoreFiles = [
-    '.env.example',
+    '.git/*',
+    '.github/*',
+    '*.md',
+    '*.yml',
+    '*.toml',
+    '*.json',
+    '*.lock',
+    '.env*',
+    'vendor',
+    '.gitignore',
+    '.editorconfig',
     '.htaccess',
-    'CHANGELOG.md',
+    '*/.htaccess',
     'robots.txt',
+    // TorrentPier specific
     'install.php',
     'favicon.png',
-    'composer.json',
-    'composer.lock',
     hide_bb_path(CHECKSUMS_FILE),
     hide_bb_path(BB_ENABLED),
     'library/config.php',
@@ -41,21 +50,29 @@ $ignoreFiles = [
 
 foreach ($checksumFile as $line) {
     $parts = explode('  ', $line);
-    [$hash, $path] = $parts;
-
-    if (!isset($hash) || !isset($path)) {
+    if (!isset($parts[0]) || !isset($parts[1])) {
         // Skip end line
         break;
     }
 
-    if (!empty($ignoreFiles) && in_array($path, $ignoreFiles)) {
-        // Skip files from "Ignoring list"
-        continue;
+    // Skip files from "Ignoring list"
+    if (!empty($ignoreFiles)) {
+        $skip = false;
+        foreach ($ignoreFiles as $pattern) {
+            $pattern = trim($pattern);
+            if (fnmatch($pattern, $parts[1])) {
+                $skip = true;
+                break;
+            }
+        }
+        if ($skip) {
+            continue;
+        }
     }
 
     $filesList[] = [
-        'path' => trim($path),
-        'hash' => trim($hash)
+        'path' => trim($parts[1]),
+        'hash' => trim($parts[0])
     ];
 }