From 093c71f623fb43a1792a80a7ae0fe56e0e5b34e9 Mon Sep 17 00:00:00 2001
From: Adam Dobrawy <naczelnik@jawnosc.tk>
Date: Thu, 25 May 2017 19:41:36 +0200
Subject: [PATCH] Prevent code updates if malicious changes

---
 startup.d/10-git-pull.sh     | 19 +++++++++++++++++++
 startup.d/20-syntax-check.sh |  8 --------
 2 files changed, 19 insertions(+), 8 deletions(-)
 delete mode 100644 startup.d/20-syntax-check.sh

diff --git a/startup.d/10-git-pull.sh b/startup.d/10-git-pull.sh
index 3b727108..09172d07 100755
--- a/startup.d/10-git-pull.sh
+++ b/startup.d/10-git-pull.sh
@@ -1,2 +1,21 @@
 #!/bin/sh
+
+# Prepare code auditing environment
+REPO_URL=$(git remote get-url origin)
+TEST_DIR=$(mktemp -d)
+git clone "$REPO_URL" "$TEST_DIR";
+pushd "$TEST_DIR";
+
+# Code auditing section
+python -m py_compile $(find . -name '*.py');
+if [ "$?" != "0" ]
+then
+  echo "There is syntax error. This may endanger chaos. Pauses updates."
+  exit 45
+fi
+
+# End code auditing section
+popd
+
+git checkout master
 git pull
diff --git a/startup.d/20-syntax-check.sh b/startup.d/20-syntax-check.sh
deleted file mode 100644
index 13bdeb98..00000000
--- a/startup.d/20-syntax-check.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/bash
-
-python -m py_compile $(find . -name '*.py');
-if [ "$?" != "0" ]
-then
-  echo "There is syntax error. This may endanger chaos. Pauses updates."
-  killall bash
-fi